This media is not supported in your browser
VIEW IN TELEGRAM
#securebyte
سلام خدمت دوستان و همراهان گرامی
با توجه به اعلام قبلی مبنی بر توسعه و آماده سازی زیر ساخت های آموزشی، کلاس های حضوری، آنلاین و دوره های مالتی مدیا از سال آینده به امید خدا برگزار خواهند شد که حتما در پستی مجزا به این موضوع مفصل می پردازم که چه تغییراتی در روند فعالیت ها رخ داده و یا در حال تغییر می باشند.
تشکر از دوستانی که تا به امروز پیگیر این موضوع بودند و همیشه ما را دنبال می کنند.
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
سلام خدمت دوستان و همراهان گرامی
با توجه به اعلام قبلی مبنی بر توسعه و آماده سازی زیر ساخت های آموزشی، کلاس های حضوری، آنلاین و دوره های مالتی مدیا از سال آینده به امید خدا برگزار خواهند شد که حتما در پستی مجزا به این موضوع مفصل می پردازم که چه تغییراتی در روند فعالیت ها رخ داده و یا در حال تغییر می باشند.
تشکر از دوستانی که تا به امروز پیگیر این موضوع بودند و همیشه ما را دنبال می کنند.
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #Android
📗Android App Reverse Engineering 101
This workshop will be wholly based on reverse engineering through static analysis, or analyzing and understanding an application by examining its code.
Table of Contents
➖Introduction
➖Android Application Fundamentals
➖Getting Started with Reversing Android Apps
➖Reverse Engineering Android Apps - DEX Bytecode
➖Reverse Engineering Android Apps - Native Libraries
➖Reverse Engineering Android Apps - Obfuscation
➖Conclusion
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Android App Reverse Engineering 101
This workshop will be wholly based on reverse engineering through static analysis, or analyzing and understanding an application by examining its code.
Table of Contents
➖Introduction
➖Android Application Fundamentals
➖Getting Started with Reversing Android Apps
➖Reverse Engineering Android Apps - DEX Bytecode
➖Reverse Engineering Android Apps - Native Libraries
➖Reverse Engineering Android Apps - Obfuscation
➖Conclusion
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #Android
📗How to start Reverse Engineering on Android Application Series (6 Parts)
➖By: Ankit Mishra
🌐 Website
More Parts, Exist in Author's Profile
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗How to start Reverse Engineering on Android Application Series (6 Parts)
➖By: Ankit Mishra
🌐 Website
More Parts, Exist in Author's Profile
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#TrainingCourse #MalwareAnalysis
📗Introduction to Malware Analysis and Reverse Engineering (2017-2018-2020) University of Cincinnati.
➖Week 01: Introduction to VirtualBox and Lab VMs
➖Week 02: Intro to malware taxonomy / building a basic attack
➖Week 03: Deconstruct attack with static analysis
➖Week 04: x86 disassembly and analysis
➖Week 05: Dynamic analysis, networking, Immunity Intro
➖Week 06: Immunity Debugger analysis workflows
➖Week 07: Mid-Term Project week #1, no class
➖Week 08: Run-time analysis with debugger / inetsim / etc.
➖Week 09: Identification with Yara and other tools
➖Week 10: Spring break - NO CLASS
➖Week 11: Using ELK to analyze behavioral logs
➖Week 12: Java & SWF malware analysis
➖Week 13: Android Malware analysis tools, setup
➖Week 14: Android malware static analysis
➖Week 15: Android malware live analysis
➖Week 16: Finals week - Final project
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Introduction to Malware Analysis and Reverse Engineering (2017-2018-2020) University of Cincinnati.
➖Week 01: Introduction to VirtualBox and Lab VMs
➖Week 02: Intro to malware taxonomy / building a basic attack
➖Week 03: Deconstruct attack with static analysis
➖Week 04: x86 disassembly and analysis
➖Week 05: Dynamic analysis, networking, Immunity Intro
➖Week 06: Immunity Debugger analysis workflows
➖Week 07: Mid-Term Project week #1, no class
➖Week 08: Run-time analysis with debugger / inetsim / etc.
➖Week 09: Identification with Yara and other tools
➖Week 10: Spring break - NO CLASS
➖Week 11: Using ELK to analyze behavioral logs
➖Week 12: Java & SWF malware analysis
➖Week 13: Android Malware analysis tools, setup
➖Week 14: Android malware static analysis
➖Week 15: Android malware live analysis
➖Week 16: Finals week - Final project
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #Exploiting
📗Binary Exploitation: Format String Vulnerabilities series
➖By : Vickie Li
Welcome to the binary exploitation series! In the coming posts, we are going to explore concepts and tricks used in binary exploitation. I hope you’re as excited as I am!
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Binary Exploitation: Format String Vulnerabilities series
➖By : Vickie Li
Welcome to the binary exploitation series! In the coming posts, we are going to explore concepts and tricks used in binary exploitation. I hope you’re as excited as I am!
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Github #Cuckoo
Cuckoo VM for Malware Analysis By binaryzone
If you do not want to put some time in installing your own Cuckoo Sandbox for different reasons, then you could just download the Virtual Machine (VM) that I have prepared. What I’ve done is get Cuckoo to run in a VM, so you might be asking what does that mean? Well, it means that first Cuckoo is running in a VM and second that Cuckoo will be running its analysis within another VM. Yes, a VM in another VM or what is technically called “Nested Virtualization“. I used VMWare for my VM, but since I’ve exported it to OVA, then you should be good to just import and run.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Cuckoo VM for Malware Analysis By binaryzone
If you do not want to put some time in installing your own Cuckoo Sandbox for different reasons, then you could just download the Virtual Machine (VM) that I have prepared. What I’ve done is get Cuckoo to run in a VM, so you might be asking what does that mean? Well, it means that first Cuckoo is running in a VM and second that Cuckoo will be running its analysis within another VM. Yes, a VM in another VM or what is technically called “Nested Virtualization“. I used VMWare for my VM, but since I’ve exported it to OVA, then you should be good to just import and run.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
کانال بایت امن
#Github #Cuckoo Cuckoo VM for Malware Analysis By binaryzone If you do not want to put some time in installing your own Cuckoo Sandbox for different reasons, then you could just download the Virtual Machine (VM) that I have prepared. What I’ve done is get…
#Github #Cuckoo
Cuckoo VM for Malware Analysis By binaryzone
Things you need:
1. The VM from download link
2. Username: user1 & Password: forensics
3. Add a Windows ISO to your Cuckoo VM
4. Submit a sample and get some results…
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Cuckoo VM for Malware Analysis By binaryzone
Things you need:
1. The VM from download link
2. Username: user1 & Password: forensics
3. Add a Windows ISO to your Cuckoo VM
4. Submit a sample and get some results…
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering
📗Windows Process Injection in 2019 - BlackHat USA-19
➖Amit Klein, Itzik Kotler
Process injection in Windows appears to be a well-researched topic, with many techniques now known and implemented to inject from one process to the other. Process injection is used by malware to gain more stealth (e.g. run malicious logic in a legitimate process) and to bypass security products (e.g. AV, DLP and personal firewall solutions) by injecting code that performs sensitive operations (e.g. network access) to a process which is privileged to do so.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Windows Process Injection in 2019 - BlackHat USA-19
➖Amit Klein, Itzik Kotler
Process injection in Windows appears to be a well-researched topic, with many techniques now known and implemented to inject from one process to the other. Process injection is used by malware to gain more stealth (e.g. run malicious logic in a legitimate process) and to bypass security products (e.g. AV, DLP and personal firewall solutions) by injecting code that performs sensitive operations (e.g. network access) to a process which is privileged to do so.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
کانال بایت امن
#Github #MobSF Mobile Security Framework (MobSF) Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective…
#Article #ReverseEngineering
📗iOS Security Analysis with MobSF
➖Netguru
Recently, our iOS security team was looking for a security analysis tool and we tested MobSF as one of our solutions. MobSF is a tool recommended by OWASP in its Mobile Security Testing Guide.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗iOS Security Analysis with MobSF
➖Netguru
Recently, our iOS security team was looking for a security analysis tool and we tested MobSF as one of our solutions. MobSF is a tool recommended by OWASP in its Mobile Security Testing Guide.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Github #Internals
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10)
(win32k.sys).
The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10)
(win32k.sys).
The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineeing #OSX
This corner dedicated to reverse engineering, malware, rootkits, and security.
Content is mostly dedicated to Mac OS X and also iOS.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
This corner dedicated to reverse engineering, malware, rootkits, and security.
Content is mostly dedicated to Mac OS X and also iOS.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Github #Internals
Another Repo with more details about Windows System Call Tables.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Another Repo with more details about Windows System Call Tables.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Github #ReverseEngineering #Syser
Do you Remember Syser Debugger ? 😉
1430 230320
➖implement FPU reg "%1.7e"
➖ implement XMM 8/16 reg by dword x 4
➖ fix instr info for qword data
➖ fix all disassm in uppercase
➖ fix debugger leak handle
➖ revert fix for detached process
➖ fix debugger handle unload dll
🌐 Website
@securebyte
Do you Remember Syser Debugger ? 😉
1430 230320
➖implement FPU reg "%1.7e"
➖ implement XMM 8/16 reg by dword x 4
➖ fix instr info for qword data
➖ fix all disassm in uppercase
➖ fix debugger leak handle
➖ revert fix for detached process
➖ fix debugger handle unload dll
🌐 Website
@securebyte
#Github #BinDiff
Zynamics BinDiff uses a unique graph-theoretical approach to compare executables by identifying identical and similar functions.
Zynamics BinNavi is the leading open source binary code reverse engineering tool based on graph visualization
🌐 Website1
🌐 Website2
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Zynamics BinDiff uses a unique graph-theoretical approach to compare executables by identifying identical and similar functions.
Zynamics BinNavi is the leading open source binary code reverse engineering tool based on graph visualization
🌐 Website1
🌐 Website2
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #Hardware
📗Hardware Debugging for Reverse Engineers Series
➖By : Wrongbaud
When assessing an embedded platform there are a number of things you can do or try to accomplish, with this post I want to demonstrate/test the following:
➖Can the firmware be extracted from the target?
➖Can the target be debugged or instrumented in such a way that allows us to learn more about it’s internal operations?
➖Can the firmware be modified or changed, either through software exploitation or hardware modifications?
The first step to answering some of these questions will be a hardware teardown.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Hardware Debugging for Reverse Engineers Series
➖By : Wrongbaud
When assessing an embedded platform there are a number of things you can do or try to accomplish, with this post I want to demonstrate/test the following:
➖Can the firmware be extracted from the target?
➖Can the target be debugged or instrumented in such a way that allows us to learn more about it’s internal operations?
➖Can the firmware be modified or changed, either through software exploitation or hardware modifications?
The first step to answering some of these questions will be a hardware teardown.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Website #Internals
Useful websites that cover undocumented structures. Low-level programer's guide to Windows NT Kernel, Native API and Drivers.
🌐 Vergilius Project - Terminus Project - NT Internals
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Useful websites that cover undocumented structures. Low-level programer's guide to Windows NT Kernel, Native API and Drivers.
🌐 Vergilius Project - Terminus Project - NT Internals
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Github #bddisasm
Bitdefender bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Bitdefender bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #ReverseEngineering #Android
📗Reverse engineering an Android Application [Krk Bike]
The app used for this demonstration is called Krk Bike, and it is a mobile application that you can download from Google Play store, and it will show you many of bike trails on Croatia’s island of Krk. I wanted to see all of this bike trails in a single, un-cluttered map. How could we get such data out of this app?
🌐Article Link
@securebyte
📗Reverse engineering an Android Application [Krk Bike]
The app used for this demonstration is called Krk Bike, and it is a mobile application that you can download from Google Play store, and it will show you many of bike trails on Croatia’s island of Krk. I wanted to see all of this bike trails in a single, un-cluttered map. How could we get such data out of this app?
🌐Article Link
@securebyte
#Articles #ReverseEngineering #Ghidra
📗Reverse Engineering with Ghidra
🌐 Part 0 : Main Windows & CrackMe
🌐 Part 1 : Data, Functions & Scripts
@securebyte
📗Reverse Engineering with Ghidra
🌐 Part 0 : Main Windows & CrackMe
🌐 Part 1 : Data, Functions & Scripts
@securebyte
#Article #ReverseEngineering #Android
📗Vault 101 : Samsung CTF App Reverse Engineering Challenge Write-up
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Vault 101 : Samsung CTF App Reverse Engineering Challenge Write-up
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_