Quickie: Using radare2 to disassemble shellcode, (Fri, Aug 31st)

SANS Internet Storm Center, InfoCON: green
Quickie: Using radare2 to disassemble shellcode, (Fri, Aug 31st)
This post is just a quick place to document a tip/tool that other malware analysts might find useful. As some of you may be aware, I occasionally teach FOR610: Reverse Engineering Malware. I love the class and on days 3-5 we talk about shellcode and discuss various ways of examining shellcode. Also, I've been doing malware analysis for quite a while and have primarily used IDA and OllyDbg (now, x64dbg, since Olly has been abandoned) for it, but I know some of my colleagues really like radare2. I've never had the time to learn radare2, but in a recent case at the $dayjob, I found some shellcode being executed by powershell. Rather than look at it in IDA, I decided to see what I could see in radare2. Since I do most of my analysis in Linux, being able to do this quickly from the command-line was very attractive. I was able to extract the shellcode as a binary file and with a few minutes of research found that the following one-liner did the job. I figured, this might be of interest to other analysts who haven't used radare2 much either, so here you are.

ISC Stormcast For Friday, August 31st 2018 https://isc.sans.edu/podcastdetail.html?id=6148, (Thu, Aug 30th)

Tom’s Hardware
Erebus è il nome in codice di PlayStation 5?

Erebus è il nome in codice di PlayStation 5?

A quanto pare Erebus potrebbe essere il nome in codice della prossima console Sony, PlayStation 5. Gli indizi arrivano dal nuovo aggiornamento di Unreal Engine 4.

Leave a Reply