Python scripts to help analzye go binaries in radare2. Basically this is a port of the IDA pro script golang_load_assist to r2. https://github.com/f0rki/r2-go-helpers #reverse #radare2 #dukeBarman
GitHub
GitHub - f0rki/r2-go-helpers: [UNMAINTAINED] python scripts to help analzye go binaries in radare2
[UNMAINTAINED] python scripts to help analzye go binaries in radare2 - f0rki/r2-go-helpers
Prometei botnet and its quest for Monero https://blog.talosintelligence.com/2020/07/prometei-botnet-and-its-quest-for-monero.html #reverse #malware #dukeBarman
Cisco Talos Blog
Prometei botnet and its quest for Monero
NEWS SUMMARY
* We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.
* Cisco Talos recently discovered a cryptocurrency-mining botnet attack…
* We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.
* Cisco Talos recently discovered a cryptocurrency-mining botnet attack…
IDA: What’s new in 7.5sp2 https://www.hex-rays.com/products/ida/news/7_5sp2/ #reverse #IDA #dukeBarman
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. https://github.com/blackberry/pe_tree #reverse #windows #ida #dukeBarman
GitHub
GitHub - blackberry/pe_tree: Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can…
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports. - blackb...
Binary instrumentation framework based on FRIDA https://github.com/Ch0pin/medusa #reverse #frida #android #dukeBarman
GitHub
GitHub - Ch0pin/medusa: Mobile Edge-Dynamic Unified Security Analysis
Mobile Edge-Dynamic Unified Security Analysis. Contribute to Ch0pin/medusa development by creating an account on GitHub.
Converts .tag file produced by tiny_tracer to Cutter annotation script https://github.com/Dump-GUY/tiny_tracer_tag_to_cutter #reverse #radare2 #dukeBarman
GitHub
GitHub - Dump-GUY/tiny_tracer_tag_to_cutter
Contribute to Dump-GUY/tiny_tracer_tag_to_cutter development by creating an account on GitHub.
MMS Exploit Part 3: Constructing the Memory Corruption Primitives https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html #reverse #android #exploitation #dukeBarman
Blogspot
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable...
Set of antianalysis techniques found in malware https://github.com/hasherezade/antianalysis_demos #reverse #malware #dukeBarman
GitHub
GitHub - hasherezade/antianalysis_demos: Set of antianalysis techniques found in malware
Set of antianalysis techniques found in malware. Contribute to hasherezade/antianalysis_demos development by creating an account on GitHub.
Find ioctls in binaries (For IDA 7.5 and Python3 ) https://gist.github.com/uf0o/011cedcae3f52102c69c7d8c28ae678c #ida #reverse #dukeBarman
Gist
find_ioctls.py
GitHub Gist: instantly share code, notes, and snippets.
Introduction to symbolic execution with KLEE https://www.youtube.com/watch?v=z6bsk-lsk1Q #reverse #smt #newbie #dukeBarman
YouTube
Introduction to symbolic execution with KLEE
Follow David on Twitter @Davkorcz: https://twitter.com/Davkorcz
Follow us on Twitter: @ADALogics at https://twitter.com/ADALogics
This video gives an introduction to the KLEE symbolic execution engine.
The video shows how to install KLEE using the Docker…
Follow us on Twitter: @ADALogics at https://twitter.com/ADALogics
This video gives an introduction to the KLEE symbolic execution engine.
The video shows how to install KLEE using the Docker…
Flipper Zero — Tamagochi for Hackers - https://www.kickstarter.com/projects/flipper-devices/flipper-zero-tamagochi-for-hackers/description #hardware #dukeBarman
Kickstarter
Flipper Zero — Multitool for Hackers
Open source multi-tool device for researching and pentesting radio protocols, access control systems, hardware, and more.
One Byte to rule them all - The new iOS kernel exploitation technique that turns a one-byte controlled heap overflow directly into a read/write primitive https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.html #exploitation #ios #dukeBarman
Blogspot
One Byte to rule them all
Posted by Brandon Azad, Project Zero One Byte to rule them all, One Byte to type them, One Byte to map them all, and in userspace bind...
The Art of Large Scale Cumulative Binary Diffing
Article: http://www.debasish.in/2018/03/the-art-of-large-scale-cumulative.html
Code: https://github.com/debasishm89/MassDiffer
#reverse #ida #dukeBarman
Article: http://www.debasish.in/2018/03/the-art-of-large-scale-cumulative.html
Code: https://github.com/debasishm89/MassDiffer
#reverse #ida #dukeBarman
www.debasish.in
The Art of Large Scale Cumulative Binary Diffing
Debasish Mandal's Personal Blog about Information Security Research,Exploit Development,Vulnerability Research,Python and some random ideas!
GReAT Ideas. Powered by SAS: threat hunting and new techniques https://www.youtube.com/watch?v=xeTYLRCwnFo #video #malware #dukeBarman
YouTube
GReAT Ideas. Powered by SAS: threat hunting and new techniques
On July 22 Kaspersky's Global Research and Analysis Team (GReAT) held its second talk of ‘GReAT Ideas. Powered by SAS’ series.
Watch the recording of the session if you missed it live.
‘GReAT Ideas’ is a series of events meant to empower you with information…
Watch the recording of the session if you missed it live.
‘GReAT Ideas’ is a series of events meant to empower you with information…
The core of Apple is PPL (Apple's Page Protection Layer): Breaking the XNU kernel's kernel https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-breaking-xnu.html #exploitation #macos #ios #dukeBarman
Blogspot
The core of Apple is PPL: Breaking the XNU kernel's kernel
Posted by Brandon Azad, Project Zero While doing research for the one-byte exploit technique , I considered several ways it might be poss...
WasmBoxC: Simple, Easy, and Fast VM-less Sandboxing https://kripken.github.io/blog/wasm/2020/07/27/wasmboxc.html #exploitation #dukeBarman
kripken.github.io
WasmBoxC: Simple, Easy, and Fast VM-less Sandboxing
The software ecosystem has a lot of useful but unsafe code, and the easier it is to sandbox that code, the moreoften that’ll happen. If it were as simple as ...
A gentle introduction into ARM assembly https://www.shadowinfosec.io/2018/05/a-gentle-introduction-into-arm-assembly.html #reverse #dukeBarman