Browsing tag
HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging mechanisms, but instead, it uses […]
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019). Briefly, it will listen for incoming connection on port 5985 faking a real WinRM service. It’s just a […]
A utility to analyze malicious JavaScript. Installation Simply install box-js from npm: npm install box-js –global Usage Looking to use box-js with Cuckoo? Use cuckoo-package.py as an analysis package. Let’s say you have a sample called sample.js: to analyze it, simply run box-js sample.js Chances are you will also want to download any payloads; […]
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application […]
Microsoft has open-sourced TensorWatch, a debugging and visualization tool aimed at reducing the complexities of artificial intelligence projects. It focuses more on one crucial part of the development process in particular and that is debugging. Getting rid of errors is one of the most time-consuming jobs in software projects. Especially when it comes to AI […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code, debugging programs, attaching to remote […]
BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To use BlobRunner, you can download the compiled executable […]
Just a simple (poorly written) Python script that aimlessly “browses” the internet by starting at pre-defined rootURLs and randomly “clicking” links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. The only issue is that my simulation environment uses […]
GOWPT is the younger brother of wfuzz a swiss army knife of WAPT, it allow pentester to perform huge activity with no stress at all, just configure it and it’s just a matter of clicks. How to install To install gowpt just type: make sudo make install Usage From the -h menu Usage of gowpt: […]
Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the […]
ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Installation & Usage Requirements Minimum OS: Ubuntu 14.04 LTS (Desktop or Server) We are actively testing against other […]
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb […]
For whatever reason, you want to set up a mobile device for hacking – or debugging. Search for a device that offers a solid base for mounting, hacking, debugging and testing. Also try to find a device that’s compatible with CyanogenMod OS. Revamping old mobile devices is the cheapest option. Installing CyanogenMod OS This process […]
Apktool is used for reverse engineering 3rd party Android apps. Debugging is made easier with Apktool’s ability to decrypt properties to their practically original forms. By rebuilding the properties post alteration, a user can gradually debug a smali code. Kali lists the features of apktool: decoding resources to nearly original form (including resources.arsc, XMLs and […]