IDA Pro Plugins For Malware Reverse Engineering
Here are our 5 most used IDA plugins for reverse engineering malware. Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Python3 Environment Basics For IDA Pro (Windows)
https://www.patreon.com/posts/python3-basics-58467121
Hexcopy
https://github.com/OALabs/hexcopy-ida
HashDB
https://github.com/OALabs/hashdb-ida
Flare-IDA
https://github.com/mandiant/flare-ida
Capa
https://github.com/mandiant/capa
Capa Rules
https://github.com/mandiant/capa-rules
Intezer Plugin
https://www.youtube.com/watch?v=fY-2wqmVWWA&t=574s
9
views
Dumpulator - Using Binary Emulation To Automate Reverse Engineering
Join us with special guest mrexodia for a demonstration of dumpulator a python emulator that can emulate minidumps! Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
Special thanks to Duncan (mrexodia) the main developer for x64dbg and creator of dumpulator. Let's show him some love:
https://github.com/sponsors/mrexodia
Dumpulator GitHub:
https://github.com/mrexodia/dumpulator
x64dbg mindump plugin:
https://github.com/mrexodia/MiniDumpPlugin
String decryption demo program:
https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun.7z
String decryption demo dumps:
https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x64.dmp
https://github.com/mrexodia/dumpulator/releases/download/v0.0.1/StringEncryptionFun_x86.dmp
Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
https://www.youtube.com/watch?v=0SvX6F80qg8
33
views
Identify Unknown Malware Using Four Free Threat Intelligence Services
If you are reverse engineering a new malware sample and can't identify it here are our four favourite free threat intel resources that might help! Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
VirusTotal
https://www.virustotal.com/
Malware Bazaar
https://bazaar.abuse.ch/
Malpedia
https://malpedia.caad.fkie.fraunhofer.de/
Intezer
https://analyze.intezer.com/
Sample:
https://malshare.com/sample.php?action=detail&hash=22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
8
views
HashDB - Malware API Hashing Obfuscation Solved Forever (Not Clickbait)
Join us for the release of HashDB a free community-source solution to malware API hashing! Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
OALABS TIP JAR
https://ko-fi.com/oalabs
OALABS GITHUB
https://github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
https://www.unpac.me/#/
-----
HashDB:
https://hashdb.openanalysis.net/
HashDB IDA Plugin:
https://github.com/OALabs/hashdb-ida
HashDB GitHub:
https://github.com/OALabs/hashdb
Unpacked malware samples to test:
https://malshare.com/sample.php?action=detail&hash=132fa71af952927e1961f735e68ae38a3305e7ae8d7197c170d071f74db60d1c
https://malshare.com/sample.php?action=detail&hash=c7990f1e72fdfa84552f02f9d11cabb74251b0508291af5366fefcee646f9c91
https://malshare.com/sample.php?action=detail&hash=22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
37
views
1
comment
RE Tools Spotlight: Binary Refinery - High Octane Malware Triage Analysi
Join us for a test drive of a new malware triage tool suite called Binary Refinery! Expand for more...
Chapters:
0:56 What is Binary Refinery
3:24 Installation
6:23 Getting Started With The Documentation
9:36 Tutorial Extracting PowerShell Dropper Payload
24:09 Tutorial Extracting Netwalker Config
32:50 Contributing a New Refinery Unit To The Code Base
36:33 Ghidra Training
Automated unpacking:
https://www.unpac.me/#/
Binary Refinery GitHub:
https://github.com/binref/refinery
Say hi to Jesko:
https://twitter.com/huettenhain
Ghidra Training:
https://mal.re/
RE blog:
https://blag.nullteilerfrei.de/
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
#MalwareTriage #Tools #BinaryRefinery
29
views
Python3 Tips For Reverse Engineers
Five tips to level up your reverse engineering with Python 3. Expand for more...
Chapters:
0:44 Tip 1. Use Jupyter Notebooks and Github
5:16 Tip 2. Remember Byte Strings Are Not Strings
8:46 Tip 3. Hex Encode Binary Data For Easy Copying Between Tools
12:02 Tip 4. Use Struct To Extract Types From Binary Data
16:28 Tip 5. Use Custom Struct Classes To Parse Binary Streams
Automated unpacking:
https://www.unpac.me/#/
OALabs Jupyter Notebooks:
https://github.com/OALabs/Lab-Notes
Feedback, questions, and suggestions are always welcome : )
Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw
As always check out our tools, tutorials, and more content over at https://www.openanalysis.net
#ReverseEngineering #Python #HowTo
42
views