Link to this headingSoftware Reverse Engineering

Figure out CPU architecture https://github.com/trou/cpu_rec_rs

Tools:
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_full_en.md

Introduction:
Beginers Guide to Reverse Engineering
Malware Unicorn Reverse Engineering 101
Reverse Engineering Malware
Malware Analysis Tutorials
Malware Analysis Tutorial
Interactive Beginner’s Guide to ROP

Link to this headingAnalyze Executables

Python framework for analyzing binaries
Cross platform library to parse, modify and abstract ELF, PE and MachO formats

Link to this headingParser Differential

Make a function that runs in linux but crashes gdb and radare2

Basic fuzzer to make a Parser Differential in linux

import random import os os.system("cp license_2 license_2_fuzz") def flip_byte(in_bytes): i = random.randint(0,len(in_bytes)) c = chr(random.randint(0,0xFF)) return in_bytes[:i]+c+in_bytes[i+1:] def copy_binary(): with open("license_2", "rb") as orig_f, open("license_2_fuzz", "wb") as new_f: new_f.write(flip_byte(orig_f.read())) def compare(fn1, fn2): with open(fn1) as f1, open(fn2) as f2: return f1.read()==f2.read() def check_output(): os.system("(./license_2_fuzz ; ./license_2_fuzz AAAA-Z10N-42-OK) > fuzz_output") return compare("orig_output", "fuzz_output") def check_gdb(): os.system("echo disassemble main | gdb license_2_fuzz > fuzz_gdb") return compare("orig_gdb", "fuzz_gdb") def check_radare(): os.system('echo -e "aaa\ns sym.main\npdf" | radare2 license_2_fuzz > fuzz_radare') return compare("orig_radare", "fuzz_radare") while True: copy_binary() if check_output() and not check_gdb() and not check_radare(): print "FOUND POSSIBLE FAIL\n\n\n" os.system("tail fuzz_gdb") os.system("tail fuzz_radare") raw_input()

Link to this headingBinary Diff tool

Firmware Analysis and Comparison Tool

Link to this headingLinux

Crash and dump core file of a process in Linux

Link to this headingWindows

Explore and decompile all RPC functionalities present on a Microsoft system.

Link to this headingJava

Decompile java applications including Android APKs

Link to this heading.Net

dnSpy is a debugger and .NET assembly decompiler
SwishDbgExt WinDbg extension that expands available commands