Lucene search
K

194 matches found

Kitploit
Kitploit
added 2022/03/16 5:29 a.m.48 views

Patching - An Interactive Binary Patching Plugin For IDA Pro

Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow...

7.3AI score
Exploits0References11
Kitploit
Kitploit
added 2022/01/13 8:30 p.m.70 views

AlphaGolang - IDApython Scripts For Analyzing Golang Binaries

AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the methodology an analyst might follow when tackling a Go binary. Scripts are...

7AI score
Exploits0References8
Kitploit
Kitploit
added 2021/12/03 8:30 p.m.21 views

IDA2Obj - Static Binary Instrumentation

IDA2Obj is a tool to implement SBI StaticBinary Instrumentation. The working flow is simple: Dump object files COFF directly from one executable binary. Link the object files into a new binary, almost the same as the old one. During the dumping process, you can insert any data/code at any locatio...

7.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/11/15 10:21 a.m.30 views

North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researche...

6.6AI score
Exploits0
Kitploit
Kitploit
added 2021/11/07 8:30 p.m.16 views

Hashdb-Ida - HashDB API Hash Lookup Plugin For IDA Pro

HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our...

7.1AI score
Exploits0References3
FireEye
FireEye
added 2021/07/19 12:0 a.m.162 views

capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

6.7AI score
Exploits0References24
Securelist
Securelist
added 2021/04/05 10:0 a.m.896 views

The leap of a Cycldek-related threat actor

Introduction In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropp...

9.3CVSS7.9AI score0.93289EPSS
Exploits7
Kitploit
Kitploit
added 2021/03/06 11:30 a.m.137 views

uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86 , x64 , ARM , ARM64 , MIPS , MIPS64 What is it GOOD for? Emulate bare metal code bootloaders, embedded firmware etc Emulate standalone functions What is it BAD for? Emulate...

7.6AI score
Exploits0References1
Gitee
Gitee
added 2021/02/22 11:14 p.m.6 views

uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/12/17 6:57 a.m.26 views

Talos tools of the trade

By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we...

0.7AI score
Exploits0
Kitploit
Kitploit
added 2020/08/11 12:30 p.m.65 views

PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View

Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...

6.8AI score
Exploits0References5
Securelist
Securelist
added 2020/07/21 10:0 a.m.24 views

GReAT thoughts: Awesome IDA Pro plugins

The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...

7.1AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2020/07/09 12:0 a.m.34 views

How to unc0ver a 0-day in 4 hours or less

By Brandon Azad, Project Zero At 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 the latest signed version at the time of release using a zero-day vulnerability and heavy obfuscation. By 7 PM, I had identified the vulnerability and informed Apple. By 1 AM, I had sent App...

10CVSS8.6AI score0.02714EPSS
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/30 11:27 p.m.16 views

Part two: Reverse engineering and patching with Ghidra

In the first installment of our three-part blog series we learned how to root the Flashforge Finder 3D printer and acquire its firmware. In this post, we will delve into reverse engineering and patching the software using the new open source NSA tool Ghidra, which rivals its expensive competitors...

7AI score
Exploits0
Securelist
Securelist
added 2020/04/22 10:0 a.m.39 views

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

1AI score
Exploits0
FireEye
FireEye
added 2020/04/07 4:0 p.m.24 views

Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation

This blog post continues the FLARE script series with a discussion of patching IDA Pro database files IDBs to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in...

7.7AI score
Exploits0References7
Kitploit
Kitploit
added 2020/01/22 8:30 p.m.96 views

YARASAFE - Automatic Binary Function Similarity Checks with Yara

SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper:...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/16 8:30 p.m.126 views

Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support

IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG...

7.3AI score
Exploits0References2
Talos Blog
Talos Blog
added 2019/10/10 9:24 a.m.110 views

New IDA Pro plugin provides TileGX support

By Jonas Zaddach Overview Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that target TileGX. We started developing this tool after the VPNFilter campaign last...

0.4AI score
Exploits0
FireEye
FireEye
added 2019/10/03 5:0 p.m.17 views

IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software

Introduction This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing something quite unusual. It is not a tool or a virtual machine distribution, nor is it a plugin or script for a popular reverse engineering tool or...

0.2AI score
Exploits0References7
Rows per page
Query Builder