NSA Releases GHIDRA 9.0 — Free, Powerful Reverse Engineering Tool

The United States' National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.
GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux.
Reverse engineering a program or software involves disassembling, i.e. converting binary instructions into assembly code when its source code is unavailable, helping software engineers, especially malware analysts, understand the functionality of the code and actual design and implementation information.

Download GHIDRA 9.0 — software package, slides, and exercises

Adapted from thehackernews.com

Comments

TCP Flood & IP Spoofing Tutorial - Hping3 (With Effective Tricks)

hping is a command-line oriented TCP/IP packet assembler/analyzer. Using hping3 you are able to perform at least the following stuff: Test firewall rules Testing Network performance using different protocols, packet size, TOS (type of service) and fragmentation Remote OS fingerprinting. TCP/IP stack auditing Today, we will use hping3 for testing network performance. In other words we will use it to do DDOS Attack Tests. We can start “Help Document” by typing “hping3 --help” on the command line. Hping3 Important Parameters : The flood parameter : Activates the fastest packet sending mode The destport(p) parameter : Specifies the destination port The spoof(a) parameter : Specifies which IP Adress is to be spoofed The rand-source parameter : Activates the random source address mode Although the above parameters are important, it should be selected which flag is set to determine the main attack type. Main Attack Types : The syn(S) parameter: Specifies tha

How To Gain Access MsSQL using Metasploit

Nowadays companies runs more SQL Server databases inhouse than any other database platform, according to Embarcadero Technologies’ Database Survey Report, 83 percent of respondents are running SQL Server in their database environment. Database administrators use simple passwords to facilitate their access to databases. In these two cases, many companies are endangered. DB Usage of World You can gain access the server systems of many enterprise companies using only the Metasploit Framework and a simple password list. Today I will show you how to get MSSQL passwords and what you can do with this valuable information. We use the “MsSQL Login Module” to detect MsSQL passwords. You can use the following command to select the module. Syntax example: use auxiliary/scanner/mssql/mssql_login We can list the parameters with “options” command. MsSQL Login Module Options All required parameters must be set before the “Mssql Login Module” i

Blind SQL injection on DVWA | security level = HIGH & IMPOSSIBLE !!

hey there, In this video you gonna to watch how i did blind sql injection on DVWA platform when security level was high and i'm also successful in impossible level. That was so easy. I used SQLmap ( http://sqlmap.org ) tool to perform this attack. Impossible level was also so easy but tricky. Watch this video carefully and hope you will also able to do it. For more video please subscribe my Channel

Alfa Leet

Search This Blog