Articles

Tools and Frameworks for Binary Analysis

ByAdmin November 14, 2023November 14, 2023

There are several tools and frameworks designed for binary analysis, which are key for cyber-security work (e.g, malware analysis).

And, lend themselves to a whole host of areas such as reverse engineering, vulnerability discovery and and exploitation.

The following are some of the most popular ones and worth investigating further.

IDA (Interactive Disassembler) which is a disassembler and debugger and considered the gold standard for binary analysis. There is both a free and commercial version.
Ghidra which is a software reverse engineering (SRE) suite of tools developed by the NSA’s Research Directorate. It’s open-source and offers similar functionality to IDA.
Binary Ninja which is quite new compared to the others, but it also includes a decompiler, supports scripting and is more affordable than IDA.
Radare2 which is an open-source framework that provides a set of tools for reverse engineering, binary analysis and exploitation; and, known for its command-line interface and ability to analyze binaries of various processor architectures.
Hopper which is a binary disassembler, decompiler, and debugger for macOS and Linux; and, popular for working on Mac and iOS applications.

You can also integrate binary analysis into your own code, and develop your own tools. The best way to do this is via an existing framework. The following are some libraries and frameworks worth investigating.

Capstone which is an open-source, multi-architecture, multi-platform disassembly framework. It supports a variety of instruction sets and can be used from Python through its bindings.
angr is a powerful Python framework for analyzing binaries. It includes capabilities for binary loading, disassembly, symbolic execution, and various forms of static and dynamic analysis.
Keystone is a lightweight multi-platform, multi-architecture assembler framework; and, can be used from Python and is useful for generating machine code.

Besides using dedicated software and frameworks for binary analysis, there are several other approaches that you can use – depending on your specific goals.

Manual Analysis which involves directly examining the binary in a disassembler or a hex editor. It requires a strong understanding of assembly language and the architecture of the processor.
Dynamic Analysis which involves running the binary in a controlled environment (like a sandbox or a virtual machine) and observing its behavior.
Static Analysis which is examining the binary without executing it.
Machine Learning which applies machine learning algorithms to binary analysis; and helpful for pattern recognition and anomaly detection.
Reverse Engineering Protocols or File Formats which is important if the binary interacts with specific protocols or file formats. This will involve network traffic analysis or examining how a binary reads or writes specific file types.
Fuzzing where you provide random or malformed data as input to the binary and observing its behavior for crashes or other anomalies.

Articles

Modifying a Binary via Powershell

ByAdmin December 21, 2023March 7, 2024

Creating or modifying a binary files in PowerShell can be done using various methods. One common approach is to use the Set-Content cmdlet along with a byte array. This approach is useful for creating or modifying binary files directly from PowerShell, especially when dealing with small files or when you need to automate the process…

Articles

Generating a Minimal Executable with Visual Studio and MASM

ByAdmin November 26, 2023December 21, 2023

Learn how to write an assembly program with MASM and link it to get a minimal executable. Just install Visual Studio and a Windows SDK, then follow the steps below. First, we need to set up the prototypes in the assembly code as imports if we are using the Microsoft MASM assembler, rather than an…

Articles

Mastering Function Interception with Microsoft Detours

ByAdmin August 23, 2024August 23, 2024

Microsoft Detours is a library for intercepting, monitoring, and extending the functionality of binary functions on Windows. This guide dives deep into how you can leverage Detours for advanced software development, with numerous code snippets to illustrate key concepts. Introduction to Microsoft Detours Detours allows developers to insert custom code into existing functions without modifying…

Articles

C2 Havoc: A Command and Control Framework

ByAdmin November 16, 2023November 16, 2023

C2 Havoc is primarily a command and control (C2) framework rather than a Remote Access Trojan (RAT). It is used mostly to manage compromised systems during cyber operations. And, more about coordinating and directing the activities of already compromised systems. C2 Havoc, in particular, is noted for its capabilities in post-exploitation scenarios, allowing attackers to…

Articles

Understanding Micro-segmentation

ByAdmin June 12, 2024June 12, 2024

Micro-segmentation is a security technique used to divide a network into small, distinct segments to enhance security and limit the attack surface. This method involves creating secure zones in data centers and cloud environments, isolating workloads from one another, and applying granular security policies to each segment. The key aspects of micro-segmentation include: Benefits of…

Articles

Understanding and Implementing Microsoft Detours for Function Hooking

ByAdmin August 23, 2024August 23, 2024

Detours is a library developed by Microsoft Research for intercepting and modifying the behavior of arbitrary Win32 functions on various Windows-compatible processors. Unlike static redirection, Detours operates at runtime, making it incredibly versatile for debugging, instrumentation, and extending application functionality without altering the source code or executable files on disk. Why Use Detours? Basic Concepts…

Similar Posts