Part 2 is out! https://www.youtube.com/watch?v=Q90uZS3taG0

In this first video of the "Reversing WannaCry" series we will look at the infamous killswitch and the installation and unpacking procedure of WannaCry.



Twitter: https://twitter.com/ghidraninja…

In this video we will look at reverse engineering and hacking the firmware encryption used on Moxa industrial control gateways using Ghidra.

Links:
Twitter: https://twitter.com/ghidraninja
Moxa W2150A: https://www.moxa.com/en/products/industrial-edge-co…

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Convert code from C# to VB.NET and vice versa using Roslyn - icsharpcode/CodeConverter

This repo contains CoreRT, an experimental .NET Core runtime optimized for AOT (ahead of time compilation) scenarios, with the accompanying compiler toolchain. - dotnet/corert

IRC.NET is a complete IRC (Internet Relay Chat) client library for .NET. - GitHub - IrcDotNet/IrcDotNet: IRC.NET is a complete IRC (Internet Relay Chat) client library for .NET.

Reverse Engineering & Windows Internals.

Emotet Banking Trojan malware has been around for quite some time now. As such, infosec researchers have made several attempts to...

Here I demonstrate how to extract shellcode from the context of a malicious Word doc which uses VBA to inject shellcode into the memory space of a victim process.

This code injection is executed solely in memory, therefore is considered 'fileless' as it…

The Ghidra distribution includes a plugin for use with IDA Pro (a commercially available disassembler). The XML plugin is used with IDA ...

Enable Microsoft PDB support in Ghidra without installing Visual Studio - MalwareTech/MSDIA-x64