Static instrumentation based on executable file formats http://romainthomas.fr/slides/18-06-Recon18-Formats-Instrumentation.pdf #reverse #dukeBarman
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python https://www.youtube.com/watch?v=EdchPEHnohw #malware #dukeBarman
YouTube
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python
Open Analysis Live! We unpack TrickBot and extract it's configuration file using x64dbg and a Python noscript from the KevinTheHermit project. Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs…
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs…
https://www.malwaretech.com/beginner-malware-reversing-challenges #malware #hackquest #crackme #dukeBarman
Malwaretech
MalwareTech Labs - Learn Reverse Engineering & Malware Analysis
Practical reverse engineering labs designed to imitate real-world malware techniques, helping beginners improve their skills in a safe and fun way.
Meaningful Variable Names for Decompiled Code: A Machine Translation Approach https://cmustrudel.github.io/papers/icpc18decompilation.pdf #reverse #decompilation #dukeBarman
A Mathematical Modeling of Exploitations and Mitigation Techniques Using Set Theory Paper: http://spw18.langsec.org/papers/Kawakami-Exploit-modeling-using-set-theory.pdf Slides: http://spw18.langsec.org/slides/Kawakami-Exploit-modeling-using-set-theory.pdf #exploit #dukeBarman
Android Crackme and Structure offset propagation http://radare.today/posts/crackme_with_tl/ #radare2 #android #dukeBarman
radareorg.github.io
Android Crackme and Structure offset propagation
Today we will look into the recently introduced feature in r2 - structure offset propagation.
We will use it to solve a crackme based on reversing an Android JNI (Java Native Interface) library.Beware that the feature is still WIP and being constantly improved.…
We will use it to solve a crackme based on reversing an Android JNI (Java Native Interface) library.Beware that the feature is still WIP and being constantly improved.…
Detecting Kernel Memory Disclosure – Whitepaper
https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html
http://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf
#expdev #darw1n
https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html
http://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf
#expdev #darw1n
Blogspot
Detecting Kernel Memory Disclosure – Whitepaper
Posted by Mateusz Jurczyk, Project Zero Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrume...
https://versprite.com/blog/application-security/frida-engage-part-one-building-an-elf-parser-with-frida/ #frida #dukeBarman
VerSprite
Frida Engage Part One: Building an ELF Parser with Frida | VerSprite
In this blog series we will be covering the endless possibilities and power of Frida. For those of you who have never heard of Frida...
Analyzing an Integer Overflow in Bitdefender AV (CVE-2017-17408).
Part 1 (Vulnerability): https://www.zerodayinitiative.com/blog/2018/6/19/analyzing-an-integer-overflow-in-bitdefender-av-part-1-the-vulnerability
Part 2 (PoC): https://www.zerodayinitiative.com/blog/2018/6/21/analyzing-an-integer-overflow-in-bitdefender-av-part-2-the-exploit
#expdev #darw1n
Part 1 (Vulnerability): https://www.zerodayinitiative.com/blog/2018/6/19/analyzing-an-integer-overflow-in-bitdefender-av-part-1-the-vulnerability
Part 2 (PoC): https://www.zerodayinitiative.com/blog/2018/6/21/analyzing-an-integer-overflow-in-bitdefender-av-part-2-the-exploit
#expdev #darw1n
Zero Day Initiative
Zero Day Initiative — Analyzing an Integer Overflow in Bitdefender AV: Part 1 – The Vulnerability
In the pantheon of software bugs, vulnerabilities that occur in security software are considered more severe than others. We rely of the security software to defend against attackers, so bugs in our defenses could not just allow attackers to cause harm, they…
Bootloader research tools (very much a work in progress) https://github.com/bx/bootloader_instrumentation_suite #radare2 #reverse #dukeBarman
GitHub
GitHub - bx/bootloader_instrumentation_suite: Bootloader research tools (very much a work in progress)
Bootloader research tools (very much a work in progress) - GitHub - bx/bootloader_instrumentation_suite: Bootloader research tools (very much a work in progress)
Kernel Forensics and Rootkits https://www.tophertimzen.com/resources/cs407/slides/week06_01-Rootkits.html#slide1 #rootkits #dukeBarman
Amat Cama - A Walk With Shannon- A walkthrough of a PWN2OWN Baseband exploit https://github.com/comaeio/OPCDE/blob/master/2018/Kenya/Amat%20Cama%20-%20A%20Walk%20With%20Shannon-%20A%20walkthrough%20of%20a%20PWN2OWN%20Baseband%20exploit.pdf #hardware #dukeBarman
GitHub
OPCDE/Amat Cama - A Walk With Shannon- A walkthrough of a PWN2OWN Baseband exploit.pdf at master · msuiche/OPCDE
OPCDE Cybersecurity Conference Materials. Contribute to msuiche/OPCDE development by creating an account on GitHub.
Basics of Anti Reverse Engineering https://medium.com/@Andromeda./basics-of-anti-reverse-engineering-9173826f1914 #reverse #dukeBarman
Medium
Basics of Anti Reverse Engineering
Recently while making my reversing challenges I have discovered some tricks that I found interesting to make the reverse engineering…
CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/ #expdev #lpe #darw1n
LRQA Nettitude Labs
CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities
We have recently disclosed a list of vulnerabilities to Sophos that allow local attackers to elevate their privileges and execute code in the security context of the SYSTEM user account.
Affected Products
SafeGuard Enterprise 8.00.4 and earlier (Fix: install…
Affected Products
SafeGuard Enterprise 8.00.4 and earlier (Fix: install…
Article: "MINDSHARE: VARIANT HUNTING WITH IDA PYTHON" About IDA Python. https://www.zerodayinitiative.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python #idapython #dukeBarman
Zero Day Initiative
Zero Day Initiative — MindshaRE: Variant Hunting with IDA Python
MindShaRE is our periodic look at various reverse engineering tips and tricks. The goal is to keep things small and discuss some everyday aspects of reversing. You can view previous entries in this series here .
Radare2 team https://github.com/radare/radare2 asks for help :
"Since one of our students is working very hard on variables detection and types propagation in radare2, you can help him, by taking radare2 from git, checking how it detected function arguments and variables. Basically like this - "r2 some_bin", then "aaa; afta", then scroll in visual mode. If you find issues - please open a bug in radare2 github or just send me a sample with denoscription what was wrong."
"Since one of our students is working very hard on variables detection and types propagation in radare2, you can help him, by taking radare2 from git, checking how it detected function arguments and variables. Basically like this - "r2 some_bin", then "aaa; afta", then scroll in visual mode. If you find issues - please open a bug in radare2 github or just send me a sample with denoscription what was wrong."
GitHub
GitHub - radareorg/radare2: UNIX-like reverse engineering framework and command-line toolset
UNIX-like reverse engineering framework and command-line toolset - radareorg/radare2