pocorgtfo
ghidra
pocorgtfo | ghidra | |
---|---|---|
7 | 126 | |
1,223 | 47,762 | |
- | 1.7% | |
5.8 | 10.0 | |
3 months ago | 1 day ago | |
TeX | Java | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pocorgtfo
-
MIPS Firmware Reverse Engineering - anyone having any success using Ghidra for this?
Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.
- Image displays its own MD5 hash
- Gitlab servers are being exploited in DDoS attacks in excess of 1 Tbps
-
smh dumb antivirus software
execute the pdf: https://github.com/angea/pocorgtfo
-
SHA-1 'Fully and Practically Broken' by New Collision
1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".
1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.
1cis) The files do not need to be gigantic.
2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.
3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.
-
Show HN: Redbean: single-file distributable web server
If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".
ghidra
-
TryHackMe- Compiled
Let's see what our beloved software reverse engineering framework Ghidra has to show.
-
OpenAI is working with the US military now
Define war machinery. Contributing to Ghidra?
https://github.com/NationalSecurityAgency/ghidra
- Ghidra 11.0 Released
-
Dogbolt Decompiler Explorer
Binary Ninja likewise is empty and keeps up just fine as well. It's not a coincidence that the two commercial products that are funding it are both confident enough to put their stuff online like this.
And it's no conspiracy theory or intentional sandbagging, you can see the implementation: https://github.com/decompiler-explorer/decompiler-explorer
and if anyone can improve the other tools performance we'd be happy to accept it. We reached out to the Ghidra devs: https://github.com/NationalSecurityAgency/ghidra/issues/5228 but they didn't have any silver bullets for us either.
-
Show HN: Ghidra Plays Mario
Nice, I'll give it a closer look. My only concern so far is memory hooking (still needed for hardware registers), which on Java side was called by FilteredMemoryState [1]. In memstate.cc it looks like just the simpler MemoryState is implemented [2], and there's no equivalent to MemoryAccessFilter. But it might not be that complicated to add...
[1]: https://github.com/NationalSecurityAgency/ghidra/blob/4561e8...
[2]: https://github.com/NationalSecurityAgency/ghidra/blob/4561e8...
- NSA releases Ghidra version 10.3.3
- Ghidra 10.3.2 released!
- Ghirda 10.3.2 released!
- Debugger Ghidra Class
What are some alternatives?
gitlab-workhorse
x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
polyshell - A Bash/Batch/PowerShell polyglot!
cutter - Free and Open Source Reverse Engineering Platform powered by rizin
exiftool - ExifTool meta information reader/writer
rizin - UNIX-like reverse engineering framework and command-line toolset.
RedBean - ORM layer that creates models, config and database on the fly
r2ghidra - Native Ghidra Decompiler for r2
Judge0 API - 🔥 The most advanced open-source online code execution system in the world.
ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
sha1collisiondetection - Library and command line tool to detect SHA-1 collision in a file
ghidra-dark - Dark theme installer for Ghidra