Translate.py is a Python script to perform bitwise operations on files (like XOR, ROL/ROR, …). You
specify the bitwise operation to perform as a Python expression, and pass it as a command-line argument.
translate.py malware malware.decoded ‘byte ^ 0x10’ Direct download: https://didierstevens.com/files/software/translate_v2_0_0.zip
Linking to this SO answer and re-posting it here, as I seem to search for it every few weeks or so:
For Windows installations:
While running setup.py for package installations, Python 2.7 searches for an installed Visual Studio 2008. You can trick Python to use a newer Visual Studio by setting the correct path in
VS90COMNTOOLSenvironment variable before calling
Execute the following command based on the version of Visual Studio installed:
- Visual Studio 2010 (VS10):
- Visual Studio 2012 (VS11):
- Visual Studio 2013 (VS12):
If you are interested in learning about ActiveX exploitation, security researcher/consultant/professor Brad Antoniewicz has created FSExploitMe for just that purpose.
You’ll want a copy of Internet Explorer 8 to get the most out of it, but fortunately you can get a VM running IE8 for *free* from Microsoft.
And if you are interested in getting deeper into Linux exploitation, exploit-exercises.com has pre-built VM’s with capture-the-flag style levels and challenges for each level. It also has challenges for beginners to expert and is designed to teach:
[…]about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
Visual guide to understanding garbage collection algorithms!
I look this up about every couple weeks, so I’m posting it here for posterity. In order to nicely format Data::Dumper output…
I almost always set
$Data::Dumper::Indent = 1; $Data::Dumper::Sortkeys = 1;
Data::Dumper. The first statement makes the output more compact and much more readable when your data structure is several levels deep. The second statement makes it easier to scan the output and quickly find the keys you are most interested in.
If the data structure contains binary data or embedded tabs/newlines, also consider
$Data::Dumper::Useqq = 1;
which will output a suitable readable representation for that data.
Much more in the perldoc.
x64_dbg is a very powerful open-source 32 and 64-bit assembler/debugger for Windows. The UI is reminiscent of OllyDbg with some additions that are clearly inspired by IDA Pro.
I’m looking forward to using this tool in place of OllyDbg, especially for 64-bit related RE tasks.
iSecPartners has released on GitHub a “cheat-sheet” for auditing high-value applications. It’s well worth a read.
This list is intended to be a list of additional or more technical things to look for when auditing extremely high value applications. The applications may involve operational security for involved actors (such as law enforcement research), extremely valuable transactions (such as a Stock Trading Application), societal issues that could open users to physical harassment (such as a Gay Dating Application), or technologies designed to be used by journalists operating inside repressive countries.
It is an advanced list – meaning entry level issues such as application logic bypasses, common web vulnerabilities such as XSS and SQLi, or lower level vulnerabilities such as memory corruption are explicitly not covered. It is assumed that the reader is aware of these and similar vulnerabilities and is well trained in their search, exploitation, and remediation.
A good example of the type of analysis to strive for can be shown in Jacob Appelbaum’s analysis of UltraSurf:https://media.torproject.org/misc/2012-04-16-ultrasurf-analysis.pdf