Magic [probably] behind Hex-Rays https://engineering.avast.io/magic-probably-behind-hex-rays/ #reverse #ida #dukeBarman
Basics of hardware hacking - this course shows the basics of hardware hacking using password auhenticaton code as an example https://maldroid.github.io/hardware-hacking/ #reverse #hardware #dukeBarman
Basics of hardware hacking
Welcome!
This course shows the basics of hardware hacking using password auhenticaton code as an example.Created by @maldr0id
Batch Binary Analysis with IDA Pro 7.4 Automation http://irq5.io/2020/05/25/batch-binary-analysis-with-ida-pro-7-4-automation/ #reverse #ida #dukeBarman
irq5.io
Batch Binary Analysis with IDA Pro 7.4 Automation
It is easy to script analysis steps with IDAPython, but now we want to automate this analysis over, let’s say, 10,000 files. I did a quick Google and I couldn’t find a guide on how to p…
One ring (zero) to rule them all (EDR reverse engineering) https://medium.com/@b1tst0rm/one-ring-zero-to-rule-them-all-9ec99d914c68 #reverse #windows #dukeBarman
Medium
One ring (zero) to rule them all.
Part 1
A LoRaWAN Securiy Evaluation Framework https://github.com/seemoo-lab/chirpotle #exploitation #dukeBarman
GitHub
GitHub - seemoo-lab/chirpotle: A LoRaWAN Security Evaluation Framework
A LoRaWAN Security Evaluation Framework. Contribute to seemoo-lab/chirpotle development by creating an account on GitHub.
RuhrSec 2020 #StayAtHome Edition: Code emulation ... radare2's ESIL by Arnau Gàmez i Montolio https://www.youtube.com/watch?v=4ATseh8aRTE #reverse #radare2 #conference #dukeBarman
YouTube
RuhrSec 2020 #StayAtHome Edition: Code emulation ... radare2's ESIL, Arnau Gàmez i Montolio
RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information ...
Due to the coronavirus, we decided to cancel RuhrSec 2020. Thanks to…
🔽 More information ...
Due to the coronavirus, we decided to cancel RuhrSec 2020. Thanks to…
Kopycat 0.3.20 has just been released!
It is a multi-architecture hardware emulation solution which supports the following architectures:
MIPS, ARM, MSP430, v850ES, x86
https://github.com/inforion/kopycat/releases/tag/v0.3.20
#re #hardware #emulation #mips #arm #darw1n
It is a multi-architecture hardware emulation solution which supports the following architectures:
MIPS, ARM, MSP430, v850ES, x86
https://github.com/inforion/kopycat/releases/tag/v0.3.20
#re #hardware #emulation #mips #arm #darw1n
GitHub
Release Release of version 0.3.20 · inforion/kopycat
Kopycat now is a fully open-source project. In this release we have tried to do our best to run different widespread systems on the emulator. Previous release could run STM32F0xx with FreeRTOS oper...
A code-searching/completion tool, for IDA APIs https://github.com/0xKira/api_palette #reverse #ida #dukeBarman
GitHub
GitHub - 0xKira/api_palette: A code-searching/completion tool, for IDA APIs
A code-searching/completion tool, for IDA APIs. Contribute to 0xKira/api_palette development by creating an account on GitHub.
The Basics of Exploit Development 1: Win32 Buffer Overflows https://www.coalfire.com/The-Coalfire-Blog/January-2020/The-Basics-of-Exploit-Development-1 #exploitation #windows #dukeBarman
Coalfire
Coalfire Blog
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.
PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware https://github.com/D4stiny/PeaceMaker #malware #dukeBarman
GitHub
GitHub - D4stiny/PeaceMaker: PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques…
PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware. - D4stiny/PeaceMaker
CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys https://h0mbre.github.io/atillk64_exploit/ #exploitation #exploit #dukeBarman
The Human Machine Interface
CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys
Background
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10) https://github.com/j00ru/windows-syscalls #reverse #windows #dukeBarman
GitHub
GitHub - j00ru/windows-syscalls: Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11) - j00ru/windows-syscalls
BaseSAFE: Baseband SAnitized Fuzzing through Emulation Article: https://arxiv.org/pdf/2005.07797.pdf Source: https://github.com/fgsect/BaseSAFE #fuzzing #dukeBarman
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation https://nebelwelt.net/publications/files/20SEC3.pdf #fuzzing #dukeBarman
Chronicles of a Sandbox Escape: Deep Analysis of CVE-2019-0880 https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html #windows #exploit #dukeBarman
ByteRaptors
Chronicles of a Sandbox Escape: Deep Analysis of CVE-2019-0880
Overview
Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
Article: https://blog.talosintelligence.com/2020/05/dynamic-data-resolver-1-0.html
Source: https://github.com/Cisco-Talos/DynDataResolver
#reverse #IDA #dukeBarman
Article: https://blog.talosintelligence.com/2020/05/dynamic-data-resolver-1-0.html
Source: https://github.com/Cisco-Talos/DynDataResolver
#reverse #IDA #dukeBarman
Cisco Talos Blog
Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta
10/20/20 Update: A new version of this software and associated blog can be found here
Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a…
Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a…
MindShaRE: How to “Just Emulate It With QEMU” https://www.thezdi.com/blog/2020/5/27/mindshare-how-to-just-emulate-it-with-qemu #hardware #dukeBarman
Zero Day Initiative
Zero Day Initiative — MindShaRE: How to “Just Emulate It With QEMU”
MindShaRE is our periodic look at various reverse engineering tips and tricks. The goal is to keep things small and discuss some everyday aspects of reversing. You can view previous entries in this series here .
Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer https://blog.talosintelligence.com/2020/05/astaroth-analysis.html #reverse #malware #dukeBarman
Cisco Talos Blog
Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
By Nick Biasini, Edmund Brumaghin and Nick Lister.
* Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months.
* Complex maze of obfuscation and…
* Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months.
* Complex maze of obfuscation and…
Ansible Security Assessment https://blog.quarkslab.com/ansible-security-assessment.html #exploitation #dukeBarman
Quarkslab
Ansible Security Assessment - Quarkslab's blog
Ansible is an open-source software automating configuration management and software deployment. Ansible is used in Quarkslab to manage our infrastructure and in our product Irma. In order to have an idea of the security of Ansible, we conducted a security…
Advanced Windows exploit development resources https://github.com/FULLSHADE/WindowsExploitationResources #exploitation #windows #dukeBarman
GitHub
GitHub - FULLSHADE/WindowsExploitationResources: Resources for Windows exploit development
Resources for Windows exploit development. Contribute to FULLSHADE/WindowsExploitationResources development by creating an account on GitHub.
Methodology for Static Reverse Engineering of Windows Kernel Drivers https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83 #reverse #windows #dukeBarman
SpecterOps
Blog - SpecterOps
Your new best friend: Introducing BloodHound Community Edition!