Sojobo - A Binary Analysis Framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries the project is self contained. With Sojobo you can: Emulate a 32 bit PE binary...

GhIDA: Ghidra decompiler for IDA Pro

By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...

Xori - An Automation-Ready Disassembly And Static Analysis Library For PE32, 32+ And Shellcode

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. Acknowledgements: Xori wouldn't exist without inspiration and ideas from the open source community. We are indebted to the work of the Capstone engine and...

Rp++ - Tool That Aims To Find ROP Sequences In PE/Elf/Mach-O X86/X64 Binaries

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O doesn't support the FAT binaries x86/x64 binaries. It is open-source, documented with Doxygen well, I'm trying to.. and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion 10.7.3. Moreover, it ...

Debian DSA-1549-1 : clamav - buffer overflows

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0314 Damian Put discovered that a buffer overflow in the handler for PeSpin binaries may lead to the execution of...