Security through explanation
Additions Added the Ghidra script to decrypt strings in Amadey 1.09 article to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
Over the last months, the amount of new blogs has unintentionally decreased. In March 2020, I became ill with the (then quite novel) Corona virus. The roughly two weeks that I was in bed, weren’t enjoyable. However, as most young and healthy persons, I recovered. Over time, more and more became known about the virus, … Read more
The last release of the Java API client was published on the 23rd of December 2020, as can be read here. In this release, several features have been added. Below, the changes are explained in detail. One can find the library’s code here. The latest release of the precompiled JAR can be found here. Table … Read more
Additions Added the analysing scripts article to the common techniques chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
The first release of the Java API client was published on the 14th of October 2020, as can be read here. In this release, several features have been changed and modified. Below, the changes are explained in detail. One can find the library’s code here. The latest release of the precompiled JAR can be found … Read more
On the 20th of November 2020, HackFest held its annual conference, which included a capture the flag event. Two challenges, both of which were featured in the classic CTF, were created by me. Both write-ups are given in this article, starting off with the challenge description, after which the observations based on the description are … Read more
Hatching provides a sandbox named Triage. The sandbox is free for researchers, where each uploaded sample is made publicly available to others who visit the website. The API of Triage returns JSON values based on models that are outlined in the documentation. Using this documentation, I recreated their API endpoints into a Java library, which … Read more
Additions Added the Automatic ReZer0 payload and configuration extraction article to the analysis scripts chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
This review covers No Starch Press’ Ghidra Book, which is written by Chris Eagle and Kara Nance. The book provides an extensive overview of Ghidra’s capabilities, including screenshots and examples. This review covers the whole book, where I summarised each chapter, together with my thoughts and experiences on the covered content. Within the conclusion, a … Read more
Analysing an Android application, commonly referred to as an APK, can be done in a variety of ways. One can use APKTool to decode the application, thereby obtaining the manifest, the classes.dex, and the application’s resources. The classes.dex file can then be converted into a JAR using dex2jar, after which it can be decompiled. All … Read more