FIN7: Lizar toolkit architecture
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
Medium
From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hackerβsβ¦
The article was prepared by BI.ZONE Cyber Threats Research Team
Experiment to attempt to build Apple's dyld tools. https://github.com/oleavr/dyld-tools #iOS #macOS #reverse #dukeBarman
GitHub
GitHub - oleavr/dyld-tools: Experiment to attempt to build Apple's dyld tools.
Experiment to attempt to build Apple's dyld tools. - oleavr/dyld-tools
A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence https://github.com/MCUSec/uEmu #reverse #hardware #dukeBarman
GitHub
GitHub - MCUSec/uEmu: A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence.
A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence. - MCUSec/uEmu
π Today marks IDA's 30 years around the sun! Join us in celebrating this birthday, and expect many more to come: https://hex-rays.com/blog/ida-celebrating-30-years-of-binary-analysis-innovation/
#idapro #30thanniversary #reverse #ida #KosBeg
#idapro #30thanniversary #reverse #ida #KosBeg
VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
https://back.engineering/17/05/2021/
#reverse #vm #debug #vmprotect #antidebug #analysis #KosBeg
https://back.engineering/17/05/2021/
#reverse #vm #debug #vmprotect #antidebug #analysis #KosBeg
iOS 14.5 WebKit/Safari based Jailbreak Made by RPwnage & the Manticore team
https://github.com/RPwnage/pwn-my
#reverse #expdev #ios #mobile #jailbreak #heckysome
https://github.com/RPwnage/pwn-my
#reverse #expdev #ios #mobile #jailbreak #heckysome
How we bypassed bytenode and decompiled Node.js bytecode in Ghidra
https://swarm.ptsecurity.com/how-we-bypassed-bytenode-and-decompiled-node-js-bytecode-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #darw1n
https://swarm.ptsecurity.com/how-we-bypassed-bytenode-and-decompiled-node-js-bytecode-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #darw1n
PT SWARM
How we bypassed bytenode and decompiled Node.js bytecode in Ghidra
I build robots for fun. Rick Sanchez Itβs common knowledge that in 2019 the NSA decided to open source its reverse engineering framework known as Ghidra. Due to its versatility, it quickly became popular among security researchers. This article is one ofβ¦
Decompiling Node.js in Ghidra
https://swarm.ptsecurity.com/decompiling-node-js-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #heckysome
https://swarm.ptsecurity.com/decompiling-node-js-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #heckysome
PT SWARM
Decompiling Node.js in Ghidra
Have you ever wanted to find out how a program you often use, a game you play a lot, or the firmware of some realtime device actually works? If so, what you need is a disassembler. Better still, a decompiler. While things are pretty clear with x86βx64, Javaβ¦
M1RACLES: An Apple M1 Vulnerability is a covert channel vulnerability in the Apple Silicon βM1β chip ( it isn't real vuln ). https://m1racles.com/ #exploitation #macOS #hardware #fun
M1Racles
M1RACLES: An Apple M1 Vulnerability
M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon βM1β chip.
Creating a Ghidra processor module in SLEIGH using V8 bytecode as an example
https://swarm.ptsecurity.com/creating-a-ghidra-processor-module-in-sleigh-using-v8-bytecode-as-an-example/
#reverse #ghidra #decompiler #nodejs #v8 #plugin #darw1n
https://swarm.ptsecurity.com/creating-a-ghidra-processor-module-in-sleigh-using-v8-bytecode-as-an-example/
#reverse #ghidra #decompiler #nodejs #v8 #plugin #darw1n
PT SWARM
Creating a Ghidra processor module in SLEIGH using V8 bytecode as an example
Last year our team had to analyze V8 bytecode. Back then, there were no tools in place to decompile such code and facilitate convenient navigation over it. We decided to try writing a processor module for the Ghidra framework. Thanks to the features of theβ¦
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
https://swarm.ptsecurity.com/guide-to-p-code-injection/
#reverse #ghidra #decompiler #pcode #nodejs #v8 #plugin #darw1n
https://swarm.ptsecurity.com/guide-to-p-code-injection/
#reverse #ghidra #decompiler #pcode #nodejs #v8 #plugin #darw1n
PT SWARM
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
When we were developing the ghidra nodejs module for Ghidra, we realized that it was not always possible to correctly implement V8 (JavaScript engine that is used by Node.js) opcodes in SLEIGH. In such runtime environments as V8 and JVM, a single opcode mightβ¦
tiny_tracer 1.6.1 was released. It's a Pin Tool for tracing API calls, etc. https://github.com/hasherezade/tiny_tracer/releases/tag/1.6.1 #reverse #dukeBarman
GitHub
Release 1.6.1 Β· hasherezade/tiny_tracer
π README.md
REFACT
Refactored to build with the latest Pin: 3.19
Requires Intel Pin 3.19 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to com...
REFACT
Refactored to build with the latest Pin: 3.19
Requires Intel Pin 3.19 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to com...
Ghidra 10.0 is out! There is debugger support now which is great, that will definitely bridge a usability gap.
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
#reverse #ghidra #debugger #darw1n
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
#reverse #ghidra #debugger #darw1n
GitHub
Release Ghidra 10.0 Β· NationalSecurityAgency/ghidra
WARNING: Contains log4j vulnerability
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
Cutter 2.0 - Introduction of new features (Reverse Debugging...) https://www.youtube.com/watch?v=wXfbnzcYIlU #reverse #rizin #Cutter #dukeBarman
YouTube
Cutter 2.0 - Introduction of new features (Reverse Debugging...)
This video is about new Release of awesome tool Cutter (2.0), which is a free and open-source reverse engineering platform powered by rizin.
It is a first release of Cutter that is using Rizin as its core backend.
Example features covered in this video:β¦
It is a first release of Cutter that is using Rizin as its core backend.
Example features covered in this video:β¦