OALabs

Here are our 5 most used IDA plugins for reverse engineering malware. Expand for more... ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Python3 Environment Basics For IDA Pro (Windows) https://www.patreon.com/posts/python3-basics-58467121 Hexcopy https://github.com/OALabs/hexcopy-ida HashDB https://github.com/OALabs/hashdb-ida Flare-IDA https://github.com/mandiant/flare-ida Capa https://github.com/mandiant/capa Capa Rules https://github.com/mandiant/capa-rules Intezer Plugin https://www.youtube.com/watch?v=fY-2wqmVWWA&t=574s

Join us with special guest mrexodia for a demonstration of dumpulator a python emulator that can emulate minidumps! Expand for more... ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Special thanks to Duncan (mrexodia) the main developer for x64dbg and creator of dumpulator. Let's show him some love: https://github.com/sponsors/mrexodia Dumpulator GitHub: https://github.com/mrexodia/dumpulator x64dbg mindump plugin: https://github.com/mrexodia/MiniDumpPlugin String decryption demo program: https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun.7z String decryption demo dumps: https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x64.dmp https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x86.dmp Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis https://www.youtube.com/watch?v=0SvX6F80qg8

If you are reverse engineering a new malware sample and can't identify it here are our four favourite free threat intel resources that might help! Expand for more... ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs Twitch https://www.twitch.tv/oalabslive OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- VirusTotal https://www.virustotal.com/ Malware Bazaar https://bazaar.abuse.ch/ Malpedia https://malpedia.caad.fkie.fraunhofer.de/ Intezer https://analyze.intezer.com/ Sample: https://malshare.com/sample.php?action=detail&hash=22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6

Join us for the release of HashDB a free community-source solution to malware API hashing! Expand for more... ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- HashDB: https://hashdb.openanalysis.net/ HashDB IDA Plugin: https://github.com/OALabs/hashdb-ida HashDB GitHub: https://github.com/OALabs/hashdb Unpacked malware samples to test: https://malshare.com/sample.php?action=detail&hash=132fa71af952927e1961f735e68ae38a3305e7ae8d7197c170d071f74db60d1c https://malshare.com/sample.php?action=detail&hash=c7990f1e72fdfa84552f02f9d11cabb74251b0508291af5366fefcee646f9c91 https://malshare.com/sample.php?action=detail&hash=22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6

Join us for a test drive of a new malware triage tool suite called Binary Refinery! Expand for more... Chapters: 0:56 What is Binary Refinery 3:24 Installation 6:23 Getting Started With The Documentation 9:36 Tutorial Extracting PowerShell Dropper Payload 24:09 Tutorial Extracting Netwalker Config 32:50 Contributing a New Refinery Unit To The Code Base 36:33 Ghidra Training Automated unpacking: https://www.unpac.me/#/ Binary Refinery GitHub: https://github.com/binref/refinery Say hi to Jesko: https://twitter.com/huettenhain Ghidra Training: https://mal.re/ RE blog: https://blag.nullteilerfrei.de/ Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net #MalwareTriage #Tools #BinaryRefinery

Five tips to level up your reverse engineering with Python 3. Expand for more... Chapters: 0:44 Tip 1. Use Jupyter Notebooks and Github 5:16 Tip 2. Remember Byte Strings Are Not Strings 8:46 Tip 3. Hex Encode Binary Data For Easy Copying Between Tools 12:02 Tip 4. Use Struct To Extract Types From Binary Data 16:28 Tip 5. Use Custom Struct Classes To Parse Binary Streams Automated unpacking: https://www.unpac.me/#/ OALabs Jupyter Notebooks: https://github.com/OALabs/Lab-Notes Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net #ReverseEngineering #Python #HowTo