Reverse Engineering and Code Emulation with #Ghidra
Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk
Video: https://twitch.tv/videos/498159435
Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator
#reverse #dukeBarman
Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk
Video: https://twitch.tv/videos/498159435
Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator
#reverse #dukeBarman
GitHub
GitHub - kc0bfv/Saintcon2019GhidraTalk: The slides from my Saintcon 2019 talk.
The slides from my Saintcon 2019 talk. Contribute to kc0bfv/Saintcon2019GhidraTalk development by creating an account on GitHub.
Arbitrary Code Guard vs. Kernel Code Injections https://www.countercraft.eu/blog/post/arbitrary-vs-kernel/ #reverse #dukeBarman
Destroying x86_64 instruction decoders with differential fuzzing
Article: https://blog.trailofbits.com/2019/10/31/destroying-x86_64-instruction-decoders-with-differential-fuzzing/
Source: https://github.com/trailofbits/mishegos
#fuzzing #dukeBarman
Article: https://blog.trailofbits.com/2019/10/31/destroying-x86_64-instruction-decoders-with-differential-fuzzing/
Source: https://github.com/trailofbits/mishegos
#fuzzing #dukeBarman
The Trail of Bits Blog
Destroying x86_64 instruction decoders with differential fuzzing
TL;DR: x86_64 decoding is hard, and the number and variety of implementations available for it makes it uniquely suited to differential fuzzing. Weβre open sourcing mishegos, a differential fuzzer for instruction decoders. You can use it to discover discrepanciesβ¦
Building A Custom Tool For Shellcode Analysis https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/ #malware #dukeBarman
SentinelOne
Building A Custom Tool For Shellcode Analysis
The Zero2Hero malware course continues with Daniel Bunce demonstrating how to write a custom tool to load, execute and debug malicious shellcode in memory.
Fileless Malware Infection And Linux Process Injection In Linux OS
Video: https://www.youtube.com/watch?v=RvBj8C5okp0
Slides: https://2019.hack.lu/archive/2019/Fileless-Malware-Infection-and-Linux-Process-Injection-in-Linux-OS.pdf
Article: https://blog.malwaremustdie.org/2019/10/more-about-my-2019hacklu-keynote-talk.html?m=1
#reverse #linux #malware #dukeBarman
Video: https://www.youtube.com/watch?v=RvBj8C5okp0
Slides: https://2019.hack.lu/archive/2019/Fileless-Malware-Infection-and-Linux-Process-Injection-in-Linux-OS.pdf
Article: https://blog.malwaremustdie.org/2019/10/more-about-my-2019hacklu-keynote-talk.html?m=1
#reverse #linux #malware #dukeBarman
YouTube
Fileless Malware Infection And Linux Process Injection In Linux OS - Hendrik Adrian
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Analyzing Golang Executables https://www.pnfsoftware.com/blog/analyzing-golang-executables/ #reverse #dukeBarman
Cemu 0.5 was released (Cheap EMUlator: lightweight multi-architecture assembly playground) https://github.com/hugsy/cemu #reverse #dukeBarman
GitHub
GitHub - hugsy/cemu: Cheap EMUlator: lightweight multi-architecture assembly playground
Cheap EMUlator: lightweight multi-architecture assembly playground - hugsy/cemu
IPython console integration for #IDA Pro https://github.com/eset/ipyida
- Support for IDA 7.4 and Python 3 (Python 2 and previous IDA still supported)
- Dark mode
- Load ipyidarc py file on startup
#reverse #dukeBarman
- Support for IDA 7.4 and Python 3 (Python 2 and previous IDA still supported)
- Dark mode
- Load ipyidarc py file on startup
#reverse #dukeBarman
GitHub
GitHub - eset/ipyida: IPython console integration for IDA Pro
IPython console integration for IDA Pro. Contribute to eset/ipyida development by creating an account on GitHub.
rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries https://github.com/0vercl0k/rp #exploitation #dukeBarman
GitHub
GitHub - 0vercl0k/rp: rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. - 0vercl0k/rp
The Firmware Security Testing Methodology (FSTM) by OWASP https://github.com/scriptingxss/owasp-fstm #reverse #hardware #dukeBarman
GitHub
GitHub - scriptingxss/owasp-fstm: The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enableβ¦
The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with co...
Solving iOS UnCrackable 1 Crackme Without Using an iOS Device https://serializethoughts.com/2019/10/28/solving-mstg-crackme-angr #ios #CTF #dukeBarman
serializethoughts
Solving iOS UnCrackable 1 Crackme Without Using an iOS Device
TL;DR: iOS UnCrackable Level 1 crackme application can be solved without using an iOS device using Angrβs dynamic execution engine.
PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software
Using Emulation https://people.eecs.berkeley.edu/~rohanpadhye/files/partemu-usenixsec20.pdf #android #hardware #dukeBarman
Using Emulation https://people.eecs.berkeley.edu/~rohanpadhye/files/partemu-usenixsec20.pdf #android #hardware #dukeBarman
Google launches OpenTitan, an #opensource secure chip design project https://opentitan.org/ #hardware #dukeBarman
opentitan.org
Open source silicon root of trust (RoT) | OpenTitan
The first open source project building a transparent, high-quality reference
design and integration guidelines for silicon root of trust (RoT) chips
design and integration guidelines for silicon root of trust (RoT) chips
Firmware Extraction at #Hack.lu 2019 https://2019.hack.lu/archive/2019/snarf-it_pub.pdf #reverse #hardware #dukeBarman
Isolating the logic of an encrypted protocol with LIEF and kaitai https://x-c3ll.github.io/posts/blackbox-lief-kaitai/ #reverse #dukeBarman
Doomsday Vault
Isolating the logic of an encrypted protocol with LIEF and kaitai
Article describing how we used LIEF to isolate target functions and kaitai to describe the protocol.
Analysis Corona DDoS bot https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/ #reverse #malware #ghidra
EFI DXE Emulator and Interactive Debugger
Source: https://github.com/gdbinit/efi_dxe_emulator
Article: https://reverse.put.as/2019/10/29/crafting-an-efi-emulator/
#debugger #efi #dukeBarman
Source: https://github.com/gdbinit/efi_dxe_emulator
Article: https://reverse.put.as/2019/10/29/crafting-an-efi-emulator/
#debugger #efi #dukeBarman
GitHub
GitHub - gdbinit/efi_dxe_emulator: EFI DXE Emulator and Interactive Debugger
EFI DXE Emulator and Interactive Debugger. Contribute to gdbinit/efi_dxe_emulator development by creating an account on GitHub.
The One Weird Trick SecureROM Hates (and a few words about checkrain jailbreak) by qwertyoruiop #POC2019 http://iokit.racing/oneweirdtrick.pdf #ios #exploit #dukeBarman