BinAbsInspector – Vulnerability Scanner For Binaries

BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation with the support from Ghidra. It works on Ghidra’s Pcode instead of assembly. Currently it supports binaries on x86,x64, armv7 and aarch64. InstallationRead More

VulFi – Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries

The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, itRead More

DDexec – A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy (this is just how execve() works). This file may reside on disk or in ram (tmpfs, memfd) but you need a filepath. This has made very easy to controlRead More

Litefuzz – A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers

Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while just making a few honest trade-offs. ItRead More

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the methodology an analyst might follow when tackling a Go binary. Scripts are released under GPL license (honoring Tim Strazzere’s original GolangLoaderAssist whichRead More

Fileless-Xec – Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk

Certainly useful , mainly for fun, rougly inspired by 0x00 article Pentest use: fileless-xec is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec enable us to execute a remote binary on a local machine directly from memory without dropping them on disk ➪ Install simple usageRead More

ZipExec – A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. ThisRead More

ELFXtract – An Automated Analysis Tool Used For Enumerating ELF Binaries

[*] ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling ELFs in Ghidra takes more time,Read More

ImpulsiveDLLHijack – C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR’s. 1. Methodological Approach : The tool basically acts on automating following stages performed for DLL Hijacking: Discovery – Finding Potentially Vulnerable DLL Hijack paths ExploitationRead More

LazySign – Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files

Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,… This repo gives you the opportunity of fake signingRead More