| website | https://0x1c.zip |
Disclaimer: I have personally noticed a significant difficulty in finding names for many loaders, even if they have been reported on due to the overwhelming focus on the final payload within infection chains. With this in mind, I utilize a custom loader taxonomy system, with the name of the loader
🦀 Hello! Thanks very much to everyone that tuned in to my workshop Reversing Rust Binaries: One step beyond strings at @NorthSec last week. The slides for this workshop are now available, for your convenient future reference!
➡️ https://github.com/cxiao/rust-reversing-workshop-northsec-2024/tree/main/slides ⬅️
📽️ A recording of the livestream for this workshop is also available on YouTube, if you would like to rewatch the presentation! NorthSec 2024 - Workshop 1 - Day 2
The slides folder also include larger versions of my diagrams from the presentation, so do check those out!! I took the extra time to make them aesthetically pleasing in @obsidian 😎
#nsec2024 #NorthSec #rustlang #ReverseEngineering #reversing #MalwareAnalysis #malware
Been trying to use Binary Refinery by @huettenhain more frequently.
Managed to complete in a single step, what would have taken a number of manual steps with Cyber Chef. Here, analysing and dumping Beacon.exe from the standard Cobalt Strike PowerShell loader.
`emit ~/Desktop/d0d4e29b5809c94d3ca106d7ef63d4bc76c682858bdb5a54426460cc5e2eca82.ps1 | carve -l -t1 b64 | b64 | gunzip | carve -l -t1 b64 | b64 | xor 35`
@snkhan @glesnewich @stvemillertime
Is there a good reason to use this syntax over creating the MZ header bytes as a variable (e.g $mz = {4D 5A}) and using it in the condition ($mz at 0x0)?
Curious since that’s what I’ve been doing, but I know that many don’t write their rules like that.
I’ve personally found this to correlate with what is seen in the hex editor
🔌💡: x64dbg
👤: utkonos / mrexodia
https://github.com/x64dbg/x64dbgbinja
Joining the BinjaExportTox64dbg plugin which offered one-way sync, the newly updated official plugin supports both import/export to make integration between the great x64dbg debugger and Binary Ninja even easier!
Interested in learning about #reverseengineering and malware analysis?
I'm happy to say that I recently had the chance to complete the "Introduction to Malware Binary Triage" course by InvokeRE, and can highly recommend it for anyone that is interested in learning or solidifying their foundations of binary triage!
With 11 modules each containing multiple bite-sized videos, the course really allows you to take it at your own pace and fill in any knowledge gaps you might have.
Check it out here 👇
Cindʎ Xiao 🍉
Sajid Nawaz Khan 
Binary Ninja