Using Qiling to resolve obfuscated import on windows https://gist.github.com/y0ug/b83fcf121f80d419c8d5eb342ca31a59 #reverse #ida #malware #dukeBarman
Gist
Using Qiling to resolve obfuscated import on windows
Using Qiling to resolve obfuscated import on windows - _IAT_qiling.py
Ghidra for Linux on Arm (64-bit) https://assets.checkra.in/labo/ghidra/ #reverse #ghidra #arm #dukeBarman
Automated dynamic import resolving using binary emulation (and integrating Qiling to Ghidra with https://github.com/justfoxing/ghidra_bridge project) https://lopqto.me/posts/automated-dynamic-import-resolving #reverse #ghidra #dukeBarman
GitHub
GitHub - justfoxing/ghidra_bridge: Python 3 bridge to Ghidra's Python scripting
Python 3 bridge to Ghidra's Python scripting. Contribute to justfoxing/ghidra_bridge development by creating an account on GitHub.
Attacking the Qualcomm Adreno GPU https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html #exploitation #dukeBarman
Blogspot
Attacking the Qualcomm Adreno GPU
Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a...
FuzzCon Europe 2020 - Fuzz Your Software https://www.youtube.com/playlist?list=PLI0R_0_8-TV4JArtdlgnuPtgXALZxAYqu #videos #conference #fuzzing #fuzzcon #dukeBarman
YouTube
FuzzCon Europe 2020 - Fuzz Your Software
This playlist includes all talks from FuzzConEurope 2020. For access to the slides, visit: https://www.fuzzcon.eu/sign-up-recording
Lucid is a new and interactive IDA plugin that makes it effortless to study the Hex-Rays microcode as it flows through the decompilation pipeline:
BLOG: https://blog.ret2.io/2020/09/11/lucid-hexrays-microcode-explorer/
CODE: https://github.com/gaasedelen/lucid
#reverse #uefi #ida #KosBeg
BLOG: https://blog.ret2.io/2020/09/11/lucid-hexrays-microcode-explorer/
CODE: https://github.com/gaasedelen/lucid
#reverse #uefi #ida #KosBeg
RET2 Systems Blog
Lucid: An Interactive Hex-Rays Microcode Explorer
Recently, we blogged about the Hex-Rays microcode that powers the IDA Pro decompiler. We showed how a few days spent hacking on the microcode API could drama...
Reverse-engineering the first FPGA chip, the XC2064 http://www.righto.com/2020/09/reverse-engineering-first-fpga-chip.html #reverse #hardware #dukeBarman
Righto
Reverse-engineering the first FPGA chip, the XC2064
A Field-Programmable Gate Array (FPGA) can implement arbitrary digital logic, anything from a microprocessor to a video generator or crypt...
ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
ARM64 Reversing and Exploitation Part 2 - Use After Free http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
ARM64 Reversing and Exploitation Part 3 - A Simple ROP Chain http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
#reverse #arm #exploitation #dukeBarman
ARM64 Reversing and Exploitation Part 2 - Use After Free http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
ARM64 Reversing and Exploitation Part 3 - A Simple ROP Chain http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
#reverse #arm #exploitation #dukeBarman
Prateekg147
ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow
Hi Everyone ! In this blog series, we will be understanding the ARM instruction set and using that to reverse ARM Binaries followed by writing exploits for them. So letβs start with the basics of ARM64.
A Binary Ninja plugin for vulnerability research https://github.com/Martyx00/VulnFanatic/ #reverse #binaryninja #dukeBarman
GitHub
GitHub - Martyx00/VulnFanatic: A Binary Ninja plugin for vulnerability research.
A Binary Ninja plugin for vulnerability research. Contribute to Martyx00/VulnFanatic development by creating an account on GitHub.
GammaRay is a tool to poke around in a Qt-application and also to manipulate the application to some extent.
https://github.com/KDAB/GammaRay
#reverse #tools #inspect #qt #darw1n
https://github.com/KDAB/GammaRay
#reverse #tools #inspect #qt #darw1n
GitHub
GitHub - KDAB/GammaRay: GammaRay is a tool to poke around in a Qt-application and also to manipulate the application to some extent.
GammaRay is a tool to poke around in a Qt-application and also to manipulate the application to some extent. - KDAB/GammaRay
Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629) https://raelize.com/posts/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/ #exploitation #hardware #dukeBarman
efiXplorer v2.0 [Hex-Rays Contest Edition] https://github.com/binarly-io/efiXplorer/releases/tag/v2.0 #ida #hardware #uefi #dukeBarman
GitHub
Release efiXplorer v2.0 [Hex-Rays Contest Edition] Β· binarly-io/efiXplorer
[new feature] UEFI image loader (loading the whole image to IDA Pro)
Support of analyzing 32-bit images
Support of analyzing SMM images
[new feature] PEI images analyzer
Multiple improvements and f...
Support of analyzing 32-bit images
Support of analyzing SMM images
[new feature] PEI images analyzer
Multiple improvements and f...
Time Travel Debugging - JavaScript Automation https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-javascript-automation #reverse #debugger #windbg #dukeBarman
Docs
Time Travel Debugging - JavaScript Automation - Windows drivers
This section describes how to use JavaScript automation to work with TTD traces.
An emulator powered by Qiling to deobfuscate/decrypt VAC3 modules https://github.com/ioncodes/vacation3-emu #reverse #dukeBarman
GitHub
GitHub - ioncodes/vacation3-emu: VAC3 (Valve Anti-Cheat 3) module emulator
VAC3 (Valve Anti-Cheat 3) module emulator. Contribute to ioncodes/vacation3-emu development by creating an account on GitHub.
Step-through debugging with no debugger on Cortex-M https://interrupt.memfault.com/blog/cortex-m-debug-monitor #hardware #debugger #dukeBarman
Interrupt
Step-through debugging with no debugger on Cortex-M
An exploration of how to debug running devices by taking advantage of debug monitor mode on ARM Cortex-M MCUs
APIMiner - The API Logger for Malwares - The Fast Way To Identifying Malwares http://www.malware-analysis-and-detection-engineering.com/2020/09/apiminer-api-logger-for-malwares-fast.html #reverse #malware #dukeBarman
Malware-Analysis-And-Detection-Engineering
APIMiner - The API Logger for Malwares - The Fast Way To Identifying Malwares
Direct Download Link for Latest Release of APIMiner: https://github.com/poona/APIMiner/releases/download/1.0.0/release-v1.0.0.zip One of...
Giving Hackers a Headache with Exploit Mitigations - Maria Markstedter, Azeria Labs
Video: https://www.youtube.com/watch?v=riQ-WyYrxh4
Slides: https://azeria-labs.com/downloads/Keynote_ArmResearchSummit2020_Azeria.pdf
#reverse #hardware #exploitation #dukeBarman
Video: https://www.youtube.com/watch?v=riQ-WyYrxh4
Slides: https://azeria-labs.com/downloads/Keynote_ArmResearchSummit2020_Azeria.pdf
#reverse #hardware #exploitation #dukeBarman
Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware
Code: https://github.com/fireeye/speakeasy
Article: https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
#reverse #malware #dukeBarman
Code: https://github.com/fireeye/speakeasy
Article: https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
#reverse #malware #dukeBarman
GitHub
GitHub - mandiant/speakeasy: Windows kernel and user mode emulation.
Windows kernel and user mode emulation. Contribute to mandiant/speakeasy development by creating an account on GitHub.