PracticalMalwareAnalysis-Labs
ghidra-scripts
PracticalMalwareAnalysis-Labs | ghidra-scripts | |
---|---|---|
10 | 49 | |
1,031 | 214 | |
- | - | |
0.0 | 7.0 | |
almost 2 years ago | 4 months ago | |
Java | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PracticalMalwareAnalysis-Labs
- Practical Malware Analysis (Book)
- Easy malware samples
-
Looking for x86 Assembly learning material
If you google the book title the pdf version will come right up. Download the lab binaries from here
-
What is the most difficult specialization within Cybersecurity?
If anyone is interested in learning about it, the malware reverse engineering course I took in university was based on the book Practical Malware Analysis. I thought it was pretty good, and it even includes practice files, programs, and exercises to practice using the tool it teaches you. You can find those here.
-
What are some good resources to learn about reverse engineering and computer architecture?
Tools & Explanations: -OllyDbg, IdaPro, and Ghidra: static analysis and recompiling -ProcMon and ProcessHacker: for dynamic analysis, shows detailed system log of what happens after PE executable is run -TCPView and WireShark: Checks to see if program reaches out to internet -Win7/XP: for testing (defender for win 10 is too good for practice situations) -DiE (Detect It Easy)/PE View: to get overview on executable's header and whether it contains a packed program or not -Learn C: C is lowest level language and can give insight on how you may think about machine code Website: CyberStart, TryHackMe, MetaCTF, Practical Malware Analysis
- book suggestion
- Practical malware analysis book versions
-
"Easy" malware samples.
Check out the samples that were created for the Practical Malware Analysis book lab exercises: https://github.com/mikesiko/PracticalMalwareAnalysis-Labs
ghidra-scripts
- The Hiew Hex Editor
- Okus obratnega inženiringa - naloga 2
-
I've figured out what 13 of the 16 enemy flags mean in Ultima V. Help me figure out the last three.
I've got no experience with reverse-engineering executables, but I got a bunch of code-like stuff showing up when I fed ULTIMA.EXE to Ghidra and told it to analyze it with all the flags set.
-
Modding SH2
The whole game is written in C++ (game logic intertwined with graphics). Ghidra can help you deconstruct the game binaries, but you need to put in a GREAT great effort to even get a starting point. Cheat Engine has been successful for some purposes, including an AI enabling utility for multiplayer (use with great care!).
-
Ask HN: What's the best open source alternative to IDA Pro?
Ghidra: https://ghidra-sre.org/, https://github.com/NationalSecurityAgency/ghidra
-
You have probably heard of Temu right?
What I think you’re talking about is reverse engineering. It’s basically taking a program and analysing the compiled code to attempt to find out how it works. It’s a fairly expansive topic, and fairly tricky to do but look at anything to do with Ghidra to get started.
-
Asking for clarification ... How is learning C beneficial for becoming a Cyber security expert
Oh also just as an aside Ghidra is a really cool free tool developed by the NSA which can reverse engineer software by looking at its executable and recreating the C code from the instructions and static data within. It's another way to get familiarized with the relationship between C code and the instructions it compiles to.
-
Super Smash Bros. Melee HD Port Will "Never Happen," According to Former Nintendo Employees
There exist decompilers and other tools for helping make sense of assembly and that can automate some of the conversion back to higher level languages. In my brief involvement with Slippi I used Ghidra - a tool developed by the NSA, to do some of that kind of work, which I found a little amusing.
-
I found an old floppy disk, what does this mean/what should I do?
It's likely a binary file that's improperly being interpreted as Unicode by the text editor. If it's an executable file, you can use Ghidra to disassemble and analyze it. There may also be some interesting ASCII strings that would reveal its purpose. My guess is that it's a Windows version of Unix "tee" program which will write stdin to a file and stdout simultaneously.
-
Free Hex Editor
On the other hand, this slick "Ghidra" webpage looks suspicious. It's probably written in Typescript on Electron!
What are some alternatives?
flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
frida-rust - Frida Rust bindings
PMAT-labs - Labs for Practical Malware Analysis & Triage
BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
Malware-Exhibit - 🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
pwndra - A collection of pwn/CTF related utilities for Ghidra
frida-gum - Cross-platform instrumentation and introspection library written in C
VulFi - IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research.
metalbear.co - MetalBear main website
Ghidra-Cpp-Class-Analyzer - Ghidra C++ Class and Run Time Type Information Analyzer
ruby-dragon - Ruby, Kotlin, Groovy, Clojure, and JShell support for Ghidra scripting and interactive sessions.
mirrord - Connect your local process and your cloud environment, and run local code in cloud conditions.