Hace aproximadamente 1 año empezó radare2, un desarrollo paralelo a radare, orientado a ofrecer una API genérica y simple para C, Vala, Genie, python, perl y ruby con el fin de mantener el mínimo de código y presentar un acceso genérico a backends de debugging, formato de fichero, arquitectura, etc.
El framework facilita el uso de plugins o scripting para usar diversos backends de ensamblar/desensamblar, analizar cabeceras, emular, depurar, analizar código, buscar patrones, secuencias binarias entre otras.
Diseñado para ser portable entre múltiples arquitecturas y sistemas operativos, entre ellos, Linux, BSD, Solaris, Windows, x86-32/64, ARM, PowerPC y MIPS.
En la charla se presentará el conjunto de librerías y ejemplos prácticos de uso de esta herramienta.
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이GangSeok Lee
2012 CodeEngn Conference 06
Secuinside는 코스콤에서 주최, 연합해킹그룹 HARU, 고려대 정보보호대학원에서 주관하는 국제 해킹대회 및 보안컨퍼런스로써 얼마전 개최된 해킹대회 예선전 문제들을 풀기위해 사용한 분석기술과 ASLR과 NX를 우회하는 새로운 익스플로잇 기술에 대해서 소개한다.
http://codeengn.com/conference/06
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이GangSeok Lee
2012 CodeEngn Conference 06
Secuinside는 코스콤에서 주최, 연합해킹그룹 HARU, 고려대 정보보호대학원에서 주관하는 국제 해킹대회 및 보안컨퍼런스로써 얼마전 개최된 해킹대회 예선전 문제들을 풀기위해 사용한 분석기술과 ASLR과 NX를 우회하는 새로운 익스플로잇 기술에 대해서 소개한다.
http://codeengn.com/conference/06
Have you ever thought, “I wish it was easier to change JavaScript code programmatically?” Maybe you wanted to write or edit a configuration block in source code. Perhaps you wanted to generate customized algorithmic code. For many, this kind of thing seems inaccessible.
The tools exist, though. In this talk, Stephen Vance will look at how he has used recast and esprima to edit and rewrite JavaScript code, leaving the untouched code completely intact, including whitespace and comments. At the end, you should have enough knowledge to be dangerous and start to write the next automatic programming, AI, take-over-the-world, self-improving software.
This presentation is for those students and IT professionals who have basic programming knowledge and want to learn Perl basics for Pentesting.
We have explained minimal Perl basics which a pentester should know to write,read,modify Perl scripts for Pentesting like data type, comparison operator, loop controls, minimal CPAN modules related to web and networking, perl scripts in Kali and some demo
$kernel->infect(): Creating a cryptovirus for Symfony2 appsRaul Fraile
Slides for my presentation at the Symfony Valencia meetup on creating a cryptovirus for Symfony2 apps.
Video (in Spanish): http://www.youtube.com/watch?v=rLHzmA0UuIw
various tricks for remote linux exploits by Seok-Ha Lee (wh1ant)CODE BLUE
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
Getting Started with Raspberry Pi - DCC 2013.1Tom Paulus
The Raspberry Pi is a small credit-card sized linux computer. Developers and hobbyists around the world are creating miraculous applications and projects, and now you can join them. Last year we presented Raspberry Pi, What We Have Learned So Far, This year's presentation covers the first steps to using your Pi. From the basics, like burning your SD Card to creating a News Reader, you will learn GPIO Basics and simple Python tools. Communication between other components using SPI or I2C will also be covered. It is recommended, but not required that you have a Raspberry Pi, some knowledge of Python and simple electronics.
Have you ever thought, “I wish it was easier to change JavaScript code programmatically?” Maybe you wanted to write or edit a configuration block in source code. Perhaps you wanted to generate customized algorithmic code. For many, this kind of thing seems inaccessible.
The tools exist, though. In this talk, Stephen Vance will look at how he has used recast and esprima to edit and rewrite JavaScript code, leaving the untouched code completely intact, including whitespace and comments. At the end, you should have enough knowledge to be dangerous and start to write the next automatic programming, AI, take-over-the-world, self-improving software.
This presentation is for those students and IT professionals who have basic programming knowledge and want to learn Perl basics for Pentesting.
We have explained minimal Perl basics which a pentester should know to write,read,modify Perl scripts for Pentesting like data type, comparison operator, loop controls, minimal CPAN modules related to web and networking, perl scripts in Kali and some demo
$kernel->infect(): Creating a cryptovirus for Symfony2 appsRaul Fraile
Slides for my presentation at the Symfony Valencia meetup on creating a cryptovirus for Symfony2 apps.
Video (in Spanish): http://www.youtube.com/watch?v=rLHzmA0UuIw
various tricks for remote linux exploits by Seok-Ha Lee (wh1ant)CODE BLUE
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
Getting Started with Raspberry Pi - DCC 2013.1Tom Paulus
The Raspberry Pi is a small credit-card sized linux computer. Developers and hobbyists around the world are creating miraculous applications and projects, and now you can join them. Last year we presented Raspberry Pi, What We Have Learned So Far, This year's presentation covers the first steps to using your Pi. From the basics, like burning your SD Card to creating a News Reader, you will learn GPIO Basics and simple Python tools. Communication between other components using SPI or I2C will also be covered. It is recommended, but not required that you have a Raspberry Pi, some knowledge of Python and simple electronics.
Hadoop meetup : HUGFR Construire le cluster le plus rapide pour l'analyse des...Modern Data Stack France
Construire le cluster le plus rapide pour l'analyse des datas : benchmarks sur un régresseur par Christopher Bourez (Axa Global Direct)
Les toutes dernières technologies de calcul parallèle permettent de calculer des modèles de prédiction sur des big datas en des temps records. Avec le cloud est facilité l'accès à des configurations hardware modernes avec la possibilité d'une scalabilité éphémère durant les calculs. Des benchmarks sont réalisés sur plusieurs configuration hardware, allant de 1 instance à un cluster de 100 instances.
Christopher Bourez, développeur & manager expert en systèmes d'information modernes chez Axa Global Direct. Alien thinker. Blog : http://christopher5106.github.io/
ManageIQ currently runs on Ruby on Rails 3. Aaron "tenderlove" Patterson presents his effort to migrate to RoR 4, which entails some changes in the code to take advantage of the latest advances in RoR.
For more on ManageIQ, see http://manageiq.org/
[AI04] Scaling Machine Learning to Big Data Using SparkML and SparkRde:code 2017
Azure's HDInsight provides an easy way to process big data using Spark, and learn from it using Machine Learning. See SparkML in action, and learn how to use R and Python at scale, within Jupyter.
製品/テクノロジ: AI (人工知能)/Deep Learning (深層学習)/Machine Learning (機械学習)/Microsoft Azure
Michael Lanzetta
Microsoft Corporation
Developer Experience and Evangelism
Principal Software Development Engineer
More on bpftrace for MariaDB DBAs and Developers - FOSDEM 2022 MariaDB DevroomValeriy Kravchuk
bpftrace is a relatively new open source tracer for modern Linux (kernels 5.x.y) that may help to troubleshoot performance issues in production as well as to get insights on how software really works. I use it for a couple of years and would like to present more details on how to do it efficiently, including but not limited to adding user probes to different lines of the code inside functions, checking values of local variables and using bpftrace as a code coverage tool.
How to use Parquet as a basis for ETL and analyticsJulien Le Dem
Parquet is a columnar format designed to be extremely efficient and interoperable across the hadoop ecosystem. Its integration in most of the Hadoop processing frameworks (Impala, Hive, Pig, Cascading, Crunch, Scalding, Spark, …) and serialization models (Thrift, Avro, Protocol Buffers, …) makes it easy to use in existing ETL and processing pipelines, while giving flexibility of choice on the query engine (whether in Java or C++). In this talk, we will describe how one can us Parquet with a wide variety of data analysis tools like Spark, Impala, Pig, Hive, and Cascading to create powerful, efficient data analysis pipelines. Data management is simplified as the format is self describing and handles schema evolution. Support for nested structures enables more natural modeling of data for Hadoop compared to flat representations that create the need for often costly joins.
Spark Streaming Programming Techniques You Should Know with Gerard MaasSpark Summit
At its heart, Spark Streaming is a scheduling framework, able to efficiently collect and deliver data to Spark for further processing. While the DStream abstraction provides high-level functions to process streams, several operations also grant us access to deeper levels of the API, where we can directly operate on RDDs, transform them to Datasets to make use of that abstraction or store the data for later processing. Between these API layers lie many hooks that we can manipulate to enrich our Spark Streaming jobs. In this presentation we will demonstrate how to tap into the Spark Streaming scheduler to run arbitrary data workloads, we will show practical uses of the forgotten ‘ConstantInputDStream’ and will explain how to combine Spark Streaming with probabilistic data structures to optimize the use of memory in order to improve the resource usage of long-running streaming jobs. Attendees of this session will come out with a richer toolbox of techniques to widen the use of Spark Streaming and improve the robustness of new or existing jobs.
Similar to Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010] (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Overview
radare2 is a rewrite of radare (r1) focusing on:
- API (refactor, clean)
- Por tability (osx,linux,bsd,w32)
- Modularity (˜40 modules)
- Scripting and bindings (valaswig)
Status of 0.4
- Aiming to be as compatible as possible with r1
- Some command and concepts has been redefined
- Runtime >10x faster
- Smar t and cleaner code (40% of LOCs)
- Refactoring never ends -:)
4. Language bindings
* C is fun, but people love to loose CPU cycles..
- Automatic bindings generated by valaswig
- Vala and Genie by default
- Python, Perl, Lua and Ruby (more will come)
- Access to full internal API
- Binded code can use native instances and viceversa
- Transparent access to generics, collections, iterators,
classes, enums, structures, arrays, basic types..
* Valaswig is a .vapi to .i translator
$ hg clone http://hg.youterm.com/valaswig
$ wget http://radare.org/get/valaswig-0.1.tar.gz
7. r2w
Aims to be a web frontend for radare2
- Written in python (no dependencies)
- jQuer y and CSS hardly simplifies the design of the gui
- At the moment it is just a PoC
- Assembler/disassembler, debugger, hasher demos
$ python main.py
Process with PID 20951 started...
URL=http://127.0.0.1:8080/
ROOT=/home/pancake/prg/r2w/www
$ surf http://127.0.0.1:8080
...
(demo)
8. Searching bytes
* One of the very basic features of r1 has been rewritten
in order to offer a clean API to search keywords with
binar y masks, patterns, regular expressions and strings.
/* Genie example search patterns */
uses
Radare.RSearch
init
var s = new RSearch (Mode.KEYWORD)
s.kw_add ("lib", "")
s.begin ()
var str = "foo is pure lib"
s.update_i (0, str, str.len ())
9. Debugging
* Several APIs affected: (debug, reg, bp, io)
- No os/arch specific stuff
- Same code works on w32, OSX, BSD and GNU/Linux
- Basics on x86-32/64, PowerPC, MIPS and ARM
- Not all functionalities of r1 implemented (work in progress)
- Debugger is no longer an IO backend
- Program transplant between different backends
- Some basics on backtrace, process childs and threads
- Memor y management (user/system memory maps)
- Only software breakpoints atm
- Traptracing, and software stepping implemented
10. Demo
Sample debugging session
$ r2 -V
radare2 0.4 @ linux-lil-x86
$ r2 -d ls
[0x080498a0]> ds # step one instruction
[0x080498a0]> dsl # step source line
[0x080498a0]> dr= # display registers
eip 0xb7883812 oeax 0xffffffff eax 0xbfd89800
ecx 0x00000000 edx 0x00000000 esp 0xbfd89800
esi 0x00000000 edi 0x00000000 eflags 0x00000292
[0x080498a0]> dcu sym.main # continue until sym.main
[0x080498a0]> dpt # display process threads
6064 s (current)
6064 s thread_0
[0x080498a0]> dbt # display backtrace
NOTE: Debugger commands no longer relay on IO backend ’!’
11. r2rc the relocatable code compiler
* Simple and minimal compiler for x86 32/64
- arm and powerpc suppor t will follow
- C-like syntax, with low-level hints
- Allows to generate assembly code ready to be injected
- Used as interface for native and crossplatform injection
* Accessible thru shell and API
# r_sys_cmd_str -> r_asm_massemble -> r_debug_inject
$ r2rc main.r > main.asm
$ rasm2 -f main.asm > main.hex
$ r2 -d ls
[0x08048594]> wF main.hex @ eip # write hexpairs
[0x08048594]> dc # continue execution
13. RAnal
* Data and code analysis
* Analyzed data is accessible from opcode level to
function level (opcode, BB, functions, vars, xrefs...)
* Combine data is very quickly
Eg.: Filter bb by function, graph bb hierarchy,
analyze references...
* Graph output in graphviz format (dot)
14. Demo
* Code & Data analysis
* Graph generation
- Full
- Par tial
* Source code graph
16. RBin
* Header analysis
* Suppor ts:
ELF32, ELF64, PE32, PE32+, MACH-O,
MACH-O64, CLASS...
* Format-Agnostic API
* All sub-libs have been written from scratch
* All sub-libs offer a complete API for working
with specific formats
* Keeps reversing (and minimalism) in mind
17. RBin
* Read support
- Impor ts
- Symbols (Exports)
- Sections
- Linked libraries
- Strings
- Binar y info
object type
endianness
debug data/stripped
static/dynamic...
18. RBin
* Write support (*)
- Add/Remove/Resize {sections, impor ts, symbols}
- Edit header fields
* Metadata support (*)
(*) = Work in progress
19. Demo
* Format-agnostic API
$ python imports.py ls
$ python imports.py user32.dll
$ python imports.py osx-ls.1
$ cat imports.py
#!/usr/bin/python
from libr import *
import sys
if (len (sys.argv) == 2):
file = sys.argv[1]
else:
file = "/bin/ls"
b = RBin ()
b.load(file, None)
baddr= b.get_baddr()
print ’-> Imports’
for i in b.get_imports ():
print ’offset=0x%08x va=0x%08x %s’ % (
i.offset, baddr+i.rva, i.name)
20. RAsm
* (Dis)Assembly library
* Suppor ts x86, x86-64, PPC, MIPS, ARM,
SPARC, m68k, psosvm...
* Uses:
- (Dis)Assembly backed
- Compile inline code in order to be injected
- Assembly backend of rcc
* All parameters (arch, wordsize...) can be modified
in runtine, so generic injection are easy to implement
24. Demo (XorPacker)
- Xor from .text to .rodata
- Execution flow
Entr ypoint -> Init -> main
- Analyze entrypoint
Get init address
- Overwrite init with the packer payload
Change page permissions with mprotect
Xor from .text to .data (take care of payload code)