Security Training Share
Diaphora is a plugin for IDA Pro that aims to help in the typical BinDiffing tasks. It’s similar to other competitor products and open sources projects like Zynamics BinDiff, DarunGrim or TurboDiff. However, it’s...
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps a variety of implants within the...
Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic...
CocoaDebug – iOS Debugging Tool Feature Shake to hide or show the black bubble. (support both device and simulator) Long press the black bubble to show UIDebuggingInformationOverlay. (Apple’s Private API, support iOS 10/11/12) Application memory...
Ropper You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures (x86/X86_64, ARM/ARM64, MIPS/MIPS64, PowerPC). For disassembly,...
Amoco Amoco is a python package dedicated to the (static) analysis of binaries. It features: a generic framework for decoding instructions developed to reduce the time needed to implement support for new architectures. For...
uncompyle6 A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into the equivalent Python source code. It accepts bytecodes from Python version...
Dr. Memory: the memory debugger Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units...
ME Analyzer is a tool which parses Intel Engine firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine & Server...
Iris WinDbg Extension Iris WinDbg extension performs detection of common Windows process mitigations (32 and 64 bits). The checks implemented, as can be seen in the screenshots above, are: for the current process...
Detect It Easy Detect It Easy, or abbreviated “DIE” is a program for determining types of files. “DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and...
GTIRB The GrammaTech Intermediate Representation for Binaries (GTIRB) is a machine code analysis and rewriting data structure. It is intended to facilitate the communication of binary IR between programs performing binary disassembly, analysis, transformation,...
EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE). Features Currently supports all...
metame metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is...
Linux news