Search the Community

Showing results for tags 'reverse'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 89 results

  1. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions [hide][Hidden Content]]
  2. Tenet – A Trace Explorer for Reverse Engineers Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to research new or innovative methods to examine and distill complex execution patterns in software. For more context about this project, please read the blogpost about its initial release. Changelog v0.2 + Features |- Overhauled Tenet’s breakpoint / selection / navigation model to be more explicit |- Tenet will now attempt to automatically resolve ASLR mappings with basic trace analysis |- Added a cell-based drawing mode that is used when zoomed in far enough on the tracebars |- Added !last command to the ‘timestamp shell’ to jump to the last ‘navigable’ trace address |- What The Fuzz ([Hidden Content]) added native support for Tenet traces + Minor Changes |- Tracebars now draw ‘un-navigable’ regions of the trace grey (such as library/external calls) |- Tenet will now stay on the last ‘navigable’ mapped address when stepping through unmapped regions |- Improved the selection behavior and interaction with ‘zooming’ on tracebars |- Improved the selection behavior in the memory dump view (stack still needs work…) |- Both ‘code’ and ‘memory’ breakpoints can be active at the same time now, not just one |- Added more fine-grained right-click controls for interacting with ‘region’ breakpoints |- Added various right-click ‘Clear … breakpoints’ to the mem, trace, and reg views |- Highlighting and double clicking a region of memory will now set a region access breakpoint |- Double clicking ’empty’ space in the mem / reg views can be used to automatically clear breakpoints |- Updated theme subsystem and colors a little bit to be more consistent |- A little bit of code and comment cleanup, but not a lot + Bugfixes |- Tenet now ensures a selected text trace will be parsed if a packed trace does not actually match it |- A bug could cause Tenet to show wrong register values towards the end of a trace segment |- Step-over / reverse step-over could fail near the start/end of the trace |- Fixed a bug that could cause the sample pin tracer to crash from uninitialized memory |- mrexodia fixed a bug that could cause the pin tracer to crash on the fxsave instruction |- Fixed / eliminated several misc UI / selection bugs through simple refactoring [hide][Hidden Content]]
  3. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions [hide][Hidden Content]]
  4. Features -> Create a hidden service -> Generate non-staged payload (python/meterpreter_reverse_http) -> Convert url using Tor2Web: a final extension .ws will be added, so url becomes available outside tor network -> Generate batch .rc file for msfconsole [hide][Hidden Content]]
  5. Description ـــــــــــــــــــــــــــــــــــــ In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation. Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons. Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone interested in Reverse Engineering and Exploit Development Requirements ـــــــــــــــــــــــــــــــــــــــــــ This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. [hide][Hidden Content]]
  6. You can make reverse shells ^-^ TCPPortFlooder is simple TCP flooder. If you want to flood target and you have linux machine use "TCPPortFlooder_Linux" If you want to flood target and you have windows machine use "TCPPortFlooder_Windows" [hide][Hidden Content]]
  7. Big Data

    Reverse Engineering Ransomware

    Description ـــــــــــــــــــــــــ The aim of this course is to provide a practical approach to analyzing ransomware. Working with real world samples of increasing difficulty, we will: Deep dive into identifying the encryption techniques, Navigate through various evasion tricks used by malware writers, Have fun discovering flaws in their logic or the implementation and Work out automated ways to recover the affected files. If you're already familiar with the basics and want to dive straight into advanced samples, navigate anti-virtualisation and anti-analysis tricks, and write C and Python decryptors for custom crypto algorithms, please check out our Advanced Reverse Engineering Ransomware course! Requirements ــــــــــــــــــــــــــــــــ -Basic programming knowledge -A computer that can run a Windows virtual machine. -An interest in disassembling things and understanding how they work! -Patience and perseverance to “try harder”. Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــــ -Security testers -Malware analysts -Forensics investigators -System administrators -Information security students -Anyone interested in ransomware and malware analysis [hide] [Hidden Content]]
  8. What? This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this program, you'll have to ways to access the tools: Double-click the retoolkit icon in the Desktop. Right-click on a file, choose Send to -> retoolkit. This way the selected file is passed as argument to the desired program. Why do I need it? You don't. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it can probably save you some time. Additionally, the tools come pre-configured so you'll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you're setting up a new analysis VM. 2021d Better organization based on target file type. Removed Start Menu shortcuts. New context menu (right-click on a file -> Send to -> retoolkit). fasm now opens .asm files if you double-click on them. Tools added: JADX, Cutter and PE-sieve. Tools upaded to the latest version. Updated Error Lookup tool to a different one, with more features. A few tools have their path added to user's PATH environment variable. New icon. Thanks to @pauloarruzzo. [hide][Hidden Content]]
  9. Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series of information from a given APK package, such as: List of files of the APK: file name, size, MD5, SHA-1, SHA-256 and SHA-512 AndroidManifest.xml info: app name, package name, version, sdks, permissions, activities, services, broadcast-receivers, ... CERT.RSA/DSA digital certificate info: serial number, validity, fingerprint, issuer and owner List of URLs, shell commands and other generic strings hard-coded into the classes.dex files Furthermore, NinjaDroid uses apktool and dex2jar to extract and store: JSON report file, which contains all the extracted APK info AndroidManifest.xml file (thanks to apktool) CERT.RSA/DSA digital certificate file classes.dex files translated .jar file (thanks to dex2jar) disassembled smali files (thanks to apktool) assets/ and res/ folders together with their content (thanks to apktool) [hide][Hidden Content]]
  10. Description ـــــــــــــــــــــــــــ If you are completely new to reverse engineering and malware analysis, then this course is for you. I will take you from zero to proficient level in reverse engineering and analyzing malware. You will learn using plenty of practical walk-throughs. We will learn the basics first then gradually proceed to more advanced topics. All the needed tools will be introduced and explained. By the end of this course, you will have the fundamentals of malware analysis under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained in reverse engineering and analysis would be beneficial to you to reverse software as well. Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along. We will use tools like tridnet, bintext, pestudio, cff explorer, regshot, procdot, fakenet, wireshark, process monitor, process hacker, xdbg, Ghidra and more... Topics include: ـــــــــــــــــــــــــــــــ -Lab Setup -Tools -OS Fundamentals -Virtual Memory and the PE file -Windows Internals -Malware Components -Static analysis -Dynamic Analysis -Network Analysis -Unpacking Standard and Custom packers -Dumping memory and more... This course is suitable for: ــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone who has no background on malware analysis and just starting out in this field Hobbyist who just like to learn how to reverse engineer and analyze malware Students who like to get started on the career path to become malware analysts Hackers looking for additional tools and techniques to reverse software The prerequisites: ــــــــــــــــــــــــــــــــــــــــ Just a windows PC and an interest in malware analysis, or software reverse engineering. What you’ll learn ـــــــــــــــــــــــــــــــــــــ -Flare VM Lab Setup -OS fundamentals -Windows API -Virtual Memory -PE file structure -Static Analysis -Dynamic Analysis -Network Analysis -Memory Analysis -Identifying Standard and Custom Packers -Unpacking Packed Malware -Debugging Malware -Analysing Malware using Ghidra -Dumping memory and more... Are there any course requirements or prerequisites? ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Windows PC Interest in malware analysis or reverse engineering Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone who has no background on malware analysis and just starting out in this field Hobbyist who just like to learn how to reverse engineer and analyze malware Students who like to get started on the career path to become malware analysts Hackers looking for additional tools and techniques to reverse software [hide][Hidden Content]]
  11. Doldrums is a reverse engineering tool for Flutter apps targetting Android. Concretely, it is a parser and information extractor for the Flutter/Dart Android binary, conventionally named libapp.so, for all Dart version 2.10 releases. When run, it outputs a full dump of all classes present in the isolate snapshot. The tool is currently in beta, and missing some deserialization routines and class information. If it does not work out-of-the-box, please let me know. [Hidden Content]
  12. Bytecode Viewer v2.10.14 - Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. It’s written completely in Java, and it’s open source. It’s currently being maintained and developed by Konloch. There is also a plugin system that will allow you to interact with the loaded classfiles, for example, you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. Code from various projects has been used, including but not limited to: J-RET by WaterWolf JHexPane by Sam Koivu RSynaxPane by Robert Futrell Commons IO by Apache ASM by OW2 FernFlower by Stiver Procyon by Mstrobel CFR by Lee Benfield CFIDE by Bibl Smali by JesusFreke Dex2Jar by pxb1..? Krakatau by Storyyeller JD GUI/JD Core by The Java-Decompiler Team Enjarify by Storyyeller Key Features: Krakatau Integration for Bytecode assembly/disassembly. Smali/BakSmali Integration – You can now edit class files/dex files via smali! APK/DEX Support – Using Dex2Jar and Jar2Dex it’s able to load and save APKs with ease! Java Decompiler – It utilizes FernFlower, Procyon, and CFR for decompilation. Bytecode Decompiler – A modified version of CFIDE’s. Hex Viewer – Powered by JHexPane. Each Decompiler/Editor/Viewer is toggleable, you can also select what will display on each pane. Fully Featured Search System – Search through strings, functions, variables and more! A Plugin System With Built-In Plugins – (Show All Strings, Malicious Code Scanner, String Decrypters, etc) Fully Featured Scripting System That Supports Groovy. EZ-Inject – Graphically insert hooks and debugging code, invoke main and start the program. Recent Files & Recent Plugins. And more! Give it a try for yourself! Changelog v2.10.14 Improved translations Thanks to @ThexXTURBOXx @TechComet @antonymcgreen @liuxilu @cn-fairy Added javap disassembler Automatic python path detection Improved plugin console Cleaned up settings dialogue Dynamic width Hex-Viewer Better resource handling Lots of code cleanup Patched a few Security Manager escapes Bug fixes and general improvements Thanks to @ThexXTURBOXx Bugs! Expect issues with this release, please report them! [hide][Hidden Content]]
  13. Learn to use IDA Pro Free to do Reverse Engineering on Linux and Windows What you'll learn Reverse Engineering Assembly Language Remnux Linux IDA Windows IDA File, Strings and Hexeditor Analysis Converting Data, Renaming Labels and Variables Inserting Comments Creating Data Structures Decompiling Binary to C code Debugging using IDA Patching Files Register and Memory Analysis Python Scripting For Reversing Algorithms Creating Keygens Cracking Windows Crackmes Reversing Jumps Using NOPs to disable instructions Extending Trial Period beyond 30 days Intermodular Call Method Dynamic Analysis to Confirm Algorithms Linux and Windows API Algorithm Analysis and Testing Creating Keygens Setting breakpoints and stepping through code and more Requirements Basic Assembly Language , C Programming and Python would be useful Windows PC Familiar with basic Linux commands Description If you are a beginner to Reverse Engineering and want to learn how to use IDA Pro to reverse engineer and analyze Linux and Windows programs, then this is the course for you. In this course, you will a CTF (Capture The Flag) game -for Linux whilst learning reverse engineering. This makes learning fun and exciting.This will teach you all the basic skills for reversing on IDA, eg, how to rename labels, insert comments, convert data, create functions and analyze assembly code. We will use the Free version of IDA so that anyone can follow along without spending money to buy the Pro version. After that we will move to Windows and Reverse Engineer five Windows Crackme's. IDA Pro is one of the most widely used Disassembler for Reverse Engineering, Malware Analysis and Exploits analysis. In this course we will learn IDA by solving Linux and windows CrackMe. A CrackMe is a small program designed to test a programmer's reverse engineering skills. This course is an introduction to Reverse Engineering for anyone who wants to get started in this field. It is suitable for software developers who want to learn how software works internally. This course will equip you with the knowledge and skill to use IDA in addition to whatever other tools you might already be familiar with. It is also suitable for absolute beginners with no knowledge of reversing, as I will take you from zero to basics. I will start off with showing you how to install Oracle Virtual Box. Then, installing Remnux Linux in the Virtual Box followed by IDA for Linux. Then, we will reverse engineer Linux executable files. In a later section, we will move to installing IDA on Windows and continue learning how to reverse engineer windows files using IDA. By the end of this course, you will have the basic skills to start reversing and analyzing Linux and Windows binaries using IDA. What you will learn: How to disassemble programs into assembly code How to decompile programs to C code Static Analysis Dynamic Analysis using IDA's Debugger Patch files using IDA Understand Linux and Windows API's Identify entry points and functions Using NOPs and Reversing Jumps Reverse Crackmes and Patch them Learn to Assemble Instructions and Patch Bytes Algorithm Analysis and Testing Using Python to create solutions and keygens to crackmes and more Suitable for: Anyone interested to learn to use IDA for Reverse Engineering Linux and Windows executable files. Students thinking of getting into Reverse Engineering or Malware Analysis as a Career Path Prerequisite: Assembly Language, C Programming and Python would be helpful Windows PC Basic Linux Commands Who this course is for: Anyone interested to learn to use IDA for Reverse Engineering Linux & Windows executables Students thinking of getting into Reverse Engineering or Malware Analysis as a Carreer Path [Hidden Content] [hide][Hidden Content]]
  14. Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. It’s written completely in Java, and it’s open source. It’s currently being maintained and developed by Konloch. There is also a plugin system that will allow you to interact with the loaded classfiles, for example, you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. Code from various projects has been used, including but not limited to: J-RET by WaterWolf JHexPane by Sam Koivu RSynaxPane by Robert Futrell Commons IO by Apache ASM by OW2 FernFlower by Stiver Procyon by Mstrobel CFR by Lee Benfield CFIDE by Bibl Smali by JesusFreke Dex2Jar by pxb1..? Krakatau by Storyyeller JD GUI/JD Core by The Java-Decompiler Team Enjarify by Storyyeller Key Features: Krakatau Integration for Bytecode assembly/disassembly. Smali/BakSmali Integration – You can now edit class files/dex files via smali! APK/DEX Support – Using Dex2Jar and Jar2Dex it’s able to load and save APKs with ease! Java Decompiler – It utilizes FernFlower, Procyon, and CFR for decompilation. Bytecode Decompiler – A modified version of CFIDE’s. Hex Viewer – Powered by JHexPane. Each Decompiler/Editor/Viewer is toggleable, you can also select what will display on each pane. Fully Featured Search System – Search through strings, functions, variables and more! A Plugin System With Built-In Plugins – (Show All Strings, Malicious Code Scanner, String Decrypters, etc) Fully Featured Scripting System That Supports Groovy. EZ-Inject – Graphically insert hooks and debugging code, invoke main and start the program. Recent Files & Recent Plugins. And more! Give it a try for yourself! Changelog v2.10.13 Notable Changes Translated Into 25 Languages Including: Arabic, German, Japanese, Mandarin, Russian, Spanish – Thank you to everyone who helped provide translations! (Expect some translation issues, if you encounter any please help us fix them!) Plugin Writer: Create and edit external plugins from within BCV Fixed Krakatau & Smali Disassembler/Assembler Fixed Java & Bytecode Editing/Compiling Lots of code cleanup Bug fixes and general improvements [hide][Hidden Content]]
  15. itsMe

    PHP Reverse Shell

    Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works on Linux OS and macOS with /bin/sh and Windows OS with cmd.exe. Script will automatically detect an underlying OS. Works with both ncat and multi/handler. Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit). Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit). Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit). In addition, everything was tested on Docker images nouphet/docker-php4 with PHP v4.4.0 and steeze/php52-nginx with PHP v5.2.17. Made for educational purposes. I hope it will help! [hide][Hidden Content]]
  16. Reverse Engineers’ Hex Editor A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating-point value types Inline disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparison of selections Lua scripting support (API reference here) Virtual address mapping support [hide][Hidden Content]]
  17. A Beginner's Course on Reverse Engineering and Analyzing Malicious .NET and Java Executable Files What you'll learn Decompiling .NET and Java Binaries De-obfuscation of .NET and Java Code Analyzing .NET and Java Malware Detecting Malware Artifacts and Indicators of Compromise Using Flare-VM Malware Analysis Tools Disassembling .NET binary to IL language Decompiling .NET binary to C# or VBNET Static Analysis of .NET and Java Executable Dynamic Analysis and Debugging using dnSpy Setting up Malware Analysis Lab Analyzing Ransomware Analyzing Spyware Trojans and Info-Stealers Identifying Native Files vs .NET and Java Files Decompiling Java Bytecode to Java Source Reverse Engineering Analyzing Cross Platform RATs and more... Requirements Windows PC Interest in Malware Analysis Knowledge of C# and Java would be helpful Description New malware are being created everyday and poses one of the greatest threat to computer systems everywhere. In order to infect Windows, Linux and Mac OSX, malware authors create cross-platform malware using .NET and Java. This course will introduce you to the basics of how to analyze .NET and Java malware - one of the most common and popular ways to create cross platform malware. If you are a beginner just starting out on malware analysis and wish to gain a fundamental knowledge to analyze .NET or Java malware, then this course is for you. It is a beginner course which introduces you to the technique and tools used to reverse engineer and also analyze .NET and Java binaries. In this course, you will learn how to check and analyze malicious .NET and Java executables for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious .NET and Java binaries. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in reverse engineering and analyzing malware. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of .NET and Java under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check executables for dangers and protect yourself from these attacks. We will use Flare-VM and windows virtual machine. Flare-VM is a popular Windows based Malware Analyst distribution that contains all the necessary tools for malware analysis. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises. Go ahead and enroll now and I will see you inside. Who this course is for: Anyone who has no background in malware analysis and just starting out in this field Hobbyist who just like to learn how to analyze .NET and Java malware Students who like to get started on the career path to become malware analysts Anyone eager to learn how to detect new malware [Hidden Content] [hide][Hidden Content]]
  18. Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. It’s written completely in Java, and it’s open source. It’s currently being maintained and developed by Konloch. There is also a plugin system that will allow you to interact with the loaded classfiles, for example, you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. Code from various projects has been used, including but not limited to: J-RET by WaterWolf JHexPane by Sam Koivu RSynaxPane by Robert Futrell Commons IO by Apache ASM by OW2 FernFlower by Stiver Procyon by Mstrobel CFR by Lee Benfield CFIDE by Bibl Smali by JesusFreke Dex2Jar by pxb1..? Krakatau by Storyyeller JD GUI/JD Core by The Java-Decompiler Team Enjarify by Storyyeller Key Features: Krakatau Integration for Bytecode assembly/disassembly. Smali/BakSmali Integration – You can now edit class files/dex files via smali! APK/DEX Support – Using Dex2Jar and Jar2Dex it’s able to load and save APKs with ease! Java Decompiler – It utilizes FernFlower, Procyon, and CFR for decompilation. Bytecode Decompiler – A modified version of CFIDE’s. Hex Viewer – Powered by JHexPane. Each Decompiler/Editor/Viewer is toggleable, you can also select what will display on each pane. Fully Featured Search System – Search through strings, functions, variables and more! A Plugin System With Built-In Plugins – (Show All Strings, Malicious Code Scanner, String Decrypters, etc) Fully Featured Scripting System That Supports Groovy. EZ-Inject – Graphically insert hooks and debugging code, invoke main and start the program. Recent Files & Recent Plugins. And more! Give it a try for yourself! Changelog v2.10.12 Notable Changes Dark mode (Opt-in) & theme selection thanks to @ThexXTURBOXx XAPK file support Translation process has started Javascript plugin support Bug fixes and general improvements [hide][Hidden Content]]
  19. Description In this course I will walk you through, how you could build a full working python shell without using IP or PORT forwarding method. Hope you will find useful tips to think outside a box when you always try to build your own program. We use the Simple mail transfer protocol, instead of the SOCKET protocol. I was trying to navigate many of the course published on Udemy but didn’t find a course who use SMPT protocol more than in a keylogger apps. So in this course, I try to take this program to next level, and I build a full script that works even better than what we can build using the SOCKET protocol. Just to list some of them you don’t need to use the IP/Port forwarding method to make your program work outside the local area network. SO you could just use this type of shell outside your network as simple as it is. DISCLAIMER this course is for educational purposes only. SMTP servers are complicated, and if you’re just dipping your toe into the how-email-gets-sent world, it’s easy to feel overwhelmed. To help you navigate your email sending, we’ve put together a list of the most common SMTP server questions we receive, so you’ll be an SMTP expert in no time. What is an SMTP server? An SMTP (Simple Mail Transfer Protocol) server is an application that’s primary purpose is to send, receive, and/or relay outgoing mail between email senders and receivers. An SMTP server will have an address (or addresses) that can be set by the mail client or application that you are using. When you send an email, the SMTP server processes your email, decides which server to send the message to, and relays the message to that server. The recipient’s inbox service provider, such as Gmail or AOL then downloads the message and places it in the recipient’s inbox. You can find more details on SMTP servers on our docs page. Is an SMTP server the same as a normal server? Technically, yes. Like most servers, the SMTP server processes data to send to another server, but it has the very specific purpose of processing data related to the sending, receiving, and relaying of email. An SMTP server is also not necessarily on a machine. It is an application that is constantly running in anticipation of sending new mail. Why are SMTP servers important? Without an SMTP server, your email wouldn’t make it to its destination. Once you hit “send,” your email transforms into a string of code that is then sent to the SMTP server. The SMTP server is able to process that code and pass on the message. If the SMTP server wasn’t there to process the message, it would be lost in translation. Additionally, the SMTP server verifies that the outgoing email is from an active account, acting as the first safeguard in protecting your inbox from illegitimate email. It also will send the email back to the sender if it can’t be delivered. This informs the sender that they have the wrong email address or that their email is being blocked by the receiving server. If you’re looking for more information on SMTP, check out our post, SMTP Service Crash Course. Source (sendgrid/blog/what-is-an-smtp-server/) What we learn on this course? on this course we will build fully functional reverse shell, which could work outside your local area network. what makes this program different from others? on this course we build our reverse shell using SMTP protocol instead of using SOCAT protocol. 2w Who this course is for: Anyone who wants to learn about Ethical hacking and Python programming. What you’ll learn Create reverse shell which could work anywhere in the world WITHOUT using your public IP address or PORT forwarding method. [hide][Hidden Content]]
  20. What? This is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this toolkit you’ll have a folder on your desktop with shortcuts to RE tools like these: Why do I need it? You don’t. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it can probably save you some time. Additionally, the tools come pre-configured so you’ll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you’re setting up a new analysis VM. [hide][Hidden Content]]
  21. Introduction to Arm exploitation Part one What you'll learn Arm exploitation Binary exploitation Reverse engineering Basic arm instructions Gdb primer Patching binaries Ghidra,Binary ninja,Hopper etc Exploit development Format string vulnerabilities Ret2zp Attack Nx Bypass Buffer overflow Requirements A PC Basic programming concept(not necessary) Some interest Description Hello, Welcome to the cheapest and first course of Arm exploitation in Udemy.This course is purely for beginners.As you all know arm based devices are becoming more and more prominent these days so its important to learn about the securing them.i made this course highly practical so that it doesn't bore you as you go.This course Only requires just a PC we shouldn't be needing any raspberry pi or anything we will using emulated labs .This course is very basic and if you are already familiar with buffer overflows and format string exploitation this wouldn't be much help to you but still this can help you as a primer and as an introduction to ARM exploitation. This course is focused on Arm v6 vulnerabilities and Exploitation (32 bit ).We will start off with some basic arm instructions and will move to the practical exploitation.The core sections of these course is Reverse engineering and binary exploitation.We will reverse and modify the behaviour of simple crackme programs using Ghidra,Binary ninja,Hopper etc.Then we will move into exploiting various binaries using format string vulnerabilities and buffer overflows.After that we will be look at the protections used by the binaries and bypassing them.We will be using ctf style examples mostly.As this is the part one of the course we will cover everything from the scratch.This course has a 30 day refund policy so even if you dont like this course you can just surely get your money 100%. (NB : Its a ongoing course new contents will be added) I suggest you to watch the sample videos and then deciding to buy this. Who this course is for: Anyone Interested in learning binary exploitation Hackers Ctf players Reverse engineers [Hidden Content] [hide][Hidden Content]]
  22. Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to research new or innovative methods to examine and distill complex execution patterns in software. For more context about this project, please read the blogpost about its initial release. [hide][Hidden Content]]
  23. [hide][Hidden Content]]
  24. [hide][Hidden Content]]
  25. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions Changelog v1.8 Additions Added a new and super fancy splash screen! All resource loading will now be done while this screen is shown Added German localization. Thanks a lot to @tumGER for proof reading! Added Italian localization. Thanks a lot to @CrustySean! Updated ImHex icon with a new one Added FPS limiting ImHex is now less power hungry and lowers its FPS to 5 when the window loses focus Added Paste, Undo and Redo function! This has LONG been overdue Added saving and loading of data processor setups Added data size node to the data processor Added ability to copy values from the data inspector Data overlays now work everywhere This means if the data processor changed the displayed data, this data will also show up in the pattern data view, inspector, analyzer, disassembler and every where else Added parent keyword to the pattern language This allows you to access variables that are found in the parent of the current structure Added array index syntax to r-values in the pattern language This also turned the addressof and sizeof built-in function into operators now so they no longer require “” Added UTF-16 character type and strings to the pattern language Allow nested use of types in the pattern language Added dataSize() function to the pattern language to get the currently loaded data size Added base_address pragma to the pattern language to automatically set the file’s base address Loaded plugins are now displayed on the welcome screen Added slider to entropy graph to quickly skip through the file Added Recent Files to File menu Added ability to lock bookmarks so they can’t be edited anymore until unlocked Added Font Awesome icons in a few places Use correct folder paths on Mac and Linux instead of looking for everything next to the executable Check the README to know where things are supposed to go now! Added memory usage footer item on Windows Added buffer combine, slice and repeat nodes to the data processor Added currently loaded file name to the window title Added Close File option to the File Menu Added hex editor color highlighting opacity setting Improvements Pattern language execution, disassembling, searching and many other things that may take a long time to complete are now run asynchronously Properly open some default views on first launch Greatly improved the Data Analyzer interface with ImPlot ImHex now uses the system file dialog instead of a custom one to open files Improved colors used on the welcome screen Variables placed out of bounds are now discarded instead of causing a error Improved goto command to now respect base addresses Bug fixes Fixed multiple severe memory leaks in the pattern language Fixed bookmark names and comments refusing to be changed Fixed color attribute requiring a 0x prefix to understand the value Fixed region selection event only selecting first byte Fixed eval_depth default value being way too low Fixed ternary expressions in the pattern language not working everywhere Fixed bookmark name and comment not being loaded properly from a project file Fixed binary value in base converter being shifted by one Fixed pointers in the pattern language easily crashing ImHex Fixed MIME-based pattern loading popup being almost unusable. Thanks to @ThisALV for making me aware of this [hide][Hidden Content]]