flare-vm
radare2
flare-vm | radare2 | |
---|---|---|
23 | 9 | |
5,856 | 19,637 | |
1.5% | 0.8% | |
8.0 | 9.9 | |
9 days ago | 4 days ago | |
PowerShell | C | |
Apache License 2.0 | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flare-vm
-
Looking for x86 Assembly learning material
Follow the instructions here to setup a FLARE vm which will have all the tools you need for the labs in the book flare vm
-
Small company, small analysis Platform
FLARE VM: this is a boxstarter from Mandiant to add a bunch of tools to Windows for malware analysis
-
Home lab for cybersecurity
build it as a proxmox host and have a malware analysis VM (flare-vm for example - https://github.com/mandiant/flare-vm) you can then interact with it via Console or host another VM as an SSH jump box and ssh tunnel to port 3389 on the malware vm
- Ma poate ajuta cineva ? Am descărcat ceva de pe filelist si după am întâmpinat asta.
- Any sandbox app (Windows or Linux) that supports network routing?
-
OS Recommendations for DFIR
FLARE VM: a Windows toolkit for malware analysis from Mandiant: https://github.com/mandiant/flare-vm
-
L1 analysts, do you do malware analysis? If so how often?
I usually run it in virtualbox without guest additions, get one of those free windows 10 isos from microsoft and install the mandiant flare vm on it ( https://github.com/mandiant/flare-vm ), after everything is installed i keep a snapshot of the windows machine with everything set up so i dont have to do it all again and once its done i set the network to internal and set set up inetsim on remnux as well if im going to do dynamic analysis so that i have an internet simulator that the malware can talk to.
-
How do you setup a malware analysis sandbox?
I use https://any.run for quick stuff or just fire my FlareVM up.
- Any distro for forensic blue team?
- How to set up a laptop as a dedicated mal-lab that has access to my home network for malware to send and receive traffic but cannot propagate to the rest of my devices?
radare2
-
I'm pretty sure this is possible, and would appreciate confirmation/direction.
https://github.com/radareorg/radare2 (You can git clone it, then run the install script)
- Introducing YaRadare - YARA scanning for cloud-native apps (containers)
- Radare2 - UNIX-like reverse engineering framework and command-line toolset
-
reverse engineering/de-compiling (with radare2/r2)
Has any one had an luck reverse engineering Pebble binaries? Whilst I've had success editing js code in existing applications I've not had any luck with C code. This is not an area I have a lot of experience but it looks like the disassembly support in radare2 might not be complete. I've opened a ticket https://github.com/radareorg/radare2/issues/20002 but thought it worth posting here to see what experiences people had.
-
An lsblk like command for OpenBSD
Thanks this is helpful but I think this is just for programs integrated into the OpenBSD os. openbsd_lsblk is a standalone. I think their coding style is similar to the Linux Kernel coding style . but I contribute to project called radare2 (coding style) so I am used to programming their way (except for the space before () in functions that is quite annoying).
- rabin2 for scraping ELF to JSON
-
That took a wild turn
True story: there is a project called Radare2 (or r2) which recently has been forked as Rizin. The reasons for the fork were many, but one of the things they changed was renaming occurrences in code of words like "anal", "sex", etc.
-
[Task] Explain C source code
I need you to go through an open source project (https://github.com/radareorg/radare2). I need you to go through this file(https://github.com/radareorg/radare2/blob/master/libr/core/cmd_anal.c) and tell me what the code does. I am a bit rusty reading C source code, hence seeking help. Specifically, I need help understanding the following cases:
-
Need help interpreting this C function.
Defined here:
What are some alternatives?
commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
rizin - UNIX-like reverse engineering framework and command-line toolset.
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Il2CppInspector - Powerful automated tool for reverse engineering Unity IL2CPP binaries
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. [Moved to: https://github.com/capstone-engine/capstone]
Binance-APK-Analysis - Revealing secrets behind Binance Crypto Exchange platform through Android APK Analysis
ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
zydis - Fast and lightweight x86/x86-64 disassembler and code generation library
simplify - Android virtual machine and deobfuscator
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.