WinDivert is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10. It enables user-mode capturing/modifying/dropping of network packets sent to/from the Windows network stack.
https://github.com/basil00/Divert
#tools #pentest #packets #windows #darw1n
https://github.com/basil00/Divert
#tools #pentest #packets #windows #darw1n
GitHub
GitHub - basil00/WinDivert: WinDivert: Windows Packet Divert
WinDivert: Windows Packet Divert. Contribute to basil00/WinDivert development by creating an account on GitHub.
SheLLVM is a collection of LLVM transform and analysis passes to write shellcode (or another words to write position-independent "load anywhere and jump to the beginning" machine code) in regular C.
https://github.com/SheLLVM/SheLLVM
#tools #reverse #shellcode #llvm #darw1n
https://github.com/SheLLVM/SheLLVM
#tools #reverse #shellcode #llvm #darw1n
GitHub
GitHub - SheLLVM/SheLLVM: A collection of LLVM transform and analysis passes to write shellcode in regular C
A collection of LLVM transform and analysis passes to write shellcode in regular C - SheLLVM/SheLLVM
Understanding and Abusing Process Tokens β Part I
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
Understanding and Abusing Access Tokens β Part II
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
#malware #reverse #lpe #windows #internals #darw1n
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
Understanding and Abusing Access Tokens β Part II
https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962
#malware #reverse #lpe #windows #internals #darw1n
Medium
Understanding and Abusing Process Tokens β Part II
Now, considering the knowledge gained earlier in Part I, letβs understand SeImpersonatePrivilege which the administrator account has byβ¦
CVE-2020-1054 Analysis https://0xeb-bp.github.io/blog/2020/06/15/cve-2020-1054-analysis.html #exploitation #dukeBarman
Symbolic execution with SYMCC http://www.s3.eurecom.fr/tools/symbolic_execution/symcc.html
Article: http://www.s3.eurecom.fr/docs/usenixsec20_symcc.pdf
Source: https://github.com/eurecom-s3/symcc
#reverse #fuzzing #dukeBarman
Article: http://www.s3.eurecom.fr/docs/usenixsec20_symcc.pdf
Source: https://github.com/eurecom-s3/symcc
#reverse #fuzzing #dukeBarman
www.s3.eurecom.fr
SymCC | S3
The S3 Software and System Security Group @ EURECOM website.
Hexrays Toolbox - Find code patterns within the Hexrays AST https://github.com/patois/HexraysToolbox #reverse #IDA #dukeBarman
GitHub
GitHub - patois/HexraysToolbox: Hexrays Toolbox - Find code patterns within the Hexrays ctree
Hexrays Toolbox - Find code patterns within the Hexrays ctree - patois/HexraysToolbox
A Ghidra processor module for the EFI Byte Code (EBC) https://github.com/meromwolff/Ghidra-EFI-Byte-Code-Processor #reverse #uefi #hardware #ghidra #dukeBarman
GitHub
GitHub - meromwolff/Ghidra-EFI-Byte-Code-Processor: A Ghidra processor module for the EFI Byte Code (EBC)
A Ghidra processor module for the EFI Byte Code (EBC) - meromwolff/Ghidra-EFI-Byte-Code-Processor
IDA Pro 7.5 SP1 released https://www.hex-rays.com/blog/ida-pro-7-5-sp1-released/ #reverse #ida #dukeBarman
Tools used during the reversing of the Nikon firmware https://github.com/simeonpilgrim/nikon-firmware-tools #reverse #hardware #ida #dukeBarman
GitHub
GitHub - simeonpilgrim/nikon-firmware-tools: Tools used during the reversing of the Nikon firmware
Tools used during the reversing of the Nikon firmware - simeonpilgrim/nikon-firmware-tools
Cracking BattlEye packet encryption
https://secret.club/2020/06/19/battleye-packet-encryption.html
#reverse #jeisonwi
https://secret.club/2020/06/19/battleye-packet-encryption.html
#reverse #jeisonwi
secret club
Cracking BattlEye packet encryption
Recently, Battlestate Games, the developers of Escape From Tarkov, hired BattlEye to implement encryption on networked packets so that cheaters canβt capture these packets, parse them and use them for their advantage in the form of radar cheats, or otherwise.β¦
tiny_tracer - A Pin Tool for tracing API calls etc https://github.com/hasherezade/tiny_tracer #reverse #dbi #dukeBarman
GitHub
GitHub - hasherezade/tiny_tracer: A Pin Tool for tracing API calls etc
A Pin Tool for tracing API calls etc. Contribute to hasherezade/tiny_tracer development by creating an account on GitHub.
The Intezer Analyze IDA Pro plugin is now available to community users https://intezer.com/blog/intezer-analyze/ida-pro-plugin-now-available-to-the-community/ #reverse #ida #malware #dukeBarman
Intezer
IDA Pro Plugin Now Available to the Community
Accelerate reverse engineering by enriching every function of disassembled machine code with info about where the code was seen previously.
efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation https://github.com/binarly-io/efiXplorer #reverse #ida #uefi #dukeBarman
UEFI scanner brings Microsoft Defender ATP protection to a new level https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/ #uefi #malware #dukeBarman
Microsoft News
UEFI scanner brings Microsoft Defender ATP protection to a new level
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment.
OSX.EvilQuest Uncovered analyzing a new piece of mac ransomware (and more!) https://objective-see.com/blog/blog_0x59.html #reverse #malware #macos #dukeBarman
objective-see.org
OSX.EvilQuest Uncovered
part i: infection, persistence, and more!
BinaryAI Python SDK - Neural Search Engine for binaries https://github.com/binaryai/sdk #reverse #ida #dukeBarman
GitHub
GitHub - binaryai/sdk: Get results of binaryai.cn using our SDK
Get results of binaryai.cn using our SDK. Contribute to binaryai/sdk development by creating an account on GitHub.