aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2026-01-10 01:34:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

updating tools

Browse Source
This commit is contained in:
Amanda Rousseau
2017-03-21 16:27:12 -07:00
parent 9ec5088c3c
commit b746acc054
2 changed files with 57 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
retools.md
View File

@@ -18,23 +18,6 @@ title: RE Tools
---
### Disassembler: IdaFree
![alt text](https://securedorg.github.io/images/IdaFree.gif "IdaFree Layout")
* **Visual Modes**
* **Graph Mode** - control flow diagram
* **Text Mode** - default view of disassembled code
* **Command Cheatsheet**
* Please refer to this [Ida cheatsheet](https://securedorg.github.io/idacheatsheet.html)
* **Common Commands**
| Action | Command |
| --- | --- |
| Jump to xref to operand | X |
| Jump to address | G |
| Enter comment | Shift+; |
## Debuggers
* [x64dbg](http://x64dbg.com/) (Used in this worksop)
@@ -44,27 +27,6 @@ title: RE Tools
---
### Debugger: x64dbg
![alt text](https://securedorg.github.io/images/x64dbg.gif "x64dbg Layout")
**Common Commands**
| Action | Command |
| --- | --- |
| Enter comment | Shift+; |
| BreakPoint | F2 |
| Step into | F7 |
| Step over | F8 |
| Run | F9 |
| Edit Instruction | Enter |
### Keyboard Layout for IdaFree and x64dbg
![alt text](https://securedorg.github.io/images/keyboarddbg.gif "Keyboad Layout")
---
## Decompilers
* [Snowman](https://derevenets.com/) (Integrated with x64dbg)
@@ -93,6 +55,55 @@ title: RE Tools
* [robtex.com](https://www.robtex.com/) - free DNS lookup tool
* [www.debuggex.com](https://www.debuggex.com/) - Online Visual Regex Tester
---
## Support
* [HxD Hex Editor](https://mh-nexus.de/en/hxd/) (Used in this worksop)
* [Python](https://www.python.org/downloads/) - used for automating tasks
---
## Tools Used in the Workshop
### Disassembler: IdaFree
![alt text](https://securedorg.github.io/images/IdaFree.gif "IdaFree Layout")
* **Visual Modes**
* **Graph Mode** - control flow diagram
* **Text Mode** - default view of disassembled code
* **Command Cheatsheet**
* Please refer to this [Ida cheatsheet](https://securedorg.github.io/idacheatsheet.html)
* **Common Commands**
| Action | Command |
| --- | --- |
| Jump to xref to operand | X |
| Jump to address | G |
| Enter comment | Shift+; |
---
### Debugger: x64dbg
![alt text](https://securedorg.github.io/images/x64dbg.gif "x64dbg Layout")
**Common Commands**
| Action | Command |
| --- | --- |
| Enter comment | Shift+; |
| BreakPoint | F2 |
| Step into | F7 |
| Step over | F8 |
| Run | F9 |
| Edit Instruction | Enter |
### Keyboard Layout for IdaFree and x64dbg
![alt text](https://securedorg.github.io/images/keyboarddbg.gif "Keyboad Layout")
---
## Information Gathering: CFF Explorer
@@ -110,12 +121,5 @@ title: RE Tools
![alt text](https://securedorg.github.io/images/procmon.png "Procmon")
---
## Support
* [HxD Hex Editor](https://mh-nexus.de/en/hxd/) (Used in this worksop)
* [Python](https://www.python.org/downloads/) - used for automating tasks
[Section 2.1 <- Back](https://securedorg.github.io/RE101/section2.1) | [Next -> Section 4](https://securedorg.github.io/RE101/section4)

16
triage.md
View File

@@ -13,14 +13,14 @@ You will want to quickly narrow down specific information and indicators before
This checklist should get you started:
- [x] File Context and Delivery
- [x] File Information & Header Analysis
- [x] Get Basic PE information
- [x] Simple Search
- [x] Collect Strings
- [x] Check AV vendors
- [x] Quick VM Detonation
- [x] Capture network information
- File Context and Delivery
- File Information & Header Analysis
- Get Basic PE information
- Simple Search
- Collect Strings
- Check AV vendors
- Quick VM Detonation
- Capture network information
### File Context and Delivery