Category Archives: Forensics
Forensics – Collecting Volatile Data

Under the principle of “order of Volatility”, you must first collect information that is classified as Volatile Data (the list…

Open source .NET deobfuscator and unpacker

de4dot is an open source (GPLv3) .NET deobfuscator and unpacker written in C#. It will try its best to restore…

Automatically extract obfuscated strings from malware

Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of…

Install latest radare2 on Kali

Uninstall installed radare2(if any) apt-get purge radare2apt-get purge radare2 Install prerequisites apt-get install valac libvala-0.xx-dev swigapt-get install valac libvala-0.xx-dev swig…

Install latest edb-debugger on Kali

edb is a cross platform x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on x86 and x86-64…

Disassembling functions with Radare2

Analyze binary file and its symbols Method 1 radare2 -A c:\Windows\SysWOW64\ntdll.dllradare2 -A c:\Windows\SysWOW64\ntdll.dll Method 2 radare2 c:\Windows\SysWOW64\ntdll.dllradare2 c:\Windows\SysWOW64\ntdll.dll Inside radare2…

Radare – a portable reversing framework

Radare is a portable reversing framework that can… Disassemble (and assemble for) many different architectures Debug with local native and…

Command line HTTP client

HTTPie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as…

Debug processes using ptrace and python

python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python. Features *…

Fast Disassembler-Decomposer Library

diStorm is a lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64. A Decomposer means that you get a binary structure…

Next Page