Online x86 / x64 Assembler and Disassembler
This tool takes x86 or x64 assembly instructions and converts them to their binary representation (machine code). It can also go the other way, taking a hexadecimal string of machine code and transforming it into a human-readable representation of the instructions. It uses GCC and objdump behind the scenes.
https://defuse.ca/online-x86-assembler.htm#disassembly
This tool takes x86 or x64 assembly instructions and converts them to their binary representation (machine code). It can also go the other way, taking a hexadecimal string of machine code and transforming it into a human-readable representation of the instructions. It uses GCC and objdump behind the scenes.
https://defuse.ca/online-x86-assembler.htm#disassembly
defuse.ca
Online x86 and x64 Intel Instruction Assembler
Easily find out which bytes your x86 ASM instructions assemble to.
How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros
Part 1:
https://security-soup.net/extractnetworkindicators-part1/
Part2:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-2/
Part3:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-3/
Part 1:
https://security-soup.net/extractnetworkindicators-part1/
Part2:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-2/
Part3:
https://security-soup.net/how-to-extract-network-indicators-of-compromise-iocs-from-maldoc-macros-part-3/
Forwarded from MalScanBotChannel
This media is not supported in your browser
VIEW IN TELEGRAM
Here is a quick video demonstrating how @MalScanBot can be used to quickly analyze xls file for malicious indicators from your mobile device.
Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
https://github.com/a0rtega/pafish
https://github.com/a0rtega/pafish
NEW URSNIF VARIANT TARGETS JAPAN PACKED WITH NEW FEATURES
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
Auto-renaming dummy-named functions, which have one API call or jump to the imported API
https://github.com/a1ext/auto_re
https://github.com/a1ext/auto_re
Indicators of Compromise vs. Tactics, Techniques, and Procedures
https://azeria-labs.com/iocs-vs-ttps/
https://azeria-labs.com/iocs-vs-ttps/
Azeria-Labs
IOCs vs. TTPs
Forwarded from Web Security | Bug hunting
Embed and hide any file in HTML:
https://github.com/Arno0x/EmbedInHTML
https://github.com/Arno0x/EmbedInHTML
GitHub
GitHub - Arno0x/EmbedInHTML: Embed and hide any file in an HTML file
Embed and hide any file in an HTML file. Contribute to Arno0x/EmbedInHTML development by creating an account on GitHub.
Corona DDoS bot
In this article, multiple phases will be described using the usual step-by-step approach. Firstly, the main function is analysed in order to get an overview of the malware’s lay-out. Secondly, the local address is obtained. Thirdly, the mutex that is used by the malware is described. Fourthly, the decryption routine for the encrypted strings will be analysed and rewritten in Java. Using this decryptor, the actual values of the encrypted strings can be obtained. Fifthly, the bot’s registration at the command & control server will be analysed, including a connectivity check. Sixthly, the process of dispatching incoming commands will be analysed. Lastly, a conclusion is made based upon the findings
https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/
In this article, multiple phases will be described using the usual step-by-step approach. Firstly, the main function is analysed in order to get an overview of the malware’s lay-out. Secondly, the local address is obtained. Thirdly, the mutex that is used by the malware is described. Fourthly, the decryption routine for the encrypted strings will be analysed and rewritten in Java. Using this decryptor, the actual values of the encrypted strings can be obtained. Fifthly, the bot’s registration at the command & control server will be analysed, including a connectivity check. Sixthly, the process of dispatching incoming commands will be analysed. Lastly, a conclusion is made based upon the findings
https://maxkersten.nl/binary-analysis-course/malware-analysis/corona-ddos-bot/
Reverse Engineering Gootkit with Ghidra Part I
https://dannyquist.github.io/gootkit-reversing-ghidra/
https://dannyquist.github.io/gootkit-reversing-ghidra/