10 matches found
Dynamic binary instrumentation (DBI) with DynamoRio
This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...
DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior
Dr.Semu runs executables in an isolated environment, monitors the behavior of a process, and based on Dr.Semu rules created by you or the community, detects if the process is malicious or not. whoami:@qazqaz With Dr.Semu you can create rules to detect malware based on dynamic behavior of a proces...
Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS beta written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" in/test python3 manul.py -i in -o out -n 4...
Functrace - A Function Tracer
functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO http://dynamorio.org/. These are some implemented features based on DynamoRIO: disassemble all the executed code disassemble a specific function dump if these are addresses get arguments of a...
drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux
Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...
Hidden for 19 years WinRAR code execution vulnerability-vulnerability warning-the black bar safety net
The researchers found WinRAR logic vulnerabilities that can full access to the victims computer control. The exploit only requires from the compressed file to extract it can work, more than 5 million users affected. More importantly, the vulnerability has been there 19 years, forcing WinRAR...
Dynamic Data Resolver (DDR) - IDA Plugin
This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...
Instruction Trace Visualisation Tool: rgat
An instruction trace visualisation tool intended to help reverse engineers make the link between target behaviour and code. rgat uses dynamic binary instrumentation courtesy of DynamoRIO to produce graphs from running executables. It creates static and animated visualisations in realtime to suppo...
Dynamic Instrumentation Tool Platform: DynamoRIO
Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...
Fuzzing Windows Binaries: WinAFL
AFL is a popular fuzzing tool for coverage-guided fuzzing. The tool combines fast target execution with clever heuristics to find new execution paths in the target binary. It has been successfully used to find a large number of vulnerabilities in real products. For more info about the original...