RE/Malware analysis

Email
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): 3a7eaf4ac616272⋯.jpg (78.99 KB, 590x888, 295:444, dfad2134354c9bea4ff9b605b7….jpg) (h) (u)

▶RE/Malware analysis Anonymous 08/12/18 (Sun) 14:52:38 No.954859>>954868 >>955244 >>955533 >>955974 [Watch Thread][Show All Posts]

What's a good setup for this?

What are some good tools?

Is it possible to analyze stuff entirely on linux?

Is IDA still the number one choice of the professional?

▶Anonymous 08/12/18 (Sun) 15:18:48 No.954868>>954877

>>954859 (OP)

>Is IDA still the number one choice of the professional?

Some people use Radare2

▶Anonymous 08/12/18 (Sun) 15:32:43 No.954877>>954882 >>954887 >>954946

>>954868

>Radare2

>https://rada.re/r/cmp.html

what the fuck? how is this not industry standard yet?

▶Anonymous 08/12/18 (Sun) 16:10:32 No.954882>>954921 >>954926

>>954877

Last I checked IDA's decompiler blows this shit out of the water

▶Anonymous 08/12/18 (Sun) 16:28:29 No.954887>>955332

>>954877

There is a lot of commands to remember and TUI can be a little bit scary and impractical sometimes. IDA pro due to having a proper GUI is better at handling the graph view and every command is one click away making it more popular.

▶Anonymous 08/12/18 (Sun) 18:55:49 No.954921

>>954882

>Last I checked IDA's decompiler blows this shit out of the water

explain more

▶Anonymous 08/12/18 (Sun) 19:20:09 No.954926

>>954882

what about for hex malware?

▶Anonymous 08/12/18 (Sun) 20:32:51 No.954946>>955332

>>954877

It's very buggy with sharp edges everywhere, the interface is autistic, automatic analysis is weak. Having the source is nice, but it's difficult to modify because the code is shit. The library interface is text, several hundred options are piled into one struct, etc..

▶Anonymous 08/12/18 (Sun) 21:15:48 No.954958>>955332

IDA is the only choice

▶Anonymous 08/13/18 (Mon) 13:49:46 No.955244>>955262

>>954859 (OP)

forum.reverse4you.org

there you will find warez of IDA and even warez of IDA for Linux (even though IDA runs flawlessly in wine)

▶Anonymous 08/13/18 (Mon) 14:44:44 No.955262

>>955244

This website looks dead, is there any other RE community that's not dead ?

▶Anonymous 08/13/18 (Mon) 20:24:26 No.955332

File (hide): a016168a3022e09⋯.jpg (12.72 KB, 252x255, 84:85, 908cd8d507b459d2ae9322d402….jpg) (h) (u)

>>954887

>>954946

>>954958

>tfw r2 makes sense once you get used to it

>its actually faster than clicking through submenues in ida

▶Anonymous 08/14/18 (Tue) 00:11:23 No.955421

on a side question note

does anyone have a good repository of sources and compiled malware?

something you personally suggest? except going over "leet hax download 2018" on youtube and downloading everything I see, I mean something on little bigger level

▶Anonymous 08/14/18 (Tue) 11:16:28 No.955533>>955534 >>955582

>>954859 (OP)

OP as far as tools go I have had good experience with binary ninja (sorry for the name) and its worth the money if you can afford, far cheaper than IDA.

Another alternative is cutter (https://github.com/radareorg/cutter) which is a gui frontend for cutter - useful if you can't be bothered to learn r2 properly (but still buggy rn, please contribute)

▶Anonymous 08/14/18 (Tue) 11:18:22 No.955534>>955582

>>955533

>Another alternative is cutter which is a gui frontend for radare2

▶Anonymous 08/14/18 (Tue) 15:58:34 No.955582

File (hide): 2d9144154418a2a⋯.png (253.92 KB, 2396x1616, 599:404, 123713465273.png) (h) (u)