Ghidra v9.0.1 Released: Security Fixes and New Features.

Reading time ~1min

Ghidra is a software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate. The latest version of Ghidra (v9.0.1.) addresses security issues and bugs as well as introduces some improvements to enhance the overall user experience. One of the most notable fixes is an XXE vulnerability that could allow an attacker to trick a user into opening or restoring a specially crafted project.

A new feature was also added on version 9.0.1 – a script that shows all equates within the current selection.

Continue reading “Ghidra v9.0.1 Released: Security Fixes and New Features.”

Ghidra: All you Need to Know about the NSA’s Reverse Engineering Tool

Reading time ~10min

Ghidra is a Software Reverse Engineering (SRE) framework created and maintained by the National Security Agency (NSA) Research Directorate. Ghidra is an open-source tool that allows security researchers and malware analysts to ‘hack’ into the code behind the software.

The program’s 1.2 million lines of code are designed to reverse the compiler process, decompiling executable code into assembly listings and finally into approximate C code. Capabilities include disassembly, assembly, decompilation, graphing control flows through functions, scripting, inspecting symbols and references, identifying variables, data along with hundreds of other features. It’ll all be very familiar to you if you used similar reverse engineering tools, such as IDA, Binary Ninja, Radare, Hopper, Snowman etc.

Continue reading “Ghidra: All you Need to Know about the NSA’s Reverse Engineering Tool”

Windows Batch Script APT Simulator ToolSet

Reading time ~1min

APT Simulator is a toolset that allows you to make a system to look as if it has been compromised by an Advanced Persistence Threat (APT) actor. There are multiply use-cases to use this tool. For example,  it can allow attack simulation against your SOC environment to measure the effectiveness of your team against time-to-respond and time-to-contain during an incident. Another use-case could be to launch it in a PC to train your team against Digital Forensics and Incident Response (DFIR) capabilities.

Continue reading “Windows Batch Script APT Simulator ToolSet”

HashCat 4.0 Released: One of the fastest GPU Password Crackers

Reading time ~5min

Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly optimised hashing algorithms. Hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and MacOS, and has facilities to help enable distributed password cracking.

Continue reading “HashCat 4.0 Released: One of the fastest GPU Password Crackers”