View the Index
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Radare2 Book
Table of Contents introduction 1.1 Introduction 1.2 History 1.2.1 Overview 1.2.2 Getting radare2 1.2.3 Compilation and Portability 1.2.4 Compilation on Windows 1.2.5 Command-line Flags 1.2.6 Basic Usage 1.2.7 Command Format 1.2.8 Expressions 1.2.9 Rax2 1.2.10 Basic Debugger Session 1.2.11 Contributing to radare2 1.2.12 Configuration 1.3 Colors 1.3.1 Common Configuration Variables 1.3.2 Basic Commands 1.4 Seeking 1.4.1 Block Size 1.4.2 Sections 1.4.3 Mapping Files 1.4.4 Print Modes 1.4.5 Flags 1.4.6 Write 1.4.7 Zoom 1.4.8 Yank/Paste 1.4.9 Comparing Bytes 1.4.10 Visual mode 1.5 Visual Disassembly 1.5.1 2 Searching bytes 1.6 Basic Searches 1.6.1 Configurating the Search 1.6.2 Pattern Search 1.6.3 Automation 1.6.4 Backward Search 1.6.5 Search in Assembly 1.6.6 Searching for AES Keys 1.6.7 Disassembling 1.7 Adding Metadata 1.7.1 ESIL 1.7.2 Scripting 1.8 Loops 1.8.1 Macros 1.8.2 R2pipe 1.8.3 Rabin2 1.9 File Identification 1.9.1 Entrypoint 1.9.2 Imports 1.9.3 Symbols (exports) 1.9.4 Libraries 1.9.5 Strings 1.9.6 Program Sections 1.9.7 Radiff2 1.10 Binary Diffing 1.10.1 Rasm2 1.11 Assemble 1.11.1 Disassemble 1.11.2 Ragg2 1.12 Analysis 1.13 Code Analysis 1.13.1 Rahash2 1.14 Rahash Tool 1.14.1 Debugger 1.15 3 Getting Started 1.15.1 Registers 1.15.2 Remote Access Capabilities 1.16 Remoting Capabilities 1.16.1 Plugins 1.17 Plugins 1.17.1 Crackmes 1.18 IOLI 1.18.1 IOLI 0x00 1.18.1.1 IOLI 0x01 1.18.1.2 Avatao 1.18.2 R3v3rs3 4 1.18.2.1 .intro 1.18.2.1.1 .radare2 1.18.2.1.2 .first_steps 1.18.2.1.3 .main 1.18.2.1.4 .vmloop 1.18.2.1.5 .instructionset 1.18.2.1.6 -
Android Malware and Analysis
ANDROID MALWARE AND ANALYSIS Ken Dunham • Shane Hartman Jose Andre Morales Manu Quintans • Tim Strazzere Click here to buy Android Malware and Analysis CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2015 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper Version Date: 20140918 International Standard Book Number-13: 978-1-4822-5219-4 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. -
Analyzing and Detecting Emerging Internet of Things Malware: a Graph-Based Approach
This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.doi.org/10.1109/JIOT.2019.2925929 1 Analyzing and Detecting Emerging Internet of Things Malware: A Graph-based Approach Hisham Alasmaryzy, Aminollah Khormaliy, Afsah Anwary, Jeman Parky, Jinchun Choi{y, Ahmed Abusnainay, Amro Awady, DaeHun Nyang{, and Aziz Mohaiseny yUniversity of Central Florida zKing Khalid University {Inha University Abstract—The steady growth in the number of deployed Linux-like capabilities. In particular, Busybox is widely used Internet of Things (IoT) devices has been paralleled with an equal to achieve the desired functionality; based on a light-weighted growth in the number of malicious software (malware) targeting structure, it supports utilities needed for IoT devices. those devices. In this work, we build a detection mechanism of IoT malware utilizing Control Flow Graphs (CFGs). To motivate On the other hand, and due to common structures, the for our detection mechanism, we contrast the underlying char- Linux capabilities of the IoT systems inherit and extend the acteristics of IoT malware to other types of malware—Android potential threats to the Linux system. Executable and Linkable malware, which are also Linux-based—across multiple features. Format (ELF), a standard format for executable and object The preliminary analyses reveal that the Android malware have code, is sometimes exploited as an object of malware. The high density, strong closeness and betweenness, and a larger number of nodes. -
ESET THREAT REPORT Q3 2020 | 2 ESET Researchers Reveal That Bugs Similar to Krøøk Affect More Chip Brands Than Previously Thought
THREAT REPORT Q3 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents Foreword Welcome to the Q3 2020 issue of the ESET Threat Report! 3 FEATURED STORY As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to 5 NEWS FROM THE LAB have gone “back to basics” in Q3 2020. An area where the effects of the pandemic persist, however, is remote work with its many security challenges. 9 APT GROUP ACTIVITY This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique 13 STATISTICS & TRENDS clients targeted — likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from 14 Top 10 malware detections ransomware gangs in targeting RDP. 15 Downloaders The ransomware scene, closely tracked by ESET specialists, saw a first this quarter — an attack investigated as a homicide after the death of a patient at a ransomware-struck 17 Banking malware hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning 18 Ransomware to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…. 20 Cryptominers This quarter’s research findings were equally as rich, with ESET researchers: uncovering 21 Spyware & backdoors more Wi-Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, 22 Exploits and delving into KryptoCibule, a triple threat in regard to cryptocurrencies. -
Android Reverse Engineering: Understanding Third-Party Applications
Android reverse engineering: understanding third-party applications Vicente Aguilera Díaz OWASP Spain Chapter Leader Co-founder of Internet Security Auditors [email protected] Twitter: @vaguileradiaz www.vicenteaguileradiaz.com OWASP EU Tour 2013 Copyright © The OWASP Foundation June 5, 2013. Bucharest (Romania) Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org Who I am? VICENTE AGUILERA DÍAZ Co-founder of Internet Security Auditors OWASP Spain Chapter Leader More info: www.vicenteaguileradiaz.com OWASP 2 Agenda Reverse engineering: definition and objectives Application analysis workflow Malware identification in Android apps OWASP 3 Reverse engineering: definition and objectives Definition Refers to the process of analyzing a system to identify its components and their interrelationships, and create representations of the system in another form or a higher level of abstraction. [1] Objetives The purpose of reverse engineering is not to make changes or to replicate the system under analysis, but to understand how it was built. OWASP 4 Application analysis workflow Original APK Analyze Decompress and Rebuild Dissassemble APK Modify Scope of this presentation Modified APK OWASP 5 Application analysis workflow App Name SaveAPK Astro File Manager Real APK Leecher APK apktool radare2 unzip AndroidManifest.xml /lib apktool.yml /META-INF /assets /res /res resources.arsc AXMLPrinter2.jar Disasm /smali AndroidManifest.xml Human-readable -
Arxiv:1611.10231V1 [Cs.CR] 30 Nov 2016 a INTRODUCTION 1
00 Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions Parvez Faruki, Malaviya National Institute of Technology Jaipur, India Hossein Fereidooni, University of Padua, Italy Vijay Laxmi, Malaviya National Institute of Technology Jaipur, India Mauro Conti, University of Padua, Italy Manoj Gaur, Malaviya National Institute of Technology Jaipur, India Mobile devices have become ubiquitous due to centralization of private user information, contacts, messages and multiple sensors. Google Android, an open-source mobile Operating System (OS), is currently the mar- ket leader. Android popularity has motivated the malware authors to employ set of cyber attacks leveraging code obfuscation techniques. Obfuscation is an action that modifies an application (app) code, preserving the original semantics and functionality to evade anti-malware. Code obfuscation is a contentious issue. Theoretical code analysis techniques indicate that, attaining a verifiable and secure obfuscation is impos- sible. However, obfuscation tools and techniques are popular both among malware developers (to evade anti-malware) and commercial software developers (protect intellectual rights). We conducted a survey to uncover answers to concrete and relevant questions concerning Android code obfuscation and protection techniques. The purpose of this paper is to review code obfuscation and code protection practices, and evalu- ate efficacy of existing code de-obfuscation tools. In particular, we discuss Android code obfuscation methods, custom app protection techniques, and various de-obfuscation methods. Furthermore, we review and ana- lyze the obfuscation techniques used by malware authors to evade analysis efforts. We believe that, there is a need to investigate efficiency of the defense techniques used for code protection. This survey would be beneficial to the researchers and practitioners, to understand obfuscation and de-obfuscation techniques to propose novel solutions on Android. -
Welivesecurity.Com @Esetresearch ESET Github Contents Foreword
THREAT REPORT Q1 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents Foreword Welcome to the first quarterly ESET Threat Report! 3 FEATURED STORY The first quarter of 2020 was, without a doubt, defined by the outbreak of COVID-19 — now 5 NEWS FROM THE LAB a pandemic that has put much of the world under lockdown, disrupting peoples’ lives in unprecedented ways. 6 APT GROUP ACTIVITY In the face of these developments, many businesses were forced to swiftly adopt work- from-home policies, thereby facing numerous new challenges. Soaring demand for remote 8 STATISTICS & TRENDS access and videoconferencing applications attracted cybercriminals who quickly adjusted their attack strategies to profit from the shift. 9 Top 10 malware detections Cybercriminals also haven’t hesitated to exploit public concerns surrounding the pandemic. In March 2020, we saw a surge in scam and malware campaigns using the coronavirus pan- 10 Downloaders demic as a lure, trying to capitalize on people’s fears and hunger for information. 11 Banking malware Even under lockdown, our analysts, detection engineers and security specialists continued to keep a close eye on this quarter’s developments. Some threat types — such as crypto- 12 Ransomware miners or Android malware — saw a decrease in detections compared with the previous — — 14 Cryptominers quarter; others such as web threats and stalkerware were on the rise. Web threats in particular have seen the largest increase in terms of overall numbers of detections, a 15 Spyware & backdoors possible side effect of coronavirus lockdowns. ESET Research Labs also did not stop investigating threats — Q1 2020 saw them dissect 16 Exploits obfuscation techniques in Stantinko’s new cryptomining module; detail the workings of 17 Mac threats advanced Brazil-targeting banking trojan Guildma; uncover new campaigns by the infamous Winnti Group and Turla; and uncover KrØØk, a previously unknown vulnerability affecting the 18 Android threats encryption of over a billion Wi-Fi devices. -
Windows Malware Analysis & Static Analysis Blocking CYS5120 - Malware Analysis Bahcesehir University Cyber Security Msc Program
Code Analysis Analyzing Malicious Windows Programs Static Analysis Blocking Methods 04 - Code Analysis & Windows Malware Analysis & Static Analysis Blocking CYS5120 - Malware Analysis Bahcesehir University Cyber Security Msc Program Dr. Ferhat Ozgur Catak 1 Mehmet Can Doslu 2 [email protected] [email protected] 2017-2018 Fall Dr. Ferhat Ozgur Catak & Mehmet Can Doslu 04 - Code Analysis & Windows Malware Analysis & Static Analysis Blocking Code Analysis Analyzing Malicious Windows Programs Static Analysis Blocking Methods Table of Contents 1 Code Analysis Packers & Unpacking Stack Operations Packer Anatomy Disassembler & Debugger Identifying Packed Programs IDA Pro Automated Unpacking The IDA Pro Interface Manual Unpacking Useful Windows for Analysis Anti-disassembly Lab Jump Instructions with the 2 Analyzing Malicious Windows Same Target Programs A Jump Instruction with a Introduction Constant Condition The Windows API Impossible Disassembly File System Functions The Function Pointer Problem Special Files Return Pointer Abuse The Windows Registry Misusing Structured Exception Networking APIs Handlers Lab Thwarting Stack-Frame 3 Static Analysis Blocking Methods Analysis Dr. Ferhat Ozgur Catak & Mehmet Can Doslu 04 - Code Analysis & Windows Malware Analysis & Static Analysis Blocking Code Analysis Analyzing Malicious Windows Programs Static Analysis Blocking Methods Table of Contents 1 Code Analysis Packers & Unpacking Stack Operations Packer Anatomy Disassembler & Debugger Identifying Packed Programs IDA Pro Automated Unpacking The IDA Pro Interface Manual Unpacking Useful Windows for Analysis Anti-disassembly Lab Jump Instructions with the 2 Analyzing Malicious Windows Same Target Programs A Jump Instruction with a Introduction Constant Condition The Windows API Impossible Disassembly File System Functions The Function Pointer Problem Special Files Return Pointer Abuse The Windows Registry Misusing Structured Exception Networking APIs Handlers Lab Thwarting Stack-Frame 3 Static Analysis Blocking Methods Analysis Dr. -
KR00K - CVE-2019-15126 Wi-Fi 暗号化方式における 深刻な脆弱性
ESET Research white papers TLP: WHITE KR00K - CVE-2019-15126 Wi-Fi 暗号化方式における 深刻な脆弱性 筆者: Miloš Čermák, ESET Malware Researcher Štefan SvorenČík, ESET Head of Experimental Research and Detection Róbert Lipovský, ESET Senior Malware Researcher 協力: Ondrej KuboviČ, Security Awareness Specialist 2020 年 2 月 1 KR00K CVE201915126 Wi-Fi 暗号化方式における深刻な脆弱性 TLP: WHITE 目次 エグゼクティブサマリー . 2 序章 . 3 技術的背景 . 3 KR00K 脆弱性の発見 . 4 侵入経路:脆弱性の悪用 . 5 不正な読み取り データの暗号化 . 5 影響を受ける機器 . 6 脆弱なアクセスポイント . 7 KR00K と KRACK の関係 . 7 KR00K で AMAZON エコー LED をクラッキングする方法 . 7 KRACK と KR00K の比較 . 8 結論 . 8 謝辞 . 9 発見のタイムラインと開示の経緯 . 9 ESET について . 10 筆者: Miloš Čermák, ESET Malware Researcher Štefan SvorenČík, ESET Head of Experimental Research and Detection Róbert Lipovský, ESET Senior Malware Researcher 協力: Ondrej KuboviČ, Security Awareness Specialist 2020 年 2 月 2 KR00K CVE201915126 Wi-Fi 暗号化方式における深刻な脆弱性 TLP: WHITE エグゼクティブサマリー ESET の研究者は、Wi-Fi チップにこれまで世界に知られていなかった脆弱性を発見し、Kr00k と名付けました。 CVE-2019-15126 が割り当てられたこの深刻な脆弱性は、脆弱なデバイスは数字がすべて0の暗号化キーを使用して、 ユーザーの通信の一部を暗号化するというものです。これを利用した攻撃が成功すると、攻撃者は脆弱なデバイスによっ て送信された一部のワイヤレスネットワークパケットの解読が可能となってしまいます。 Kr00k は、Broadcom および Cypress による Wi-Fi チップを搭載し、まだパッチが適用されていないデバイスに影響 します。これらの Wi-Fi チップは、スマートフォン、タブレット、ラップトップ、IoT ガジェットなどの最新の Wi-Fi 対応デバイスで使用される最も一般的なものです。 クライアントデバイスだけでなく、Broadcom チップを搭載した Wi-Fi アクセスポイントおよびルーターもこの脆弱 性の影響を受け、多くのクライアントデバイスの環境が脆弱になります。 私たちのテストでは、パッチを適用する前に、Amazon(Echo、Kindle)、 Apple(iPhone、iPad、MacBook)、 Google(Nexus)、 Samsung(Galaxy)、 Raspberry(Pi 3)、 Xiaomi(RedMi)の一部のクライアントデバイス及び、 Asus と Huawei による一部のアクセスポイントが、Kr00k に対して脆弱であることを確認しました。控えめな見積も -
Ghidra Vs Radare2
Ghidra Vs Radare2 Radare2 – is a framework built for reverse engineering and analyzing binaries. js File size differs 2462470 vs 2461765 Buffer truncated to 2461765 byte(s) (705 not compared) 86611 So… the WebAssembly is essentially generating JavaScript on-the-fly. With the addition, the latest UFC 257 lineup includes: Conor McGregor vs. Plugin manager for x64dbg. radare2 tools. Я открываю программу в Cutter — GUI для radare2 со встроенным декомпилятором ghidra, имеющим возможность эмуляции, а с недавних пор и отладки. Plugin manager for x64dbg. 7 місяців тому. Watch the UFC 257 "McGregor vs. With radare2 you can analyze, disassemble. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. radare2 was added by Tim_B in Sep 2016 and the latest update was made in Apr 2018. Free and Open Source RE Platform powered by Rizin. Ve srovnání s komerčním IDA je pomalejší a má víc chyb. Even if you know how to disassemble a Brown iron, this will not help. IDA Pro is a programmable, interactive, and multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment. 0 has been released!. We are using radare2 together with avr-gdb and simavr to reverse engineer the challenge "Jumpy" which implemets a password checking algorithm В видео речь пойдет про Ida Pro (free) x64dbg (плагины snowmen, x64dbg2ghidra) Ghidra Radare2 Затрону поверхностно windbg, binary ninja. pdf - Free ebook download as PDF File (. Patching Binaries (with vim, Binary Ninja, Ghidra and radare2) - bin 0x2F. -
MISP Objects
MISP Objects MISP Objects Introduction. 7 Funding and Support . 9 MISP objects. 10 ail-leak . 10 ais-info . 11 android-app. 12 android-permission. 13 annotation . 15 anonymisation . 16 asn . 20 attack-pattern . 22 authentication-failure-report . 22 authenticode-signerinfo . 23 av-signature. 24 bank-account. 25 bgp-hijack. 29 bgp-ranking . 30 blog . 30 boleto . 32 btc-transaction . 33 btc-wallet . 34 cap-alert . 35 cap-info. 39 cap-resource . 43 coin-address . 44 command . 46 command-line. 46 cookie . 47 cortex . 48 cortex-taxonomy . 49 course-of-action . 49 covid19-csse-daily-report . 51 covid19-dxy-live-city . 53 covid19-dxy-live-province . 54 cowrie . 55 cpe-asset . 57 1 credential . 67 credit-card . 69 crypto-material. 70 cytomic-orion-file. 73 cytomic-orion-machine . 74 dark-pattern-item. 74 ddos . 75 device . 76 diameter-attack . 77 dkim . 79 dns-record . .. -
Radare2 Book
Radare2 Book Table of Contents 1. introduction 2. Introduction i. History ii. Overview iii. Getting radare2 iv. Compilation and Portability v. Compilation on Windows vi. Command-line Flags vii. Basic Usage viii. Command Format ix. Expressions x. Rax2 xi. Basic Debugger Session xii. Contributing to radare2 3. Configuration i. Colors ii. Common Configuration Variables 4. Basic Commands i. Seeking ii. Block Size iii. Sections iv. Mapping Files v. Print Modes vi. Flags vii. Write viii. Zoom ix. Yank/Paste x. Comparing Bytes 5. Visual mode i. Visual Cursor ii. Visual Inserts iii. Visual XREFS iv. Visual Configuration Editor 6. Searching bytes i. Basic Searches ii. Configurating the Search iii. Pattern Search iv. Automatization v. Backward Search vi. Search in Assembly vii. Searching for AES Keys 7. Disassembling 2 Radare2 Book i. Adding Metadata ii. ESIL 8. Rabin2 i. File Identification ii. Entrypoint iii. Imports iv. Symbols (exports) v. Libraries vi. Strings vii. Program Sections 9. Radiff2 i. Binary Diffing 10. Rasm2 i. Assemble ii. Disassemble 11. Analysis i. Code Analysis 12. Rahash2 i. Rahash Tool 13. Debugger i. Registers 14. Remote Access Capabilities i. Remoting Capabilities 15. Plugins i. Plugins 16. Crackmes i. IOLI i. IOLI 0x00 ii. IOLI 0x01 17. Reference Card 3 Radare2 Book R2 "Book" Welcome to the Radare2 Book Webpage: https://www.gitbook.com/book/radare/radare2book/details Online: http://radare.gitbooks.io/radare2book/content/ PDF: https://www.gitbook.com/download/pdf/book/radare/radare2book Epub: https://www.gitbook.com/download/epub/book/radare/radare2book Mobi: https://www.gitbook.com/download/mobi/book/radare/radare2book introduction 4 Radare2 Book Introduction This book aims to cover most usage aspects of radare2.