Browsing tag
B2R2 is a collection of useful algorithms, functions, and tools for binary analysis, written purely in F# (in .NET lingo, it is purely managed code). B2R2 has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2’s original name was B2-R2, but we decided to use the name […]
Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? (Example: https://github.com/mubix/vt-notify) Feel somewhat safer with Recomposer! Recomposer will take your binary and randomly do the following: Change the file name Change the section names Change the section flags […]
Use this IDA python plugin to scan your binary with yara rules. All the yara rule matches will be listed with their offset so you can quickly hop to them! All credit for this plugin and the code goes to David Berard (@p0ly) This plugin is copied from David’s excellent findcrypt-yara plugin. This plugin just […]
Console Application designed to interact with SharpSploit released by @cobbr_io SharpSploit is a tool written by @cobbr_io that combines many techniques/C# code from the infosec community and combines it into one sweet DLL. It’s awesome so check it out! Description SharpSploit Console is just a quick proof of concept binary to help penetration testers or […]
We all have to search through text files for strings from time to time. But what about when you need to search through a binary file for bits of text? Most of us don’t have to do that often, if ever. For those of you that haven’t tried it before, it’s not the easiest thing […]
Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool […]
Decodify can detect and decode encoded strings, recursively. Its currently in beta phase. Lets take this string : teamultimate.in and encode it with Hex, URL, Base64 and FromChar encoding, respectively. Supported Encodings and Encryptions Caesar ciphers Binary Hex Decimal Base64 URL FromChar MD5 SHA1 SHA2 Decoding Caesar Cipher You can supply the offest by –rot […]
Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and […]