alexander-hanel

import re

IGNORE_KEYWORDS = []

def get_data():
    with open("demangled_functions.txt", "r") as f:
        data_lines = [line.rstrip() for line in f]
    return data_lines

def parse(declarations):

alexander-hanel

Originally created on 2016-11-06

The Fundamentals of Sharing for Malware Analyst

In most organizations malware analysts are tasked to produce a deliverable derived from static or dynamic analysis. The deliverable could be to extract indicators, understand functionality, write a report or something similar. During this process the analyst will create a number of files and artifacts. These files could be IDBs, memory dumps, yara signature, decoder scripts, pcaps, notes, etc. Once the task has been completed the analyst submits their deliverable and then moves on. In many organizations the files and artifacts are not stored in a way that are accessible to others, which is a shame. Having the data and analysis accessible to others has many positive benefits.

1. Promotes sharing of processes and knowledge between analyst.
2. Removes duplication of labor by allowing analyst to build off of previous research and analysis.
3. Intellectual property and artifacts are not lost when an analyst leaves the organiz

alexander-hanel

Program Analysis

Status: in progress

Logic

• Intro to Formal Logic — Peter smith
• Intermediate Logic - David Bostock
• Natural Logic — Neil Tennant
• A mathematical intro to logic — Herber Enderton
• Logic and Structure — Dirk van Dalen

alexander-hanel

Binary Ninja Python API Cheat Sheet

This is a work in progress by someone who is learning about Binary Ninja.

References

• https://api.binary.ninja/binaryninja.binaryview-module.html
• https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7

Metadata Details

Get database name

alexander-hanel

import idautils
import subprocess
import os
import re
import json
import sys

GOBIN = r"C:\Program Files\Go"

alexander-hanel

import idautils
import subprocess
import os

GOBIN = r"C:\Program Files\Go\bin"


def extract_name(func_name):
    sp = func_name.split(".")
    # if the start of a function is not upper case it is not exportable 

alexander-hanel

import logging

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)

file_name = ""

try:
    import binaryninja
    logging.debug("BinaryNinja has been imported")

alexander-hanel

import idautils
import string

DEBUG = True 
if DEBUG:
    import hexdump 

SEGMENT = True 

def get_to_xrefs(ea):

alexander-hanel

Cryptopals

link

Set 1

Challenge 1: Convert hex to base64

use std::str;
extern crate base64;

alexander-hanel

Rust Ownership Notes

Rather than relying on garbage collection or user memory allocation (via allocate/free memory), Rust relys on the compiler to ensure memory is managed through ownership.

Ownership is a set of rules that governs how a Rust program manages memory.

Ownership helps with organizing how data is stored in the heap, minimizing duplication of data in the heap and cleaning up the heap. Data types (e.g. Scalar types) are not stored in the heap. Data types (e.g. integers) can be easily pushed/stored and popped/removed on the stack. Rust enforces single ownership.

Ownership Rules