volatility
pwndbg
Our great sponsors
| volatility | pwndbg | |
|---|---|---|
| 18 | 9 | |
| 6,480 | 5,956 | |
| 2.2% | 2.6% | |
| 0.0 | 0.0 | |
| 3 months ago | 10 days ago | |
| Python | Python | |
| GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
volatility
-
What is the appropriate uncompressed kernel ELF to use with dwarf2json? [ 5.19.0-42-generic #43~22.04.1-Ubuntu ], in order to create generate a custom symbols table to conduct linux memory forensics on Ubuntu 22.04?
I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)
-
How to inspect a Linux machine
Analyzing memory dumps can be hard, especially at the beginning. You might want to use comprehensive Frameworks like volatility.
-
PChunter equivalent on Linux?
volatility - Version 2 Version 3
-
Awesome CTF : Top Learning Resource Labs
Volatility - To investigate memory dumps.
-
Cannot process recent Windows 10 memory dumps in Volatility
https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles#profile-lists
pwndbg
- Need help installing pwndbg on Kali Linux
-
Hacked GDB Dashboard Puts It All on Display
There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):
GEF: https://gef.readthedocs.io/en/master/
PWNDBG: https://github.com/pwndbg/pwndbg
PEDA: https://github.com/longld/peda
They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.
-
Debugging with GDB
GDB is great. I definitely recommend checking out watchpoints as well, a very useful tool for monitoring how a variable changes over time.
GDB also has many good plugins - pwndbg has tons of features and UI improvements over stock GDB.
-
Awesome CTF : Top Learning Resource Labs
Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
What are some alternatives?
gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
peda - PEDA - Python Exploit Development Assistance for GDB
pwntools - CTF framework and exploit development library
gdb-dashboard - Modular visual interface for GDB in Python
binwalk - Firmware Analysis Tool [Moved to: https://github.com/ReFirmLabs/binwalk]
voltron - A hacky debugger UI for hackers
shellbags - Cross-platform, open-source shellbag parser
one_gadget - The best tool for finding one gadget RCE in libc.so.6
OneByteWallhack - CS:GO wallhack achieved by patching one byte of game memory. Written in Python 3.
TryHackMe - This is a repository containing TryHackMe Writeups in Somali language on various of rooms & challenges, including notes, files and solutions.
volatility3 - Volatility 3.0 development
flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.