Microsoft recently announced the launch of Project Ire – a dedicated AI agent for malware… Project Ire – Microsoft Launches AI Agent For Automated Malware Classification on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.| Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Test...
With this post, I hope to explain how to set up a development environment for the latest Ghidra release on Ubuntu 20.04. After following the steps outlined below, we will have the ability to write, debug and export custom Ghidra plugins, modules, and scripts.| VoidStar Security Blog
With this post we review Ghidra's built-in debugger and walk through how to use it on a simple ARM target| VoidStar Security Blog
With this post we cover and review our free four session Ghidra course| VoidStar Security Blog
In this post, I want to demonstrate and explain the following, Using pre-existing Ghidra scripts to aid in your analysis, Writing your own scripts to automate analysis tasks,Utilize and emulate Ghidra's intermediate language PCode to aid in your analysis| VoidStar Security Blog
In my last post, we managed to dump the firmware off of an Xbox One controller by using the Single Wire Debug interface. Now that we have the firmware image as well as the target CPU determined, we can load it into Ghidra and attempt to learn more about how it works. For this post, we are focusing on learning more about how the firmware image works by writing a proper Ghidra loader and reviewing the USB stack.| VoidStar Security Blog
The Tricore CPU architecture is commonly found in automotive embedded systems, often running an RTOS or even just bare metal firmware. This post will go over setting up an entry level toolchain for the Tricore architecture under Linux, and how we can use this toolchain when reverse engineering automotive platforms. We will also go over and provide a very simple bare metal loader.| VoidStar Security Blog
Or “How I got annoyed by a poor decompilation so I unearthed a hidden Ghidra feature” TLDR: there is a (undocumented and disabled by default) feature in the Ghidra decompiler that lets you create your own decompiler passes, using a custom DSL. I leverage it to write a deobfuscation rule for a simple obfuscation technique. Story Setup - introduction and problem statement Decompiler 101 - building and using Ghidra decompiler directly RULECOMPILE - a curious #define flag from the decompiler ...| msm's home
Analyzing firmware binaries is often different from analyzing a PE or ELF file which have a definite structure. Reverse engineering firmware binaries often entails going through the datasheet, compiler headers to set up the base address and memory map correctly.| Attify Blog - IoT Security, Pentesting and Exploitation
How to use instruction pattern matching to port game patches and cheats between regions and versions| fobes.dev
I recently came across a Wowme U300Q car camera on an auction at aukro.cz . At first glance, it seemed like a promising piece of tech, but after trying to use it, I quickly realized there was a major flaw—it didn’t rotate recorded files and it was not just an issue with my piece, also reviews confirmed it as a global problem. For anyone familiar with dash cams, this is a critical issue because, without rotating files, the camera quickly runs out of storage and stops recording.| danman's blog
Catbert Ransomware presents a disk image with four encrypted files, and UEFI bios. I’ll run the bios in an emulator, and find the binary responsible for the shell. In there, I’ll find the decrypt function and reverse it to see how it is using code at the end of the encrypted images in a small VM to check the input password. I’ll write Python VM emulator to work through the code finding the passwords. On decrypting all three, there’s some fun in the emulated bios and the flag.| 0xdf hacks stuff
I love a good crackme. It was one of the first things I practised when I did my first CTF (Pico) this year. This challenge is for newcomers to Reverse Engineering. Crackme1 Nothing special, you just need to give execution permissions to the binary and then execute it. Crackme2 This binary asks us for a […]| Sharp Security
How to use Ghidra's Version Tracking to avoid reverse engineering binaries from scratch when a new software version is released.| LRQA Nettitude Labs
This is a continuation from| astrid.tech
This is a continuation of| astrid.tech
As a Reverse Engineer, you will always have to deal with various anti analysis measures. The amount of possibilities to hamper our work is endless. Not only you will have to deal with code obfuscation to hinder your static analysis, but also tricks to prevent you from debugging the software you want to dig deeper …Catching Debuggers with Section Hashing Read More »| Malware and Stuff
Introduction The first part of this two-part write-up will explain the Portable Executable (PE) file format, its data structures, and how to...| blog.bournemouth2600.org
It’s not a secret that we at Silent Signal are hopeless romantics, especially when it comes to classic Unix systems (1, 2, 3). Since some of these systems – that still run business critical applications at our clients – are based on some “exotic” architectures, we have a nice hardware collection in our lab, so we can experiment on bare metal.| Silent Signal Techblog
Note to the reader: This blogpost was written “as it happened”, so it may jump around the place a bit. I’ll try clean it up somewhat before I hit publish, but I probably won’…| Darren Martyn
BlackHat Europe 2022 During the first week of December, I had the pleasure of attending a training course at BlackHat Europe 2022 titled Assessing and Exploiting Control Systems and IIoT run by Justin Searle. Part of the course involved Assessing and Exploiting Embedded Firmware by reading on-chip Flash using OpenOCD. Unfortunately, we ran out of time to finish the last labs during the training (we ran 9 am-6 pm each day). So I decided to follow along with the very comprehensive notes [...]| Sticky Bits - Powered by Feabhas
In the previous post, we explained how to dump Exynos bootROM. Exynos (8895 in this post) bootROM contains a minimal USB stack to load a signed bootloader from an USB host (a.k.a. boot from USB). This post summarizes how this USB stack can be reversed using the Great …| fred's notes