Binary Analysis Platform: angr

Binary Analysis Platform angr is a platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish. angr is a suite of python libraries that let you load a binary and do a lot of cool things to it: Disassembly and...

Obfuscated String Solver: Floss

Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key...

Binary Analysis IDE: BinDiff

BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code. It is used by security researchers and engineers across the globe to identify and isolate fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versio...

CTF-Tools - Some setup scripts for security research tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. Installers for the following tools are included: Category | To...

FLARE Script Series: Automating Obfuscated String Decoding

Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering FLARE script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an...

Viper - A binary management and analysis framework dedicated to malware and exploit researchers

Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you created or found over the time to facilitate your daily research. Think of it as a...

Winamp 5.6 - Arbitrary Code Execution in MIDI Parser

No description provided by source. http://www.kryptoslogic.com/advisories/2010/kryptoslogic-winamp-midi.txt PoC: https://www.exploit-db.com/sploits/15706.c ==-===-=====-=======-===========-=============-================= Winamp 5.6 Arbitrary Code Execution in MIDI Parser Kryptos Logic, December...

Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution

No description provided by source. !-- | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 3 Binary Analysis | | | | || / \ || | | | || ||// \/|/ Title : Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Version : UfPBCtrl.DLL...

Microsoft MPEG Layer-3 - Remote Command Execution Exploit

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 5 Binary Analysis | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow/...

Apple QuickTime FlashPix NumberOfTiles - Remote Code Execution Vulnerability

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 2 Binary Analysis | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/apple-quicktime-flashpix-numberoftiles-vulnerability/ ''' ''' Title : Apple QuickTime...

MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011)

No description provided by source. / Exploit Title: MS11-011CVE-2011-0045: MS Windows XP WmiTraceMessageVa Integer Truncation Vulnerability PoC Date: 2011-03-01 Author: Nikita Tarakanov CISS Research Team Software Link: Version: prior to MS11-011 Tested on: Win XP SP3 CVE : CVE-2011-0045 Status :...

[Capstone] Ultimate Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features Support hardware architectures: ARM, ARM64 aka ARMv8, Mips & X86 more details...

[CrowdRE] Reverse Engineering Tool

A new project called CrowdRE aims to make it easy for the reverse engineering of complex applications working in collaboration with other users. Normally, the process reversing software from a complicated binary can consume much time, CrowdRE will help accelerate this process through teamwork...

NSA bought Hacking tools from 'Vupen', a French based zero-day Exploit Seller

The US government, particularly the National Security Agency has been paying a French security firm for backdoors and zero day hacks. According to a contract newly released in response to a Freedom of Information request, last year the NSA purchased a 12-month subscription to a "binary analysis a...

NSA bought Hacking tools from 'Vupen', a French based zero-day Exploit Seller

The US government, particularly the National Security Agency has been paying a French security firm for backdoors and zero day hacks. According to a contract newly released in response to a Freedom of Information request, last year the NSA purchased a 12-month subscription to a “binary analysis a...

NSA Bought Exploit Service From VUPEN, Contract Shows

The U.S. government–particularly the National Security Agency–are often regarded as having advanced offensive cybersecurity capabilities. But that doesn’t mean that they’re above bringing in a little outside help when it’s needed. A newly public contract shows that the NSA last year bought a...

VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063)

Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass Pwn2Own 2013 / MS13-063 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free MS13-028 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the...

[Dexter] A Free Tool for Mobile (Android) Malware Analysis

Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities. .png Dexter combines manual and automatic static program analysis to provide a better...

VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability

VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced b...