Search the Community

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only one, but reliable and trustworthy lessmsi. However, lessmsi doesn't implement features I was looking for: quick triage Binary data extraction YARA scanning Hence this is where msidump comes into play. Here we can see that input MSI is injected with suspicious VBScript and contains numerous executables in it. Now we want to take a closer look at this VBScript by extracting only that record. [Hidden Content]

Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series of information from a given APK package, such as: List of files of the APK: file name, size, MD5, SHA-1, SHA-256 and SHA-512 AndroidManifest.xml info: app name, package name, version, sdks, permissions, activities, services, broadcast-receivers, ... CERT.RSA/DSA digital certificate info: serial number, validity, fingerprint, issuer and owner List of URLs, shell commands and other generic strings hard-coded into the classes.dex files Furthermore, NinjaDroid uses apktool and dex2jar to extract and store: JSON report file, which contains all the extracted APK info AndroidManifest.xml file (thanks to apktool) CERT.RSA/DSA digital certificate file classes.dex files translated .jar file (thanks to dex2jar) disassembled smali files (thanks to apktool) assets/ and res/ folders together with their content (thanks to apktool) [hide][Hidden Content]]

NinjaDroid NinjaDroid is a simple tool to reverse engineering Android APK packages. Overview: NinjaDroid uses a modified version of the Androguard AXMLParser (by Anthony Desnos) together with a series of other Python scripts (by Paolo Rovelli) based on aapt, keytool, string, and such to extract a series of information from a given APK package, such as: APK file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); App info (e.g. app name, package name, version, lists of permissions, list of Activities/Services/BroadcastReceivers, etc…); Digital certificate info (e.g. validity, serial number, fingerprint MD5, SHA-1, SHA-256, and signature), including certificate issuer/owner info (e.g. name, email, company, country, etc…); All the strings hard-coded into the classes.dex file; The URLs and shell command hard-coded into the classes.dex file; AndroidManifest file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); classes.dex file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); CERT.RSA/DSA file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); List of file entries (i.e. file name, file size, MD5, SHA-1, SHA-256, and SHA-512) in the APK package. Furthermore, NinjaDroid uses apktool and dex2jar, together with other Python scripts in order to extract from an APK package: classes.dex file; translated .jar file (thanks to dex2jar); disassembled smali files (thanks to apktool); AndroidManifest.xml file (thanks to apktool); CERT.RSA file; assets/ and res/ folders together with their content (thanks to apktool ); JSON and HTML report files, which contains all the extracted APK metadata. [hide][Hidden Content]]

Overview: NinjaDroid uses a modified version of the Androguard AXMLParser ([Hidden Content]) together with a series of other Python scripts (by Paolo Rovelli) based on aapt, keytool, string and such to extract a series of information from a given APK package, such as: APK file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); App info (e.g. app name, package name, version, lists of permissions, list of Activities/Services/BroadcastReceivers, etc...); Digital certificate info (e.g. validity, serial number, fingerprint MD5, SHA-1, SHA-256 and signture), including certificate issuer/owner info (e.g. name, email, company, country, etc...); All the strings hard-coded into the classes.dex file; The URLs and shell commands hard-coded into the classes.dex file; AndroidManifest file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); classes.dex file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); CERT.RSA/DSA file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); List of file entries (i.e. file name, file size, MD5, SHA-1, SHA-256 and SHA-512) in the APK package. Furthermore, NinjaDroid uses apktool ([Hidden Content]) and dex2jar ([Hidden Content]), together with other Python scripts in order to extract from an APK package: classes.dex file; translated .jar file (thanks to dex2jar); disassembled smali files (thanks to apktool); AndroidManifest.xml file (thanks to apktool); CERT.RSA file; assets/ and res/ folders together with their content (thanks to apktool); JSON and HTML report files, which contains all the extracted APK metadata. [hide][Hidden Content]]

Arcane Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessary resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device. [hide][Hidden Content]]

Site: Reship.com Proxies: Yes Combos: Mail:Pass Platform: OpenBullet Captures Packages [HIDE][Hidden Content]]