Alexander Hanel alexander-hanel

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                alexander-hanel
                / README.md
            
            
              Created
              December 27, 2022 21:22
            
              
                The Fundamentals of Sharing for Malware Analyst
              
          
    Originally created on 2016-11-06
The Fundamentals of Sharing for Malware Analyst

In most organizations malware analysts are tasked to produce a deliverable derived from static or dynamic analysis. The deliverable could be to extract indicators, understand functionality, write a report or something similar. During this process the analyst will create a number of files and artifacts. These files could be IDBs, memory dumps, yara signature, decoder scripts, pcaps, notes, etc. Once the task has been completed the analyst submits their deliverable and then moves on. In many organizations the files and artifacts are not stored in a way that are accessible to others, which is a shame.  Having the data and analysis accessible to others has many positive benefits.

Promotes sharing of processes and knowledge between analyst.
Removes duplication of labor by allowing analyst to build off of previous research and analysis.
Intellectual property and artifacts are not lost when an analyst leaves the organiz


## notes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                alexander-hanel
                / notes.md
            
            
              Created
              November 16, 2022 17:32
            
              
                Program Analysis Topics And References 
              
          
    Program Analysis

Status: in progress
Logic


Intro to Formal Logic — Peter smith
Intermediate Logic - David Bostock
Natural Logic — Neil Tennant
A mathematical intro to logic — Herber Enderton
Logic and Structure — Dirk van Dalen


## bn-cheat.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              25 stars
            
          
                alexander-hanel
                / bn-cheat.md
            
            
              Last active
              May 1, 2024 15:10
            
              
                Cheat Sheet for Binary Ninja
              
          
    Binary Ninja Python API Cheat Sheet

This is a work in progress by someone who is learning about Binary Ninja.
References

https://api.binary.ninja/binaryninja.binaryview-module.html
https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7

Metadata Details

Get database name

  
## go_source_code_comments.py
import idautils
import subprocess
import os
import re
import json
import sys

GOBIN = r"C:\Program Files\Go"


## go_comment.py
import idautils
import subprocess
import os

GOBIN = r"C:\Program Files\Go\bin"


def extract_name(func_name):
    sp = func_name.split(".")
    # if the start of a function is not upper case it is not exportable

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                alexander-hanel
                / README.md
            
            
              Last active
              September 29, 2023 03:31
            
              
                IL - Overview 
              
          
    Stages


Source
1. Machine Code


disassemble (x86, ARM, MIPS, etc)
disassembler (capstone, etc)


## explore_binary_ninja.py
import logging

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)

file_name = ""

try:
    import binaryninja
    logging.debug("BinaryNinja has been imported")

## Re1_notes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                alexander-hanel
                / Re1_notes.md
            
            
              Last active
              July 13, 2023 20:56
            
          
    Disassembler (aka Task 1)

Notes on RE1.

Use a language of your choice to decode the base64 encoded data, disassemble the binary data using the capstone engine and save the text to a file named disassemble.txt


## heart_sergei.py
import idautils
import string

DEBUG = True
if DEBUG:
    import hexdump

SEGMENT = True

def get_to_xrefs(ea):

## jvm_hook.py
# Created By: Alexander Hanel
# Date: 20220425
# Version 2.0
# Purpose: Simple API logger for a subset of API's used by Java's JVM

# C:\tt\pypyp>C:\Python37\python.exe jvm_logger.py -file "C:\Progra~1\Java\jdk1.8.0_191\bin\java.exe" -args " -jar C:\tt\pypyp\victim-app-0.0.1-SNAPSHOT.jar"

import sys
import _ptrace
import argparse
	import idautils
	import subprocess
	import os
	import re
	import json
	import sys

	GOBIN = r"C:\Program Files\Go"
	import logging

	logging.basicConfig()
	logging.getLogger().setLevel(logging.DEBUG)

	file_name = ""

	try:
	import binaryninja
	logging.debug("BinaryNinja has been imported")
	import idautils
	import string

	DEBUG = True
	if DEBUG:
	import hexdump

	SEGMENT = True

	def get_to_xrefs(ea):
	# Created By: Alexander Hanel
	# Date: 20220425
	# Version 2.0
	# Purpose: Simple API logger for a subset of API's used by Java's JVM

	# C:\tt\pypyp>C:\Python37\python.exe jvm_logger.py -file "C:\Progra~1\Java\jdk1.8.0_191\bin\java.exe" -args " -jar C:\tt\pypyp\victim-app-0.0.1-SNAPSHOT.jar"

	import sys
	import _ptrace
	import argparse