Information Security
efi_fuzz In recent years, firmware-level attacks against UEFI have grown in popularity and became more and more complex. Prominent examples of such attacks from this year alone include CVE-2020-12890 (SMM callout vulnerability in AMD’s...
HAL- Hardware Analyzer Hardware Analyzer (HAL) [/hel/] is a comprehensive reverse engineering and manipulation framework for gate-level netlists focusing on efficiency, extendability, and portability. HAL comes with a fully-fledged plugin system, allowing it to...
Fuzzing is one of the most powerful and proven strategies for identifying security issues in real-world software; it is responsible for the vast majority of remote code execution and privilege escalation bugs found to...
ME Analyzer is a tool which parses Intel Engine firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine & Server...
Damn Vulnerable C Program This is a simple C program, I coded to explain common types of vulnerabilities like: integer overflow integer underflow Out of bound Read Out of bound Write Double Free Use...
echidna Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley) More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It...
HookCase HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method...
Fhex – A Full-Featured HexEditor This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations (e.g. too many...
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities....
Dexcalibur Dexcalibur is an Android reverse engineering platform focus on instrumentation automation. Its particularity is to use dynamic analysis to improve static analysis heuristics. It aims to automate boring tasks related to dynamic instrumentation,...
Suggested Reading