This review covers No Starch Press’ Ghidra Book, which is written by Chris Eagle and Kara Nance. The book provides an extensive overview of Ghidra’s capabilities, including screenshots and examples. This review covers the whole book, where I summarised each chapter, together with my thoughts and experiences on the covered content. Within the conclusion, a … Read more
Analysing an Android application, commonly referred to as an APK, can be done in a variety of ways. One can use APKTool to decode the application, thereby obtaining the manifest, the classes.dex, and the application’s resources. The classes.dex file can then be converted into a JAR using dex2jar, after which it can be decompiled. All … Read more
Additions Added the ReZer0v4 loader article to the malware analysis chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
MalShare is a free initiative for researchers to share malware samples for research purposes, which can be accessed via the website and via the API. Before open-sourcing this API client, there was no publicly supported Java library. The code can be found on Github. Below, more information on the usage is given, as well as … Read more
This update adds a new feature to AndroidProjectCreator: the compact installation of all dependencies. To update to this version, simply replace the JAR and replace it with the new release. To quickly install AndroidProjectCreator, one can use the compact installation, as is shown below. java -jar ./AndroidProjectCreator.jar -compactInstall This clones all required tools from a … Read more
MalPull has received an overhaul, as it is now uses multiple threads to download the given hashes concurrently. It is now also able to download samples from VirusTotal, if you have a working API key. This release contains breaking changes compared to the last version, as the command-line arguments have been changed. At first, the … Read more
On the 20th of June 2020, iHack took place as a virtual conference with two capture the flag games. The beginner CTF was aimed at starters, whereas the classic CTF was aimed at players who already played in a few CTF competitions. The MalwareTheFlag team created 9 challenges for the CTF. Four write-ups are given … Read more
Additions Added the A year in review: 2019-2020 article to the miscellaneous chapter. To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @LibraAnalysis.
People learn by doing, hence the saying practice makes perfect. Not everything that people make, is published. Sometimes researchers deliberately refrain from publishing specific material. In this blog, I want to talk about the balance between malware creation and malware research. Needless to say, the type of creation that is covered in this blog, is … Read more