Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
https://id-ransomware.malwarehunterteam.com/index.php
https://id-ransomware.malwarehunterteam.com/index.php
Malwarehunterteam
ID Ransomware
Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
Diaphora, the most advanced Free and Open Source program diffing tool
https://github.com/joxeankoret/diaphora
https://github.com/joxeankoret/diaphora
GitHub
GitHub - joxeankoret/diaphora: Diaphora, the most advanced Free and Open Source program diffing tool.
Diaphora, the most advanced Free and Open Source program diffing tool. - joxeankoret/diaphora
Pigaios a tool for matching and diffing source codes directly against binaries.
https://github.com/joxeankoret/pigaios
https://github.com/joxeankoret/pigaios
GitHub
GitHub - joxeankoret/pigaios: A tool for matching and diffing source codes directly against binaries.
A tool for matching and diffing source codes directly against binaries. - joxeankoret/pigaios
Radare2 installer for windows
https://radare.mikelloc.com/get/3.2.1/radare2_installer-msvc_32-3.2.1.exe
https://radare.mikelloc.com/get/3.2.1/radare2_installer-msvc_64-3.2.1.exe
Radare can be found too inside Cutter installation directory in windows
https://radare.mikelloc.com/get/3.2.1/radare2_installer-msvc_32-3.2.1.exe
https://radare.mikelloc.com/get/3.2.1/radare2_installer-msvc_64-3.2.1.exe
Radare can be found too inside Cutter installation directory in windows
Angr management alpha release
https://github.com/angr/angr-management/releases/tag/v0.0.0.0.0.0.0.0.00001-alpha
https://github.com/angr/angr-management/releases/tag/v0.0.0.0.0.0.0.0.00001-alpha
Demystifying PE File
Part 1 : https://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/#article
Part 2 : https://resources.infosecinstitute.com/malware-researchers-handbook/#article
Part 1 : https://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/#article
Part 2 : https://resources.infosecinstitute.com/malware-researchers-handbook/#article
Infosecinstitute
Malware researcher’s handbook (demystifying PE file) | Infosec
(For the Introduction, click here)
PE file
Portable executable file format is a type of format that is used in Windows (both x86 and x64).
As per Wikipe
PE file
Portable executable file format is a type of format that is used in Windows (both x86 and x64).
As per Wikipe
Screenshot at 2019-01-24 11-14-21.png
113.9 KB
R2 commands
agc
aga
agx
pdd
axt @@ str.*
agc
aga
agx
pdd
axt @@ str.*
amber a reflective PE packer for bypassing security products and mitigations
https://github.com/EgeBalci/Amber
https://github.com/EgeBalci/Amber
A reverse shell is a shell initiated from the target host back to the attack box which is in a listening state to pick up the shell. A bind shell is setup on the target host and binds to a specific port to listens for an incoming connection from the attack box. In malicious software a bind shell is often revered to as a backdoor.
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
Hacking Tutorials
Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
In part 2 of hacking with Netcat we will be learning about bind shells and reverse shells on Windows and Linux using Netcat, Python, PHP, Perl and Bash.