| mlget | http://github.com/xorhex/mlget |
| blog | https://blog.xorhex.com |
| twittodon | https://twittodon.com/share.php?t=xorhex&m=xorhex@infosec.exchange |
#mlget has been updated - your 1 stop shop for finding malware across different services!
Grab an updated copy at https://github.com/xorhex/mlget/releases/tag/v3.4.2
Happy to add additional services if folks know of more!
Some services I no longer have access to for testing - see the Alt text for more info.
So most folks purchase 4 decompilers...?
That and sales for IDA PRO EXPERT 4 (the most popular option) just started today... π€
#x64dbg allows you to break on user loaded DLLs. This is very helpful when working with #sideloadeddlls.
The same can be done via #idapro using a break point condition and specifying the DLL name.
get_event_id()== LIB_LOADED && strstr(get_event_module_name(), "<name>.dll")
!= -1
Looking at UTM SE on the App Store; spotted #ida on one of the VMs for download. Feels like this is a game of βwhere is IDA?β(versus Waldo) π
Want to use IDA's remote debugger but finding it challenging/tedious to make Scylla Hide work for it?
Check out https://github.com/xorhex/remote_ida_scylla_inject
This project will monitor the remote IDA debugging instance and any child process found (minus conhost.exe) will have the generic Syclla Hide injector run against the target PID.
Added sockaddr_in.sin_addr and sockaddr_in.sin_port representations to #IDAβs right click context menu.
Download the plugin from here: https://github.com/xorhex/IDAExtras
Working on a custom IDA Exports screen to give some more detail on the exported functions. I might have gotten tired of hunting through to many exports that are just `C2 00 00 retn 0` looking for the one that did something.
Mastodon didn't like my GIF, so pictures it is.
