sayzard5d ago

Poppy – Dynamic Instrumentation Pipeline for macOS Security Research

Poppy는 macOS 데몬과 XPC 서비스의 동적 분석, 관측성, 결함 주입을 위한 툴킷입니다. Frida, DTrace, 커스텀 인젝터를 결합해 데몬의 런타임 동작과 권한 검사, 호출 경로 등을 실시간으로 관찰하고 결함을 주입할 수 있습니다. 특히 PAC, Swift/Objective-C 동적 디스패치로 인한 정적 분석 한계를 극복하며, JSONL 로그 포맷으로 후처리와 자동화 분석에 용이합니다. macOS 보안 연구 및 취약점 분석에 즉시 활용 가능한 오픈소스 도구입니다.

https://github.com/jetnoir/poppy

#macos #dynamicanalysis #securityresearch #frida #dtrace

GitHub - jetnoir/poppy: Dynamic XPC Observability & Fault Injection for macOS

Dynamic XPC Observability & Fault Injection for macOS - jetnoir/poppy

GitHub
kriware Feb 23

soSaver — Frida-based .so library dumper

A tool that dynamically extracts native .so libraries from an Android app’s memory by hooking loader calls and scanning process memory via Frida, useful in dynamic analysis and reverse engineering.

https://github.com/TheQmaks/soSaver

#android #dynamicanalysis

GitHub - TheQmaks/soSaver: A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.

A Frida-based utility for dynamically extracting native (.so) libraries from Android applications. - TheQmaks/soSaver

GitHub
RE//verse ConferenceJan 29, 2025
Dynamic binary instrumentation, simplified. Andrew Haberlandt introduces Pyda: a Python-based framework for writing tools on top of DynamoRIO. Replace debugger scripts & explore advanced hooks for ARM64/X86. https://re-verse.sessionize.com/session/776653 #REverse2025 #Instrumentation #DynamicAnalysis
Pyda: Write dynamic binary analysis tools in Python

Dynamic instrumentation frameworks such as Frida, Intel PIN, and DynamoRIO allow reverse-engineers to observe and modify program behaviors at runtime, but are difficult for non-experts to use. This talk introduces Pyda — a framework for writing dynamic instrumentation tools in a few short lines of Python. Pyda extends the familiar pwntools-style interface with runtime “hooks” that can modify registers and memory or redirect execution. We describe how we built performant and user-friendly dynamic instrumentation on top of DynamoRIO — and how you can use it to analyze complex, multithreaded applications on X86 and ARM64. We show how to replace existing debugging (e.g. GDB scripting) and instrumentation workflows with Pyda scripts, and how we used Pyda to solve a recent CTF challenge. Finally, we show how Pyda’s built-in compiler can inline complex, performance-sensitive instrumentation.

ITSEC NewsJan 31, 2024
Introducing DIFFER, a new tool for testing and validating transformed programs - By Michael Brown
We recently released a new differential testing tool, called DIFF... https://blog.trailofbits.com/2024/01/31/introducing-differ-a-new-tool-for-testing-and-validating-transformed-programs/ #dynamicanalysis #opensource
Introducing DIFFER, a new tool for testing and validating transformed programs

By Michael Brown We recently released a new differential testing tool, called DIFFER, for finding bugs and soundness violations in transformed programs. DIFFER combines elements from differential, …

Trail of Bits Blog
ITSEC NewsSep 18, 2023
Security flaws in an SSO plugin for Caddy - By Maciej Domanski, Travis Peters, and David Pokora
We identified 10 security vulnerabili... https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ #dynamicanalysis #programanalysis #staticanalysis #mitigations #exploits #attacks #semgrep #audits #go
Security flaws in an SSO plugin for Caddy

By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity …

Trail of Bits Blog
ITSEC NewsNov 11, 2019
Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask - Imagine reducing the amount of code and time needed to test software, while at the same time incre... more: https://blog.trailofbits.com/2019/11/11/test-case-reduction/ #researchpractice #dynamicanalysis #fuzzing
Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask

Trail of Bits Blog
ITSEC NewsNov 7, 2019
Attacking Go: VR TTPs - The Trail of Bits Assurance practice has received an influx of Go projects, following the success ... more: https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ #dynamicanalysis #staticanalysis #kubernetes #compilers #education #fuzzing #go
Security assessment techniques for Go projects

Trail of Bits Blog
ITSEC NewsNov 1, 2019
Two New Tools that Tame the Treachery of Files - Parsing is hard, even when a file format is well specified. But when the specification is ambiguous,... more: https://blog.trailofbits.com/2019/11/01/two-new-tools-that-tame-the-treachery-of-files/ #researchpractice #dynamicanalysis #programanalysis #darpa
Two New Tools that Tame the Treachery of Files

Trail of Bits Blog
buheratorApr 25, 2019

RT @[email protected]

Finding and writing 0day with Microsoft's fuzzer: https://www.vdalabs.com/2019/04/25/microsoft-security-risk-detection-0day-in-verypdf-reader-part-1/ #fuzzing #appsec #softwaresecurity #dynamicanalysis

Microsoft Security Risk Detection: 0day in VeryPDF Reader (Part 1) > VDA Labs

See how VDA Labs used Microsoft Security Risk Detection Fuzzer to find a vulnerability in VeryPDF reader. This post goes from start through bug triage.