Tag: re

Disassembler, Reverse Engineering

Fast Disassembler-Decomposer Library

diStorm is a lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64. A Decomposer means that you get a binary structure that describes an instruction rather than textual representation. Features * Access to CPU flags that were affected by the instruction. * Basic Flow Control analysis support. * AVX and FMA instruction sets support. * Complete …

Android, Java

Java 8 Jar & Android APK Reverse Engineering Suite

Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, …

Android

Reverse engineering Android apk files

Apktool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive …

Antivirus, Debugging, Kernel

Debug user-mode processes using a kernel debugger

When a user-mode process deploys various userland anti-debugging tricks, you can use kernel debugging to attach to the process and debug it easier. > Create a Windows 8.1 Vmware machine. > Follow this guide to enable kernel debugging through pipes. > Run Windbg as administrator on your host machine. > Open File->Kernel Debug… (Ctrl+K) > …

Disassembling, Reverse Engineering

Windows Disassembler for 64-bit & 32-bit Programs

PEBrowse64 Professional (v6.3) is a 64-bit executable and requires the .NET framework. It will display both Win32 and Win64 executables, native, managed and mixed. PEBrowse Professional (v10.1.4) is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies. With the PEBrowse disassembler, one can open and examine any executable without the need to …

Forensics, Malware Analysis, Reverse Engineering

Dump running Win32 process memory image

User Mode Process Dumper ver. 8.1 (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools. The userdump generates dump file by several …

Honeypot, Malware Analysis

A Simple Elasticsearch Honeypot

ElasticHoney is a simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch. How it Works This honeypot is pretty simple. It takes requests on the /, /_search, and /_nodes endpoints and returns a JSON response that is identical to a vulnerable ES instance (should be identical – I took the responses straight …

Malware Analysis

FileAlyzer – Analyze files – Read PE information

FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources …