Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
https://www.youtube.com/watch?v=HcyCZPNO3qI
https://www.youtube.com/watch?v=HcyCZPNO3qI
YouTube
Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
In the last video, we looked for signs of packing in our malicious sample using IDA Pro. What we found was fairly clear evidence of the use of process hollowing, a common technique of code injection used by malware authors. In this video, I'll introduce Time…
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
YouTube
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
Learn how to install and setup CapeV2 Sandbox
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
triage-collector is a triage collection tool for fast forensic.
https://github.com/herosi/triage-collector
https://github.com/herosi/triage-collector
GitHub
GitHub - herosi/triage-collector
Contribute to herosi/triage-collector development by creating an account on GitHub.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly
https://github.com/void-stack/VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper
GitHub
GitHub - void-stack/VMUnprotect.Dumper: VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly. - void-stack/VMUnprotect.Dumper
a suite of utilities and libraries that enables analysis of binary programs. BAP supports x86, x86-64, ARM, MIPS, PowerPC and new architectures can be added using plugins. BAP includes various analyses, standard interpreter, microexecution interpreter, and a symbolic executor.
https://github.com/BinaryAnalysisPlatform/bap?s=09
https://github.com/BinaryAnalysisPlatform/bap?s=09
GitHub
GitHub - BinaryAnalysisPlatform/bap: Binary Analysis Platform
Binary Analysis Platform. Contribute to BinaryAnalysisPlatform/bap development by creating an account on GitHub.
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures.
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
GitHub
GitHub - kweatherman/yara4ida: Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based…
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures. - kweatherman/yara4ida
An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
LLVM обфускатор
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
https://github.com/janoglezcampos/llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
https://github.com/janoglezcampos/llvm-yx-callobfuscator
GitHub
GitHub - janoglezcampos/llvm-yx-callobfuscator: LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows…
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. - janoglezcampos/llvm-yx-callobfuscator
Дамп памяти процесса (apk, ios ipa, ...) фридой
https://github.com/Nightbringer21/fridump
Пример:
https://medium.com/@prnz_offl/dumping-android-application-memory-with-fridump-7adf2ca48fa3
https://github.com/Nightbringer21/fridump
Пример:
https://medium.com/@prnz_offl/dumping-android-application-memory-with-fridump-7adf2ca48fa3
GitHub
GitHub - Nightbringer21/fridump: A universal memory dumper using Frida
A universal memory dumper using Frida. Contribute to Nightbringer21/fridump development by creating an account on GitHub.