recentpopularlog in

whip_lash : reverseengineering   35

DLL Hijacking | Liberty
Using Procmon, open targeted PE and identify DLLs attempting to load from a writable path.
Using Ghidra identify valid entry points of said DLL.
Create DLL with a valid entry point(s) function. Within the function will be your payload.
Rename compiled DLL respectively, and place in writable directory.
Execute the PE and watch the show.
dll  dllhijack  reverse-engineering  reverseengineering 
11 days ago by whip_lash
Binary Analysis Course – Max Kersten
This course starts at the very start, where it is assumed that the reader has little to no low level knowledge. It is expected that the reader is able to understand basic programming aspects such as functions/methods, variables, types and system calls. Unlike most courses, this course aims to only use free and open-source software.
reverseengineering  course  reverse-engineering  development 
9 weeks ago by whip_lash
GitHub - 0xddaa/iddaa: idapython scripts
idapython scripts, including feature as below:

Integrete IDA pro and gdb through idapython.
Identify the suspicious functions in binary by static analysis.
Improve to analyze CGC format.
ida  python  reverse-engineering  reverseengineering 
11 weeks ago by whip_lash
SANS Penetration Testing | Using gdb to Call Random Functions! | SANS Institute
This may not seem like much, but it's actually a very simple and straightforward reverse engineering technique that sometimes works shockingly well. Grab some open source applications, run nm on them, and try calling some functions. You never know what you'll figure out!
reverse-engineering  reverseengineering 
december 2018 by whip_lash
Reversing ALPC: Where are your windows bugs and sandbox escapes?
The goal of this post is to understand my process for finding bugs (which are generally done through any means necessary), so it’s important to note they aren’t indicative of mastery in any given subject. As always, if you find any errors, or corrections, feel free to contact me. This is a personal hobby of mine and do not profess to being a professional vulnerability researcher.
reverse-engineering  reverseengineering  exploit  development 
november 2018 by whip_lash
The 101 of ELF files on Linux: Understanding and Analysis - Linux Audit
Before diving into the more technical details, it might be good to explain why an understanding of the ELF format is useful. As a starter, it helps to learn the inner workings of our operating system. When something goes wrong, we might better understand what happened (or why). Then there is the value of being able to research ELF files, especially after a security breach or discover suspicious files.
binary  elf  linux  reverseengineering 
july 2018 by whip_lash
NTCore's Homepage
a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86 and x64.
software  tools  windows  reverse-engineering  reverseengineering 
may 2018 by whip_lash
rocky/python-uncompyle6: A Python cross-version decompiler
uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.5, and 2.1 to 3.7 or so, including PyPy bytecode and Dropbox's Python 2.5 bytecode.
decompiler  python  reverse-engineering  reverseengineering 
may 2018 by whip_lash
countercept/python-exe-unpacker: A helper script for unpacking and decompiling EXEs compiled from python code.
A script that helps researcher to unpack and decompile executable written in python. However, right now this only supports executable created with py2exe and pyinstaller.
python  reverse-engineering  reverseengineering 
may 2018 by whip_lash
LloydLabs/elf-strings: elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
The better strings utility for the reverse engineer.

elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
go  github  strings  reverseengineering 
february 2018 by whip_lash
x64dbg/mona: Fork of mona.py with x64dbg support
Fork of Corelan’s mona.py for x64dbg. mona is a Windows exploit development swiss army knife. It supports ROP techniques, SEH, cyclic patterns, etc.
x64dbg  mona  python  reverseengineering 
january 2018 by whip_lash
Practical Reverse Engineering Part 1 - Hunting for Debug Ports · Hack The World
In this series of posts we’re gonna go through the process of Reverse Engineering a router. More specifically, a Huawei HG533.
electronics  hacking  hardware  reverseengineering  security 
january 2018 by whip_lash
Introduction to reverse engineering and Assembly. | KaKaRoTo's Blog
I’ve always said that reverse engineering and ASM is “too complicated to explain” or that “If you need help to get started, then you won’t be able to finish it on your own” and various other vague responses—I often wanted to explain to others why I said things like that but I never found a way to do it. You see, when something is complex, it’s easy to say that it’s complex, but it’s much harder to explain to people why it’s complex.
assembly  hacking  programming  reverseengineering 
january 2018 by whip_lash
"Reverse Engineering for Beginners" free book
Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM.

Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
assembly  book  engineering  security  reverseengineering 
january 2018 by whip_lash
Dangers of the Decompiler | Ret2 Systems Blog
Decompilers are an impressive but imperfect technology. They operate on incomplete information and do their best to approximate for us humans. Malicious actors can (and will) leverage these asymmetries as a means of deception.

As the industry grows more reliant on the luxuries of today’s decompilers, the adoption of anti-decompilation techniques will increase and evolve in the same vein as anti-debugging and anti-reversing have.
assembly  decompiler  reverseengineering 
january 2018 by whip_lash
GitHub - guedou/jupyter-radare2: Just a simple radare2 Jupyter kernel
This is a simple radare2 Jupyter kernel, that can be used to make interactive radare2 tutorials, or take advanced notes.
reverseengineering 
december 2017 by whip_lash

Copy this bookmark:





to read