From 13aea963a19085a438e683fecc8c9a27decb5a76 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 26 Dec 2017 00:11:34 -0500 Subject: [PATCH] adding exploit development references --- exploit_development/README.md | 43 +++++++++++++++++++++++++++++++++++ reverse_engineering/README.md | 22 ++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 exploit_development/README.md diff --git a/exploit_development/README.md b/exploit_development/README.md new file mode 100644 index 0000000..09abae0 --- /dev/null +++ b/exploit_development/README.md @@ -0,0 +1,43 @@ +# Exploit Development References + +## Tutorials and Examples + +* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) +* [Shellcode Examples](http://shell-storm.org/shellcode/) +* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) + +## Hex Editors + +* [HexEdit.js](https://hexed.it) - Browser-based hex editing. +* [Hexinator](https://hexinator.com/) - World's finest (proprietary, commercial) Hex Editor. +* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. +* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types. + + +## File Format Analysis Tools + +* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. +* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool. +* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. + +## Reverse Engineering Tools + +The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE [REVERSE ENGINEERING SECTION](https://github.com/The-Art-of-Hacking/art-of-hacking/blob/master/reverse_engineering/README.md) for more references. + +* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). +* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. +* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. +* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. +* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. +* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. +* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. +* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler. +* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. +* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. +* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. +* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. +* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. +* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python. +* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. +* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. +* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. diff --git a/reverse_engineering/README.md b/reverse_engineering/README.md index 67ff5c5..6891e15 100644 --- a/reverse_engineering/README.md +++ b/reverse_engineering/README.md @@ -38,3 +38,25 @@ * [Reverse Engineering Malware 101](https://securedorg.github.io/RE101/) * [RPISEC Malware Course](https://github.com/RPISEC/Malware) * [TiGa's Video Tutorials](http://www.woodmann.com/TiGa/) +* [Malware Traffic Analysis](http://www.malware-traffic-analysis.net) + +## Other Tools +### Reverse Engineering Tools + +* [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml). +* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. +* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. +* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. +* [x64dbg](http://x64dbg.com/) - Open source x64/x32 debugger for windows. +* [Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware. +* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. +* [Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler. +* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. +* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. +* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. +* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. +* [PyREBox](https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos. +* [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python. +* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. +* [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool. +* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.