PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and more. This tool operates entirely offline once the data has been fetched, ensuring that your analyses can continue even without an internet connection.
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
GitHub
GitHub - xaitax/PatchaPalooza: A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. - xaitax/PatchaPalooza
π2β€1
LdrLibraryEx a small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
#tools #redteam #dev
https://github.com/Cracked5pider/LdrLibraryEx
#tools #redteam #dev
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
π4π3β€1π₯1
Use the free Microsoft bing's gpt with ida pro, to perform free analyzes!
https://github.com/p1ay8y3ar/idaBingGPTPlugin
#tools #reverse #idapro #ai
https://github.com/p1ay8y3ar/idaBingGPTPlugin
#tools #reverse #idapro #ai
π8β€6π₯3π1
Reverse Engineering Go Binaries with Ghidra (Part 1)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
R0 CREW
Reverse Engineering Go Binaries with Ghidra (Part 1)
Source: cujo.com Go (also called Golang) is an open source programming language designed by Google in 2007 and made available to the public in 2012. It gained popularity among developers over the years, but itβs not always used for good purposes. As it oftenβ¦
π₯10π6β€2
vmp-3.5.1.zip
20.2 MB
VMProtect Source Code (Leaked 07.12.2023)
mirror:
https://github.com/jmpoep/vmprotect-3.5.1
#tools #source #leaked #vmp #protector
intel.cc and processors.cc included
mirror:
https://github.com/jmpoep/vmprotect-3.5.1
#tools #source #leaked #vmp #protector
π₯48β€7π3π1
Titan is a VMProtect devirtualizer
https://github.com/archercreat/titan
#tools #reverse #devirt #devirtualizer #vmp #protector
https://github.com/archercreat/titan
#tools #reverse #devirt #devirtualizer #vmp #protector
GitHub
GitHub - archercreat/titan: Titan is a VMProtect devirtualizer
Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.
π₯21β€10π4π3
Mergen converts Assembly code into LLVM IR, a process known as lifting. It leverages the LLVM optimization pipeline for code optimization and constructs control flow through pseudo-emulation of instructions. Unlike typical emulation, Mergen can handle unknown values, easing the detection of opaque branches and theoretically enabling exploration of multiple code branches.
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
GitHub
GitHub - NaC-L/Mergen: Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
Deobfuscation via optimization with usage of LLVM IR and parsing assembly. - NaC-L/Mergen
π24β€8π₯°4π2
xVMP is an LLVM IR-based code virtualization tool, which fulfilled a scalable and virtualized instruction-hardened obfuscation. It supports multiple programming languages, and architectures. It is also compatible with existing LLVM IR-based obfuscation schemes (such as Obfuscator-LLVM).
xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.
https://github.com/GANGE666/xVMP
#virtualization #obfuscation #alekum
xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.
https://github.com/GANGE666/xVMP
#virtualization #obfuscation #alekum
GitHub
GitHub - GANGE666/xVMP
Contribute to GANGE666/xVMP development by creating an account on GitHub.
π₯8π4β€1
Keystone / Capstone Replacement
Nyxstone is a powerful assembly and disassembly library based on LLVM. It doesnβt require patches to the LLVM source tree and links against standard LLVM libraries available in most Linux distributions. Implemented as a C++ library, Nyxstone also offers Rust and Python bindings. It supports all official LLVM architectures and allows to configure architecture-specific target settings.
GitHub: https://github.com/emproof-com/nyxstone
Blog: https://www.emproof.com/introducing-nyxstone-an-llvm-based-disassembly-framework/
Nyxstone is a powerful assembly and disassembly library based on LLVM. It doesnβt require patches to the LLVM source tree and links against standard LLVM libraries available in most Linux distributions. Implemented as a C++ library, Nyxstone also offers Rust and Python bindings. It supports all official LLVM architectures and allows to configure architecture-specific target settings.
GitHub: https://github.com/emproof-com/nyxstone
Blog: https://www.emproof.com/introducing-nyxstone-an-llvm-based-disassembly-framework/
GitHub
GitHub - emproof-com/nyxstone: Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Pythonβ¦
Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com - emproof-com/nyxstone
π8π6π₯6
Thread-Name Calling - A new process injection technique using Thread Name.
The code to be injected is passed as a thread description to the target.
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
#redteam #inject
The code to be injected is passed as a thread description to the target.
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
#redteam #inject
Check Point Research
Thread Name-Calling - using Thread Name for offense - Check Point Research
Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memoryβ¦
π₯10π₯°2
The installation package for IDA Pro 9.0 Beta 2 available without password.
https://out5.hex-rays.com/beta90_6ba923/
Forum for discussion:
https://forum.reverse4you.org/t/ida-pro-9-0-beta/20459
Chat for discussion:
https://xn--r1a.website/r0_chat/1
#tools #reverse #idapro #windows #linux #macos
https://out5.hex-rays.com/beta90_6ba923/
Forum for discussion:
https://forum.reverse4you.org/t/ida-pro-9-0-beta/20459
Chat for discussion:
https://xn--r1a.website/r0_chat/1
#tools #reverse #idapro #windows #linux #macos
π₯24π8
DJI - The ART of obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
π₯9β€5π2π΄2
LayeredSyscall β Abusing VEH to Bypass EDRs
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
#redteam #edr #hook #bypass
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
#redteam #edr #hook #bypass
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
π₯6π΄3β€2π1
Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically.
https://github.com/frkngksl/Shoggoth
#redteam
https://github.com/frkngksl/Shoggoth
#redteam
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
π8π΄3π2
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.
https://github.com/EgeBalci/sgn
#redteam #golang
https://github.com/EgeBalci/sgn
#redteam #golang
GitHub
GitHub - EgeBalci/sgn: Shikata ga nai (δ»ζΉγγͺγ) encoder ported into go with several improvements
Shikata ga nai (δ»ζΉγγͺγ) encoder ported into go with several improvements - EgeBalci/sgn
π₯3π€2π1
How to Bypass Golang SSL Verification
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
#golang #ssl #bypass #reverse #web #pentest
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
#golang #ssl #bypass #reverse #web #pentest
Cyberark
How to Bypass Golang SSL Verification
Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...
π€5π2
V8 Sandbox escape/bypass/violation and VR collection
https://github.com/xv0nfers/V8-sbx-bypass-collection
#v8 #sandbox #escape
https://github.com/xv0nfers/V8-sbx-bypass-collection
#v8 #sandbox #escape
GitHub
GitHub - xv0nfers/V8-sbx-bypass-collection
Contribute to xv0nfers/V8-sbx-bypass-collection development by creating an account on GitHub.
π₯6
C++ Unwind Exception Metadata: a Hidden Reverse Engineering Bonanza
https://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1
#reverse #cpp #type #reconstruction #hints
https://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1
#reverse #cpp #type #reconstruction #hints
MΓΆbius Strip Reverse Engineering
C++ Unwind Exception Metadata: A Hidden Reverse Engineering Bonanza β MΓΆbius Strip Reverse Engineering
The worst part of reverse engineering C++ programs -- or really, any program that uses custom structure types with no definitions provided -- is that information about structures is often incomplete, sporadic, and isolated. Consider the following function:
π₯4
POC for trigerring CVE-2024-38063 (RCE in tcpip.sys)
https://github.com/ynwarcs/CVE-2024-38063
#expdev #poc
https://github.com/ynwarcs/CVE-2024-38063
#expdev #poc
GitHub
GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys)
poc for CVE-2024-38063 (RCE in tcpip.sys). Contribute to ynwarcs/CVE-2024-38063 development by creating an account on GitHub.
β€10π3
Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
#expdev #poc
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
#expdev #poc
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
π11π2
Native function and Assembly Code Invocation
https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/
#reverse #idapro
https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/
#reverse #idapro
Check Point Research
Native function and Assembly Code Invocation - Check Point Research
Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases it is just possible to understand the function logic and reimplement it in a higher-levelβ¦
π₯10π4π₯°2π€1