241590-Adam/RE-Detective-Malware-Analysis-Training-Platform

# RE Detective – Malware Analysis Training Platform PyQt5-based desktop application for learning malware analysis through progressive CTF challenges. ## What is this project? A complete malware analysis training platform where students analyze simulated malware samples, find flags, and build attack chains. ## Tech Stack | Category | Technologies | |----------|--------------| | GUI | PyQt5 | | Database | SQLite | | Assembly | Custom disassembler with API pattern recognition | | Reporting | PDF/TXT export (ReportLab) | | Language | Python | ## Features ### 6 Progressive CTF Cases | Case | Type | Difficulty | |------|------|------------| | 1 | Fake Keylogger | Easy | | 2 | Trojanized Calculator | Easy | | 3 | Packed Downloader | Medium | | 4 | Anti-Debug RAT | Medium | | 5 | Buffer Overflow Exploit | Hard | | 6 | Multi-Stage Malware (APT) | Hard | ### Assembly Disassembler - Real assembly listing from binary analysis - API pattern recognition (SetWindowsHookEx, CreateRemoteThread, etc.) - Generated assembly from strings and imports ### Detective Board - Interactive drag-drop node graph for attack chain reconstruction - Arrow-based connections between evidence - Save/load board state ### Progressive Hint System - Hint costs 50% of flag points - Flag N hint unlocks after Flag N-1 solved - Points deducted automatically ### SOC Dashboard - Case selection with status tracking - Real-time score updates - Threat meter based on progress ### Report Export - PDF export with ReportLab - TXT export (no dependencies) - Includes: case summary, submitted flags, high-risk evidence, analyst notes ## Quick Start ### Prerequisites pip install PyQt5 reportlab Run the Application bash python main.py Default Login Username: analyst (auto-created) Project Structure text re_detective_final/ ├── main.py # Entry point ├── database/ │ └── db_manager.py # SQLite operations ├── core/ │ └── case_engine.py # Case logic ├── gui/ │ ├── main_window.py # Main window │ ├── dashboard.py # Dashboard panel │ ├── case_select.py # Case selection │ ├── workspace.py # Investigation workspace │ ├── detective_board.py # Attack chain graph │ ├── challenge_panel.py # CTF challenges │ ├── hint_panel.py # Hint purchase system │ ├── timeline_panel.py # Activity log │ └── theme.py # Dark theme styling ├── reports/ │ └── report_exporter.py # PDF/TXT export └── data/ ├── re_detective.db # SQLite database └── cases_config/ └── cases.json # Case definitions Sample CTF Flags Case Flag Example Keylogger FLAG{SETWINDOWSHOOKEX} Trojan FLAG{UPDATE-SERVICE.NET} Packed FLAG{7.91} Why This Project Matters ✅ Reverse Engineering: Assembly analysis and API recognition ✅ CTF Experience: 6 progressive challenges with flags ✅ Full Desktop App: PyQt5 GUI with professional styling ✅ Attack Chain Visualization: Drag-drop graph for blue team reporting Author Muhammad Zain Tanveer