An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
Möbius Strip Reverse Engineering
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra — Möbius Strip Reverse Engineering
This blog entry announces the release of an abstract interpretation-based Ghidra plugin for deobfuscation. The code can be found here (see the ‘Releases’ tab for a binary release). In view of the picture below, the static analysis described herein is designed…
PoC for CVE-2018-18500 - Firefox Use-After-Free
https://github.com/sophoslabs/CVE-2018-18500/
#re #expdev #browser #uaf #poc #darw1n
https://github.com/sophoslabs/CVE-2018-18500/
#re #expdev #browser #uaf #poc #darw1n
GitHub
GitHub - sophoslabs/CVE-2018-18500: PoC for CVE-2018-18500 - Firefox Use-After-Free
PoC for CVE-2018-18500 - Firefox Use-After-Free. Contribute to sophoslabs/CVE-2018-18500 development by creating an account on GitHub.
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
https://habr.com/ru/company/pt/blog/448378/
#re #expdev #bof #dhcp #darw1n
https://habr.com/ru/company/pt/blog/448378/
#re #expdev #bof #dhcp #darw1n
Хабр
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
Изображение: Pexels С выходом январских обновлений для Windows новость о критически опасной уязвимости CVE-2019-0547 в DHCP-клиентах всколыхнула общественность. Подогревали интерес высокий рейтинг...
Malware Theory - PE Malformations and Anomalies https://www.youtube.com/watch?v=-0DEEbQq8jU #malware #newbie #dukeBarman
YouTube
Malware Theory - PE Malformations and Anomalies
We explore malformations and anomalies of the Portable Executable format. What kinds of malformations exist, why do they occur and how do they affect PE file parsers?
My malware analysis course for beginners: https://www.udemy.com/course/windows-malware…
My malware analysis course for beginners: https://www.udemy.com/course/windows-malware…
Some part of FIN7 (aka CARBANK) source code has leaked to VirusTotal:
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
Google Cloud Blog
CARBANAK Week Part One: A Rare Occurrence | Google Cloud Blog
We kick off CARBANAK Week with the first post in our four-part blog series.
Deobfuscating APT32 Flow Graphs with Cutter and Radare2 https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/ #radare2 #malware #dukeBarman
Check Point Research
Deobfuscating APT32 Flow Graphs with Cutter and Radare2 - Check Point Research
Research by: Itay Cohen The Ocean Lotus group, also known as APT32, is a threat actor which has been known to target East Asian countries such as Vietnam, Laos and the Philippines. The group strongly focuses on Vietnam, especially private sector companies…
How to reverse malware on macOS:
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
SentinelOne
How to Reverse Malware on macOS Without Getting Infected | Part 1
Ever wanted to learn how to reverse malware on Apple macOS? This is the place to start! Join us in this 3-part series on macOS reverse engineering skills.
Android App Reverse Engineering 101 https://maddiestone.github.io/AndroidAppRE/ #android #reverse #newbie #dukeBarman
Для тех студентов, что хотят интересно и познавательно провести лето 2019, развиваться в области ИБ, компания Digital Security снова открывает набор на "Summ3r 0f h4ck" в Санкт-Петербурге https://habr.com/ru/company/dsec/blog/450036/ #traineeship #dukeBarman
Хабр
Summ3r 0f h4ck: стажировка Digital Security 2019
Digital Security, одна из крупнейших консалтинговых компаний в области ИБ, приглашает на программу летней стажировки «Summ3r 0f h4ck» в Санкт-Петербурге. Summ3r 0f h4ck пройдёт с 15 июля по 15 августа...
A Python implementation of IDA FindCrypt/FindCrypt2 plugin https://github.com/you0708/ida/tree/master/idapython_tools/findcrypt #ida #reverse #dukeBarman
GitHub
ida/idapython_tools/findcrypt at master · you0708/ida
IDA related stuff. Contribute to you0708/ida development by creating an account on GitHub.
Hello everyone! Finally, our forum has moved to a new engine. The forum has two main languages for communication. This is English and Russian. But English has priority now.
https://www.reverse4you.org
https://www.reverse4you.org
Slides from #ghidra workshop INFILTRATE 2019 https://github.com/0xAlexei/INFILTRATE2019/blob/master/INFILTRATE%20Ghidra%20Slides.pdf #reverse #dukeBarman
GitHub
INFILTRATE2019/INFILTRATE Ghidra Slides.pdf at master · 0xAlexei/INFILTRATE2019
INFILTRATE 2019 Demo Materials. Contribute to 0xAlexei/INFILTRATE2019 development by creating an account on GitHub.
How To Do Firmware Analysis. Tools, Tips, and Tricks https://www.pentestpartners.com/security-blog/how-to-do-firmware-analysis-tools-tips-and-tricks/ #hardware #reverse #dukeBarman
Pen Test Partners
How To Do Firmware Analysis. Tools, Tips, and Tricks | Pen Test Partners
So, you’ve got a firmware dump. Perhaps a raw read off a chip? An update file you downloaded off the internet? Now what? Taking a firmware dump and turning it into something useful can sometimes be painful. Sometimes you’ll be faced with proprietary (barely…
SAFE (Self Attentive Function Embedding) - compute binary function embeddings to find out if two functions are similar or not. Based on radare2. github: https://github.com/gadiluna/SAFE Article: https://medium.com/@massarelli/safe-self-attentive-function-embedding-d80abbfea794 #reverse #radare2 #dukeBarman
GitHub
GitHub - gadiluna/SAFE: SAFE: Self-Attentive Function Embeddings for binary similarity
SAFE: Self-Attentive Function Embeddings for binary similarity - gadiluna/SAFE
Working With Ghidra P-Code To Identify Vulnerable Function Calls https://www.riverloopsecurity.com/blog/2019/05/pcode/ #ghidra #dukeBarman
River Loop Security
Working With Ghidra’s P-Code To Identify Vulnerable Function …
Cybersecurity solutions for the whole lifecycle of IoT and embedded systems.
A set of Linux binary exploitation tasks for beginners https://github.com/xairy/easy-linux-pwn #exploit #dukeBarman
GitHub
GitHub - xairy/easy-linux-pwn: A set of Linux binary exploitation tasks for beginners on various architectures
A set of Linux binary exploitation tasks for beginners on various architectures - xairy/easy-linux-pwn