Mess with the best die like the rest mode (slides & demos Recon 18) https://twitter.com/vpikhur/status/960154981448933376 #dukeBarman
Twitter
Volodymyr Pikhur
Slides are posted here: github.com/hwroot/Present… @reconbrx Demo: youtu.be/sMroXa-zYxk
Statically compiled ARM binaries for debugging and runtime analysis https://github.com/therealsaumil/static-arm-bins/ #debugger #dukeBarman
GitHub
GitHub - therealsaumil/static-arm-bins: Statically compiled ARM binaries for debugging and runtime analysis
Statically compiled ARM binaries for debugging and runtime analysis - therealsaumil/static-arm-bins
IDA 7.1 was updated (added microcode) https://www.hex-rays.com/products/ida/7.1/index.shtml #ida #dukeBarman
IDAPython plugging adding "Search Google for..." to right click context menu https://github.com/intezer/scripts/blob/master/search_google.py #ida #plugins #dukeBarman
GitHub
intezer/scripts
Contribute to intezer/scripts development by creating an account on GitHub.
Writing a simple x86 emulator with IDAPython https://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/ #ida #dukeBarman
Shortjump!
Writing a simple x86 emulator with IDAPython
Often times, when I stumble upon IDAPython scripts, I notice that they are using inefficient / incorrect IDAPython APIs to disassemble or decode instructions (for instance using idc.GetMnem() or id…
Analyzing the nasty .NET protection of the Ploutus.D malware. https://antonioparata.blogspot.ru/2018/02/analyzing-nasty-net-protection-of.html #malware #dukeBarman
Blogspot
Analyzing the nasty .NET protection of the Ploutus.D malware.
Twitter: @s4tan EDIT: The source code is now online: https://github.com/enkomio/Conferences/tree/master/HackInBo2018 Recently the ATM ma...
IDA Plugin for quickly copying disassembly as encoded hex bytes https://gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826 #ida #dukeBarman
Gist
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx)
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx) - HexCopy.py
BAP 1.4.0 was released: added MIPS and PowerPC support and many program analysis goodies https://github.com/BinaryAnalysisPlatform/bap/releases/tag/v1.4.0 #reverse
GitHub
Release v1.4.0 · BinaryAnalysisPlatform/bap
Features
#762 MIPS and MIPS64 lifters
#739 PowerPC and PowerPC64 lifters
#744 LLVM 5.0 compatibility
#734 BARE Binary Analysis Rule Engine
#734 New Taint Analysis Framework
#734 Primus Lisp 2.0 wi...
#762 MIPS and MIPS64 lifters
#739 PowerPC and PowerPC64 lifters
#744 LLVM 5.0 compatibility
#734 BARE Binary Analysis Rule Engine
#734 New Taint Analysis Framework
#734 Primus Lisp 2.0 wi...
malware.one : a binary substring searchable malware catalog (containing terabytes of malicious code) #malware #dukeBarman
Interactive shellcoding environment to easily craft shellcodes https://github.com/merrychap/shellen #exploit #dukeBarman
GitHub
GitHub - merrychap/shellen: :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes - merrychap/shellen
Malware detection using learning and information retrieval for Android https://github.com/dkhuuthe/MADLIRA #malware #android #dukeBarman
GitHub
GitHub - dkhuuthe/MADLIRA: Malware detection using learning and information retrieval for Android
Malware detection using learning and information retrieval for Android - GitHub - dkhuuthe/MADLIRA: Malware detection using learning and information retrieval for Android
symrepl is a small utility that helps you investigate the type information inside binaries. It uses lldb in order to access the symbolic information inside a binary https://github.com/agustingianni/symrepl #reverse
GitHub
agustingianni/symrepl
Symbol REPL. Contribute to agustingianni/symrepl development by creating an account on GitHub.
Unpacking Gootkit Malware With IDA Pro and X64dbg https://www.youtube.com/watch?v=242Tn0IL2jE #re #malware #ida #dukeBarman
YouTube
Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request
Open Analysis Live! We use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). This was a subscriber request asking us to determine how this was packed. Video bookmarks to skip ahead...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU…
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU…
A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table https://github.com/danigargu/syms2elf #re #radare2 #ida #dukeBarman
GitHub
GitHub - danigargu/syms2elf: A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table - danigargu/syms2elf