From b746acc05484036976b571263fa4b6707bc9708e Mon Sep 17 00:00:00 2001 From: Amanda Rousseau Date: Tue, 21 Mar 2017 16:27:12 -0700 Subject: [PATCH] updating tools --- retools.md | 94 ++++++++++++++++++++++++++++-------------------------- triage.md | 16 +++++----- 2 files changed, 57 insertions(+), 53 deletions(-) diff --git a/retools.md b/retools.md index e852fbc..1cc3820 100644 --- a/retools.md +++ b/retools.md @@ -18,23 +18,6 @@ title: RE Tools --- -### Disassembler: IdaFree - -![alt text](https://securedorg.github.io/images/IdaFree.gif "IdaFree Layout") - -* **Visual Modes** - * **Graph Mode** - control flow diagram - * **Text Mode** - default view of disassembled code -* **Command Cheatsheet** - * Please refer to this [Ida cheatsheet](https://securedorg.github.io/idacheatsheet.html) -* **Common Commands** - -| Action | Command | -| --- | --- | -| Jump to xref to operand | X | -| Jump to address | G | -| Enter comment | Shift+; | - ## Debuggers * [x64dbg](http://x64dbg.com/) (Used in this worksop) @@ -44,27 +27,6 @@ title: RE Tools --- -### Debugger: x64dbg - -![alt text](https://securedorg.github.io/images/x64dbg.gif "x64dbg Layout") - -**Common Commands** - -| Action | Command | -| --- | --- | -| Enter comment | Shift+; | -| BreakPoint | F2 | -| Step into | F7 | -| Step over | F8 | -| Run | F9 | -| Edit Instruction | Enter | - -### Keyboard Layout for IdaFree and x64dbg - -![alt text](https://securedorg.github.io/images/keyboarddbg.gif "Keyboad Layout") - ---- - ## Decompilers * [Snowman](https://derevenets.com/) (Integrated with x64dbg) @@ -93,6 +55,55 @@ title: RE Tools * [robtex.com](https://www.robtex.com/) - free DNS lookup tool * [www.debuggex.com](https://www.debuggex.com/) - Online Visual Regex Tester +--- + +## Support + +* [HxD Hex Editor](https://mh-nexus.de/en/hxd/) (Used in this worksop) +* [Python](https://www.python.org/downloads/) - used for automating tasks + +--- + +## Tools Used in the Workshop + +### Disassembler: IdaFree + +![alt text](https://securedorg.github.io/images/IdaFree.gif "IdaFree Layout") + +* **Visual Modes** + * **Graph Mode** - control flow diagram + * **Text Mode** - default view of disassembled code +* **Command Cheatsheet** + * Please refer to this [Ida cheatsheet](https://securedorg.github.io/idacheatsheet.html) +* **Common Commands** + +| Action | Command | +| --- | --- | +| Jump to xref to operand | X | +| Jump to address | G | +| Enter comment | Shift+; | + +--- + +### Debugger: x64dbg + +![alt text](https://securedorg.github.io/images/x64dbg.gif "x64dbg Layout") + +**Common Commands** + +| Action | Command | +| --- | --- | +| Enter comment | Shift+; | +| BreakPoint | F2 | +| Step into | F7 | +| Step over | F8 | +| Run | F9 | +| Edit Instruction | Enter | + +### Keyboard Layout for IdaFree and x64dbg + +![alt text](https://securedorg.github.io/images/keyboarddbg.gif "Keyboad Layout") + --- ## Information Gathering: CFF Explorer @@ -110,12 +121,5 @@ title: RE Tools ![alt text](https://securedorg.github.io/images/procmon.png "Procmon") ---- - -## Support - -* [HxD Hex Editor](https://mh-nexus.de/en/hxd/) (Used in this worksop) -* [Python](https://www.python.org/downloads/) - used for automating tasks - [Section 2.1 <- Back](https://securedorg.github.io/RE101/section2.1) | [Next -> Section 4](https://securedorg.github.io/RE101/section4) diff --git a/triage.md b/triage.md index 5c23a2f..9b13896 100644 --- a/triage.md +++ b/triage.md @@ -13,14 +13,14 @@ You will want to quickly narrow down specific information and indicators before This checklist should get you started: -- [x] File Context and Delivery -- [x] File Information & Header Analysis -- [x] Get Basic PE information -- [x] Simple Search -- [x] Collect Strings -- [x] Check AV vendors -- [x] Quick VM Detonation -- [x] Capture network information +- File Context and Delivery +- File Information & Header Analysis +- Get Basic PE information +- Simple Search +- Collect Strings +- Check AV vendors +- Quick VM Detonation +- Capture network information ### File Context and Delivery