An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
LLVM обфускатор
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
https://github.com/janoglezcampos/llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
https://github.com/janoglezcampos/llvm-yx-callobfuscator
GitHub
GitHub - janoglezcampos/llvm-yx-callobfuscator: LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows…
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. - janoglezcampos/llvm-yx-callobfuscator
Дамп памяти процесса (apk, ios ipa, ...) фридой
https://github.com/Nightbringer21/fridump
Пример:
https://medium.com/@prnz_offl/dumping-android-application-memory-with-fridump-7adf2ca48fa3
https://github.com/Nightbringer21/fridump
Пример:
https://medium.com/@prnz_offl/dumping-android-application-memory-with-fridump-7adf2ca48fa3
GitHub
GitHub - Nightbringer21/fridump: A universal memory dumper using Frida
A universal memory dumper using Frida. Contribute to Nightbringer21/fridump development by creating an account on GitHub.
Frida cкрипт, позволяет расшифровывать schannel TLS трафик (IIS, RDP, IE, Outlook, Powershell,LDAP,...) (проверил, работает на Windows 11. На Win7 не работает)
https://github.com/ngo/win-frida-scripts/tree/master/lsasslkeylog-easy
Статья:
Decrypting Schannel TLS traffic. Part 1. Getting secrets from lsass
https://github.com/ngo/win-frida-scripts/tree/master/lsasslkeylog-easy
Статья:
Decrypting Schannel TLS traffic. Part 1. Getting secrets from lsass
What Every Malware Analyst Should Know About PE Relocations
https://malwareid.in/unpack/unpacking-basics/pe-relocation-table
https://malwareid.in/unpack/unpacking-basics/pe-relocation-table
MalwareID Unpacking Guide
PE relocation Table
The Portable Executable (PE) base relocation table is crucial in Windows executable files. It handles memory addresses for functions and data, making sure the program runs well no matter where it's loaded in memory.
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)
https://github.com/Nassim-Asrir/ZDI-24-020/
https://github.com/Nassim-Asrir/ZDI-24-020/
GitHub
GitHub - zerozenxlabs/ZDI-24-020
Contribute to zerozenxlabs/ZDI-24-020 development by creating an account on GitHub.
Learning Binary Ninja for Reverse Engineering - Scripting Basics and More Part 1
https://www.youtube.com/watch?v=RVyZBqjLrE0
https://www.youtube.com/watch?v=RVyZBqjLrE0
YouTube
Learning Binary Ninja for Reverse Engineering - Scripting Basics and More Part 1
Twitter: https://twitter.com/ficti0n
Web: https://cclabs.io
https://console-cowboys.blogspot.com/
This video goes over learning how to use binary ninja for scripting
Web: https://cclabs.io
https://console-cowboys.blogspot.com/
This video goes over learning how to use binary ninja for scripting
impersonating TCC permissions via Electron apps on macOS Sonoma
https://wojciechregula.blog/post/electroniz3r/
https://wojciechregula.blog/post/electroniz3r/
wojciechregula.blog
ELECTRONizing macOS privacy
Publications This research has been presented at:
DEF CON 31 - ELECTRONizing macOS privacy Objective By the Sea - ELECTRONizing macOS Privacy - a New Weapon in Your Red Teaming Armory The backstory In 2019 I wrote a blog post about injecting code to Electron…
DEF CON 31 - ELECTRONizing macOS privacy Objective By the Sea - ELECTRONizing macOS Privacy - a New Weapon in Your Red Teaming Armory The backstory In 2019 I wrote a blog post about injecting code to Electron…
Нашел фазер для джава программ - Juzzer. Надстройка над libFuzzer для фазинга джава программ. Имеет функцию autoFuzz, которая сама генерит входные данные.
Autofuzz: Fuzzing Without Writing Fuzz Targets or Harnesses
Чекнуть быстро докер можно следующей командой:
Autofuzz: Fuzzing Without Writing Fuzz Targets or Harnesses
Чекнуть быстро докер можно следующей командой:
docker run -v /path/result/folder/:/fuzzing -it cifuzz/jazzer-autofuzz org.apache.commons:commons-compress:1.20 org.apache.commons.compress.archivers.sevenz.SevenZFile::new --autofuzz_ignore=java.nio.file.InvalidPathException,java.lang.NullPointerExceptionGitHub
GitHub - CodeIntelligenceTesting/jazzer: Coverage-guided, in-process fuzzing for the JVM
Coverage-guided, in-process fuzzing for the JVM. Contribute to CodeIntelligenceTesting/jazzer development by creating an account on GitHub.
Результат работы (нахождение краша). Также генерит джава код для воспроизведения краша.