Security through explanation
Additions Added the Ghidra script to decrypt a string array in XOR DDoS article to the analysis scripts chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @Libranalysis.
Additions Added the Debugging Dot Net binaries article to the common techniques chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @Libranalysis.
Additions Added the a year in review: 2020-2021 article to the miscellaneous chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @Libranalysis.
This update contains two changes in the back-end of AndroidProjectCreator that do not affect the usage of the program. The program’s source code can be found here, along with the latest release. The first change relates to an optimisation related to JAD-X. When using JAD-X as the decompiler, APC now utlises JAD-X’s direct decompilation, rather … Read more
MalPull is designed to use a minimal amount of API calls from services that limit requests. In version 1.2-stable, support to download samples from Triage was added. This service has, currently, no API request limit, yet it was queried the latest. In this minor fix, it has been moved up, making it the first to … Read more
MalShare is a free initiative for researchers to share malware samples for research purposes, which can be accessed via the website and via the API. Before open-sourcing this API client, there was no publicly supported Java library. The code can be found on Github, along with the latest release. Below, more information on the usage … Read more
The main page for this API client can be found here. In this release, minor changes were made. Below, the changes are explained in detail. One can find the library’s code here. The latest release of the precompiled JAR can be found here. Table of contents Renaming packages Using timezones Family detection support Future work … Read more
MalPull now supports Triage support as a location to download samples from. Do note that you need a working API key to use the service. Additionally, some minor changes have been made in the JavaDoc. Lastly, the amount of downloaded samples was wrong, as it used to display the amount of loaded hashes, rather than … Read more
The main page for this API client can be found here. In this release, two new features have been added, and the documentation has been updated. Below, the changes are explained in detail. One can find the library’s code here. The latest release of the precompiled JAR can be found here. Table of contents Getting … Read more
Additions Added the Ghidra script to decrypt strings in Amadey 1.09 article to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @Libranalysis.