Karta β Matching Open Sources in Binaries
https://research.checkpoint.com/karta-matching-open-sources-in-binaries/ #reverse #ida #dukeBarman
https://research.checkpoint.com/karta-matching-open-sources-in-binaries/ #reverse #ida #dukeBarman
Check Point Research
Karta β Matching Open Sources in Binaries - Check Point Research
Research by: Eyal Itkin Introduction βKartaβ (Russian for βmapβ) is a source code assisted binary matching plugin for IDA. The plugin was developed to match symbols for an open source library in a very large binary, usually a firmware file. For those whoβ¦
New C++ library for extending and consuming the WinDbg debugger data model https://github.com/Microsoft/WinDbg-Libraries/tree/master/DbgModelCppLib #windbg #debugger #dukeBarman
GitHub
WinDbg-Libraries/DbgModelCppLib at master Β· microsoft/WinDbg-Libraries
Libraries for extending WinDbg and its underlying components. - WinDbg-Libraries/DbgModelCppLib at master Β· microsoft/WinDbg-Libraries
https://securelist.com/hacking-microcontroller-firmware-through-a-usb/89919/ #hardware #reverse #dukeBarman
Securelist
Hacking microcontroller firmware through a USB
I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device.
DynamoRIO coverage visualization for cutter https://github.com/oddcoder/CutterDRcov #radare2 #dbi #dukeBarman
GitHub
GitHub - rizinorg/CutterDRcov: DynamoRIO coverage visualization for cutter
DynamoRIO coverage visualization for cutter. Contribute to rizinorg/CutterDRcov development by creating an account on GitHub.
Defeating Userland Hooks (ft. Bitdefender) https://0x00sec.org/t/defeating-userland-hooks-ft-bitdefender/12496 #debugger #dukeBarman
0x00sec - The Home of the Hacker
Defeating Userland Hooks (ft. Bitdefender)
It has been brought to my attention by @lkw of a recent Cylance bypass that would allow an application to dump memory from the lsass.exe process. The article discusses the issues of userland hooks employed by the EDR to detect the use of the ReadProcessMemoryβ¦
Reverse Engineering Gootkit with Ghidra Part I https://dannyquist.github.io/gootkit-reversing-ghidra/#malware #ghidra #dukeBarman
dannyquist.github.io
Reverse Engineering Gootkit with Ghidra Part I
Ghidra is pretty handy for looking at malware. This series of post is an informal overview of what I do. Gootkit is a great implant to learn the functionality of Ghidra. Gootkit is a NodeJS server with packaged Javascript implementing the implant functionality.β¦
Someone published the source code of the GAPZ bootkit:
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
#vx #rootkit #bootkit #re #source #leak #darw1n
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
#vx #rootkit #bootkit #re #source #leak #darw1n
GitHub
GitHub - Darkabode/zerokit: Zerokit/GAPZ rootkit (non buildable and only for researching)
Zerokit/GAPZ rootkit (non buildable and only for researching) - Darkabode/zerokit
Analysis of a Chrome Zero Day: CVE-2019-5786
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
#re #expdev #browser #filereader #win32 #darw1n
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
#re #expdev #browser #filereader #win32 #darw1n
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?
https://blog.xpnsec.com/becoming-system/
#re #expdev #getsystem #meterpeter #howitworks #darw1n
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?
https://blog.xpnsec.com/becoming-system/
#re #expdev #getsystem #meterpeter #howitworks #darw1n
XPN InfoSec Blog
@_xpn_ - Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique worksβ¦
How to bypass Instagram SSL Pinning on Android (v78)
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
#re #android #sslpinning #instagram #darw1n
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
#re #android #sslpinning #instagram #darw1n
mkYARA - generating YARA rules based on binary code https://github.com/fox-it/mkyara #ida #reverse #dukeBarman
GitHub
GitHub - fox-it/mkYARA: Generating YARA rules based on binary code
Generating YARA rules based on binary code. Contribute to fox-it/mkYARA development by creating an account on GitHub.
Part 2 of Heap Exploitation series: Understanding the Glibc Heap: Free, Bins, Tcache https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/ #exploit #dukeBarman
Azeria-Labs
Heap Exploitation Part 2: Understanding the Glibc Heap Implementation
Migrated IDA Pro FindCrypt plugin to Ghidra https://github.com/d3v1l401/FindCrypt-Ghidra #ghidra #reverse #dukeBarman
GitHub
GitHub - d3v1l401/FindCrypt-Ghidra: IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database
IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database - d3v1l401/FindCrypt-Ghidra
A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/ #ghidra #reverse #dukeBarman
r2frida v3.4.0 was released https://github.com/nowsecure/r2frida/releases/tag/v3.4.0 #radare2 #frida #dukeBarman
Ghidra Plugin Development for Vulnerability Research - Part-1 https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1 #ghidra #dukeBarman
Somerset Recon
Ghidra Plugin Development for Vulnerability Research - Part-1 β Somerset Recon
Overview On March 5th at the RSA security conference, the National Security Agency (NSA) released a reverse engineering tool called Ghidra. Similar to IDA Pro, Ghidra is a disassembler and decompiler with many powerful features (e.g., plugin support,β¦