#Article #ReverseEngineering
📗 Dynamic analysis of apps inside Android Cloning apps - Part 1,2
Recently I and my friend Vikas presented our research about risks for apps executing inside virtual containers aka cloning apps(VirtualApp, ParallelSpace, DualSpace, Dr.Clone, Clone, Multi-Parallel and many more cloning apps) in Android Security Symposium. The basis for most of the risks is, apps inside the virtual container get the same UID(Unix User ID).
🌐Part 1 - Part 2
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Dynamic analysis of apps inside Android Cloning apps - Part 1,2
Recently I and my friend Vikas presented our research about risks for apps executing inside virtual containers aka cloning apps(VirtualApp, ParallelSpace, DualSpace, Dr.Clone, Clone, Multi-Parallel and many more cloning apps) in Android Security Symposium. The basis for most of the risks is, apps inside the virtual container get the same UID(Unix User ID).
🌐Part 1 - Part 2
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
کانال بایت امن
#Article #ReverseEngineering 📗 Reverse engineering 3D Movie Maker - Part 1 - using Ghidra noscripting to recover the C++ class hierarchy A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game…
#Article #ReverseEngineering
📗 Reverse engineering 3D Movie Maker - Part 2
A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game reversing skills. This blog series is about my adventures in reversing 3D Movie Maker and some of the interesting things I learnt along the way.
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Reverse engineering 3D Movie Maker - Part 2
A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game reversing skills. This blog series is about my adventures in reversing 3D Movie Maker and some of the interesting things I learnt along the way.
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #PE
📗 Anatomy of a Binary Executable
Even though I’ve developed software for a number of years now, there’s one question that has always been in the back of my mind and I haven’t had the time or patience to really answer, until now: What is a binary executable anyways?
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Anatomy of a Binary Executable
Even though I’ve developed software for a number of years now, there’s one question that has always been in the back of my mind and I haven’t had the time or patience to really answer, until now: What is a binary executable anyways?
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Github #CTF
📗 Flare-On 2020
This folder contains writeups for the 2020 Flare-On CTF challenges. Writeups will be added incrementally, as I have to revisit my work for all 11 challenges.
I had a lot of fun working on these challenges, and I hope you enjoy reading about how I went about solving them.
🌐 Repo Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Flare-On 2020
This folder contains writeups for the 2020 Flare-On CTF challenges. Writeups will be added incrementally, as I have to revisit my work for all 11 challenges.
I had a lot of fun working on these challenges, and I hope you enjoy reading about how I went about solving them.
🌐 Repo Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
کانال بایت امن
#Article #ReverseEngineering 📗 Reverse engineering 3D Movie Maker - Part 1 - using Ghidra noscripting to recover the C++ class hierarchy A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game…
#Article #ReverseEngineering
📗 Reverse engineering 3D Movie Maker - Part 3
A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game reversing skills. This blog series is about my adventures in reversing 3D Movie Maker and some of the interesting things I learnt along the way.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Reverse engineering 3D Movie Maker - Part 3
A while ago, I started reverse engineering Microsoft 3D Movie Maker to understand how it works and to develop my game reversing skills. This blog series is about my adventures in reversing 3D Movie Maker and some of the interesting things I learnt along the way.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #CTF
📗 Reverse Engineering Obfuscated Code - CTF Write-Up
This is a write up for one of the FCSC (French Cyber Security Challenge) reverse engineering challenges.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Reverse Engineering Obfuscated Code - CTF Write-Up
This is a write up for one of the FCSC (French Cyber Security Challenge) reverse engineering challenges.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Github #Tools
🗳XAPKDetector is Android/APK/DEX detector for Windows, Linux and MacOS.
🔸Heuristic scan
🔸String viewer
🔸Hex viewer
🔸Entropy viewer
🔸Hash viewer
🔸ELF viewer
🔸DEX raw viewer
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
🗳XAPKDetector is Android/APK/DEX detector for Windows, Linux and MacOS.
🔸Heuristic scan
🔸String viewer
🔸Hex viewer
🔸Entropy viewer
🔸Hash viewer
🔸ELF viewer
🔸DEX raw viewer
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering
📗Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi
TLDR: This blogpost presents devi, a tool that can help you devirtualize virtual calls in C++ binaries. It uses Frida to trace the execution of a binary and uncover the call sources and destinations of virtual calls.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Reversing C++ Without Getting a Heart Attack – DEvirtualize VIrtual Calls With Devi
TLDR: This blogpost presents devi, a tool that can help you devirtualize virtual calls in C++ binaries. It uses Frida to trace the execution of a binary and uncover the call sources and destinations of virtual calls.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering
📗Basic SWF Bytecode Modification (AVM2/AS3)
I decided I would write up a basic SWF modification tutorial, and explain the basics of SWF modification, AoBs, ect.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Basic SWF Bytecode Modification (AVM2/AS3)
I decided I would write up a basic SWF modification tutorial, and explain the basics of SWF modification, AoBs, ect.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering
📗Ways to Extend Trial Periods of Shareware Software
Extend Trial Periods on Software: Software’s are most essential part for any computer. Without any software PC is just useless. Normally two different restriction of software are available, one is free for life time and another is not free, hare you must require to buy license key.
🌐 Article1 - Article2
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Ways to Extend Trial Periods of Shareware Software
Extend Trial Periods on Software: Software’s are most essential part for any computer. Without any software PC is just useless. Normally two different restriction of software are available, one is free for life time and another is not free, hare you must require to buy license key.
🌐 Article1 - Article2
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #Security #Fuzzing #Programming
📗 Fuzzing PHP with Domato
Lately I've been working on fuzzing the PHP interpreter. I've explored many tools and techniques (AFL, LibFuzzer, even a custom fuzz engine), but most recently I decided to give Domato a try. For those not aware, Domato is a grammar-based DOM fuzzer, built to tease complex bugs out of complex code-bases.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Fuzzing PHP with Domato
Lately I've been working on fuzzing the PHP interpreter. I've explored many tools and techniques (AFL, LibFuzzer, even a custom fuzz engine), but most recently I decided to give Domato a try. For those not aware, Domato is a grammar-based DOM fuzzer, built to tease complex bugs out of complex code-bases.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #Security #Programming
📗 Fuzzing Go package using go-fuzz & libfuzzer
In this course, I will first select a popular Golang library and identify the most interesting methods to fuzz. Then, I’ll explains how to use go-fuzz and libfuzzer to compile the fuzzing target. Finally, I’ll show how to run the fuzzer.
🌐 Article Link
@securebyte
📗 Fuzzing Go package using go-fuzz & libfuzzer
In this course, I will first select a popular Golang library and identify the most interesting methods to fuzz. Then, I’ll explains how to use go-fuzz and libfuzzer to compile the fuzzing target. Finally, I’ll show how to run the fuzzer.
🌐 Article Link
@securebyte
#Article #MalwareAnalysis
📗 Anti Analysis using API hashing
Malware authors are always using different tricks and techniques to try and stop malware analysts from analysing their malware. One common technique a malware analyst will do is take a look at the Import Address Table (IAT) once they have unpacked sample and see if the IAT gives any clues as to how the malware may behave.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Anti Analysis using API hashing
Malware authors are always using different tricks and techniques to try and stop malware analysts from analysing their malware. One common technique a malware analyst will do is take a look at the Import Address Table (IAT) once they have unpacked sample and see if the IAT gives any clues as to how the malware may behave.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #Fuzzing #Programming
📗 Fuzzing Python code using pythonfuzz
In this course, I will first select a popular Python package and find some code source example using interesting methods to fuzz. Then, I’ll explains how to create a pythonfuzz fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Fuzzing Python code using pythonfuzz
In this course, I will first select a popular Python package and find some code source example using interesting methods to fuzz. Then, I’ll explains how to create a pythonfuzz fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering
📗Binary Analysis Course
Analysing malware is daunting at first sight, as there are many questions but very little answers. The information security community provides information to researchers, both publicly and privately. Most reports, however, focus on the outcome of the research, rather than the process.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Binary Analysis Course
Analysing malware is daunting at first sight, as there are many questions but very little answers. The information security community provides information to researchers, both publicly and privately. Most reports, however, focus on the outcome of the research, rather than the process.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Misc #Github #MalwareAnalysis
📗MalwareAnalysis101
Some malware samples or suspicious files I found and their reports.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗MalwareAnalysis101
Some malware samples or suspicious files I found and their reports.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis
📗Diving into sandbox-captured malware data
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Diving into sandbox-captured malware data
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #Security
📗Advanced Persistent Threat Groups
FireEye pays special attention to advanced persistent threats (APT) groups that receive direction and support from an established nation state.
APT39 - Suspected attribution: Iran
APT35 - Suspected attribution: Iran
APT34 - Suspected attribution: Iran
APT33 - Suspected attribution: Iran
APT41 - Suspected attribution: China
APT40 - Suspected attribution: China
🌐 Link - Another Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗Advanced Persistent Threat Groups
FireEye pays special attention to advanced persistent threats (APT) groups that receive direction and support from an established nation state.
APT39 - Suspected attribution: Iran
APT35 - Suspected attribution: Iran
APT34 - Suspected attribution: Iran
APT33 - Suspected attribution: Iran
APT41 - Suspected attribution: China
APT40 - Suspected attribution: China
🌐 Link - Another Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
❤1👍1
#Article #Exploiting #Linux #Kernel
📗 Linux Kernel Exploitation 0x1 - Smashing Stack Overflows in the Kernel
Hi folks this blog post is part of a series in which I'm running through some of the basics when it comes to kernel exploit development for Linux. I've started off the series with a walk through of how to setup your kernel for debugging and included a simple debug driver to target. The post here carries on from this point and explores some stack security paradigms in the kernel.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 Linux Kernel Exploitation 0x1 - Smashing Stack Overflows in the Kernel
Hi folks this blog post is part of a series in which I'm running through some of the basics when it comes to kernel exploit development for Linux. I've started off the series with a walk through of how to setup your kernel for debugging and included a simple debug driver to target. The post here carries on from this point and explores some stack security paradigms in the kernel.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Github #fuzzill #Fuzzing
fuzzilli - A JavaScript Engine Fuzzer
A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language ("FuzzIL") which can be mutated and translated to JavaScript.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
fuzzilli - A JavaScript Engine Fuzzer
A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language ("FuzzIL") which can be mutated and translated to JavaScript.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #WinDbg
📗 WinDbg Preview - What's New
WinDbg Preview is the latest version of WinDbg with more modern visuals, faster windows, a full-fledged noscripting experience, built with the extensible debugger data model front and center. WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands, extensions, and workflows you're used to will still work as they did before.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
📗 WinDbg Preview - What's New
WinDbg Preview is the latest version of WinDbg with more modern visuals, faster windows, a full-fledged noscripting experience, built with the extensible debugger data model front and center. WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands, extensions, and workflows you're used to will still work as they did before.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_