deReferencing is an IDA Pro plugin that implements new registers and stack views. Adds dereferenced pointers, colors and other useful information, similar to some GDB plugins (e.g: PEDA, GEF, pwndbg, etc).
Supports following architectures: x86, x86-64, ARM, ARM64, MIPS32 and MIPS64
https://github.com/danigargu/deREferencing
Supports following architectures: x86, x86-64, ARM, ARM64, MIPS32 and MIPS64
https://github.com/danigargu/deREferencing
Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner
https://www.fortinet.com/blog/threat-research/python-based-malware-uses-nsa-exploit-to-propagate-monero--xmr--.html
https://www.fortinet.com/blog/threat-research/python-based-malware-uses-nsa-exploit-to-propagate-monero--xmr--.html
Fortinet Blog
Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner
Recently, FortiGuard Labs uncovered a new python-based cryptocurrency mining malware that uses the ETERNALROMANCE exploit, that we have dubbed “PyRoMine.” In this article, I provide an analysis of …
DbgChild is a stand alone tool for debugging child processes (auto attach).
https://github.com/David-Reguera-Garcia-Dreg/DbgChild
https://github.com/David-Reguera-Garcia-Dreg/DbgChild
GitHub
GitHub - therealdreg/DbgChild: Debug Child Process Tool (auto attach)
Debug Child Process Tool (auto attach). Contribute to therealdreg/DbgChild development by creating an account on GitHub.
abuse.ch is operated by a random swiss guy fighting malware for non-profit,
running a couple of projects helping internet service providers and network operators protecting
their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely
on data from abuse.ch, trying to make the internet a safer place.
https://abuse.ch
running a couple of projects helping internet service providers and network operators protecting
their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely
on data from abuse.ch, trying to make the internet a safer place.
https://abuse.ch
abuse.ch
abuse.ch - Figthing malware and botnets
abuse.ch is providing community driven threat intelligence on cyber threats
UNPACME is an automated malware unpacking service. Submissions to UNPACME are analyzed using a set of custom unpacking processes maintained by OpenAnalysis. These processes extract all encrypted or packed payloads from the submission and return a unique set of payloads to the user. In short, UNPACME automates the first step in your malware analysis process.
https://www.unpac.me/
https://www.unpac.me/
Squalr is performant Memory Editing software that allows users to create and share cheats in their windows desktop games. This includes memory scanning, pointers, x86/x64 assembly injection, and so on.
https://github.com/Squalr/Squalr
https://github.com/Squalr/Squalr
Reverse engineering a Gameboy ROM with radare2
https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/
https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/
Megabeets
Reverse engineering a Gameboy ROM with radare2 – Megabeets
In this article I'll show you more of the powers within radare2, this time its capabilities to analyze a non-trivial binary – a Gameboy ROM. The challenge was taken from the crackmes competition in r2con 2017.
Windows Process Injection in 2019
https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
https://github.com/guyinatuxedo/nightmare
https://github.com/guyinatuxedo/nightmare
GitHub
GitHub - guyinatuxedo/nightmare
Contribute to guyinatuxedo/nightmare development by creating an account on GitHub.
Simple No-meaning Assembly Omitter for IDA Pro (This is just a prototype)
https://github.com/tkmru/nao
https://github.com/tkmru/nao
GitHub
GitHub - tkmru/nao: Simple No-meaning Assembly Omitter for IDA Pro (This is just a prototype)
Simple No-meaning Assembly Omitter for IDA Pro (This is just a prototype) - tkmru/nao
IDA StringCluster
extending IDA's string navigation capabilities
https://github.com/Comsecuris/ida_strcluster
extending IDA's string navigation capabilities
https://github.com/Comsecuris/ida_strcluster
GitHub
GitHub - Comsecuris/ida_strcluster: extending IDA's string navigation capabilities
extending IDA's string navigation capabilities. Contribute to Comsecuris/ida_strcluster development by creating an account on GitHub.