how2heap
binwalk
how2heap | binwalk | |
---|---|---|
3 | 29 | |
6,941 | 10,214 | |
1.5% | 1.1% | |
8.2 | 0.0 | |
5 days ago | 21 days ago | |
C | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
how2heap
-
What’s a good book on hacking/web for recreational reading?
x86 based binary exploitation: Intel Software Development Manual https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html Skim through K&R C, then pick up and read Effective C by Robert Seacord, then pick up any of the books or online resources listed here: https://github.com/jwasham/coding-interview-university. Read OpenBSD's code https://github.com/openbsd/src Python: https://www.python.org/doc/ Pwntools: https://docs.pwntools.com/en/stable/ Aleph One on stack buffer overflows: https://packetstormsecurity.com/files/13875/Smashing-The-Stack-For-Fun-And-Profit.html w00w00 on heap overflows: https://packetstormsecurity.com/files/13877/w00w00-on-Heap-Overflows.html Pick up Hacking: The Art of Exploitation by Jon Erickson and give it a good read More heap fun: https://github.com/shellphish/how2heap Return Oriented Programming: https://github.com/spartansecurity/Hack-Nights/blob/master/ROP/Return_Oriented_Exploitation.pdf ret2csu: https://i.blackhat.com/briefings/asia/2018/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf Printf format string vulnerability: https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf Binwalk for extracting files, file systems, executable code from images: https://github.com/ReFirmLabs/binwalk
-
Recommended resources/paths to learn binary exploits?
You can have a look at something like https://github.com/shellphish/how2heap or https://ctftime.org/writeups
-
Understanding how2heap house_of_force top chunk calculation
Hi everyone, I just started messing with heap overflow and I've been reading how2heap's house of force technique but something doesn't make sense.
binwalk
- HTB - Pilgrimage Writeup
-
Is it possible to extract firmware through a USB-C cable
https://github.com/ReFirmLabs/binwalk/wiki/Quick-Start-Guide here's how to extract firmware
-
Mounting 20-year-old OpenBSD drive under macOS?
If you can get them attached to something, I wouldn’t bother trying to mount then, just dump the contents and use something inker binwalk to figure things out and see if it can extract things.
-
Sketchy USB Update
With that said, I'll repeat what i said last post, run binwalker on the image. Nothing that anyone is saying here is probably going to work because that doesn't have any features of an FS image
-
Unknown USB Files - How to view?
Op, run binwalk. Don't just run it though an hex editor, you won't understand anything. It's a forensics tool to analyze unknown binary blobs (much better than gitbash that someone mentioned). It can also unpack these files automatically, there's no better universal tool for it
-
Trying to find hex in bin file
Not sure if it would be easier or not, but you could also use binwalk to find a binary string in a file.
- An unidentified filesystem while analyzing a firmware
- Caffè Italia * 05/02/23
-
Security Advisory: Remote Command Execution in binwalk
Not true, it's still not patched. See https://github.com/ReFirmLabs/binwalk/pull/617
-
Show HN: Unblob – extraction suite for 30+ file formats
Looks nice! Kind of reminds me of binwalk: https://github.com/ReFirmLabs/binwalk
What are some alternatives?
coding-interview-university - A complete computer science study plan to become a software engineer.
foremost - Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public. We welcome any comments, suggestions, patches, or feedback you have on this program. Please direct all correspondence to [email protected].
unblob - Extract files from any kind of container formats
osx-dictionary - CLI for OSX Dictionary.app
Wireshark - Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.
ghidra - Ghidra is a software reverse engineering (SRE) framework
chipsec - Platform Security Assessment Framework
pfSense - Main repository for pfSense
dictionary-api
icu - The home of the ICU project source code.
tcpdump - the TCPdump network dissector
dtrx - Do The Right Extraction