Malware Analysis Tutorials: a Reverse Engineering Approach - Cодержание (Перевод Prosper-H, coldfire, ximera) Corkami - reverse engineering experiments and documentations. Unwind/unwind at master · evanw/unwind. SWF Investigator / Code / [r11] SWF Investigator. Recent Updates May 22, 2013 — Preview 5 of the SWF Investigator is now available.
Jsunpack-n emulates browser functionality when visiting a URL.
UsageHow does it work? More info Google code project Download it! Follow peepdf on Twitter! What is this? Peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. Usage. [Python] ttfFromDocx. PDF Tools. I produced screencasts for my pdfid and pdf-parser tools, you can find them on Didier Stevens Labs products page. There are translations of this page, see bottom.
Static analysis of a CVE-2011-2462 PDF exploit. CVE-2011-2462 was published more than one month ago.
So we have several objects to explore, let's start from the /AcroForm element (object 4): So we take a look at page 3 of the document: Radare. And finally... Bokken 1.5. Once the development has finished, radare2 0.9 has been released and the project site has been updated, the moment has arrived: Bokken 1.5 is here!
Take a look at the previous post to read some of the new features of this release and keep reading to see most of them in detail; for the rest... install Bokken and enjoy them! As mentioned before, one of the most important features added is the support of radare2 as backend. So now Bokken can work with either Pyew or Radare, each one having its own advantages and drawbacks. Most of the development efforts for this release have gone to improve the GUI in order to make it cleaner and easier to use. The disassembly view has gained in interactivity, and now it features, among others: Code navigation by clicking over: functions, basic blocks, address, section names, etc...Add comments, view and follow xrefs or view opcode information by right-clicking on a code line.
Other plugins added are: Windows Disassembler. Download PEBrowse64 Professional. for Vista64, Windows 7 (64-bit) and Windows 8 (64-bit)MSI file, 1,193 KBSHA256: 65ebc51dcf3ed5d184dfce2d8d2777c3a861206c6cc940ab5625b06bd43e9195PEBrowse Professional. for all versions of WindowsZIP file, 1,665 KBSHA256: 6465a1585938327cc03569785aca0b6a74ef7599425dbb006bc81eec4c3d4fc6.
IDA: About. What is IDA all about?
IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all. Just grab an evaluation version if you want a test drive. IDA + gdb remote debugging. In part 2 of this series we found a SQL injection vulnerability using static analysis.
However, it is often advantageous to debug a target application, a capability that we’ll need when working with more complex exploits later on. In this segment we won’t be discovering any new vulnerabilities, but instead we will focus on configuring and using our debugging environment. For this we will be using Qemu and the IDA Pro debugger. If you don’t have IDA you can use insight/ddd/gdb instead, but in my experience IDA is far superior when it comes to embedded debugging. Our target binaries from the TEW-654TR are little endian MIPS, so we need an emulator in order to run them on our host system. But before you go grab the latest version of Qemu from your distro’s repositories, keep in mind that our MIPS binaries are dynamically linked to MIPS libraries. BinDiff. Zynamics BinDiff uses a unique graph-theoretical approach to compare executables by identifying identical and similar functions Description BinDiff is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
With BinDiff you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement. Screenshots. DarunGrim: A Patch Analysis and Binary Diffing Tool. Scriptable version of DarunGrim3. Binwalk - Firmware Analysis Tool. As of 2013-11-15, binwalk is no longer maintained on GoogleCode.
The code repository has moved to and all future releases and updates will be posted at binwalk.org. The GoogleCode repository remains for historical purposes only. Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including: PEdump. NtQuery/Scylla. [android] wuntee/otertool - GitHub. Powered by Google Docs. NETZOB: A Protocol Reverse Engineering Tool.
Hyperdbg - A kernel debugger that leverages hardware-assisted virtualization. HyperDbg is a kernel debugger that leverages hardware-assisted virtualization. More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Compared to traditional kernel debuggers (e.g., WinDbg, SoftIce, Rasta R0 Debugger) HyperDbg is completely transparent to the kernel and can be used to debug kernel code without the need of serial (or USB) cables. For example, HyperDbg allows to single step the execution of the kernel, even when the kernel is executing exception and interrupt handlers.
Compared to traditional virtual machine based debuggers (e.g., the VMware builtin debugger), HyperDbg does not require the kernel to be run as a guest of a virtual machine, although it is as powerful. Free .NET decompiler. DotPeek is a free-of-charge .NET decompiler from JetBrains, the makers of ReSharper and more developer productivity tools. Download dotPeek 1.1.msi installer (27.8 Mb) Decompiling .NET 1.0-4.5 assemblies to C# Exporting decompiled code to Visual Studio projects Support for downloading code from source servers Quick jump to a type, assembly, symbol, or type member Effortless navigation to symbol declarations,implementations, derived and base symbols, and more Accurate search for symbol usageswith advanced presentation of search results Overview of inheritance chains Syntax highlighting Complete keyboard support dotPeek is free!
CODEGATE 2012 Prob #1 - /var/log/smokedchicken.log. I've lost my source code! Fortunately, I have a test program. But, Test program is not perfect.