├── .gitattributes ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── advanced-binary-analysis.md ├── html ├── codelab.json ├── img │ ├── 1663b35f5bdcdf4c.png │ ├── 350577af599d101d.gif │ ├── 538987fe05f9ef16.png │ ├── 57b0ac20ddaa444f.png │ ├── 7acf24d71f1fe292.png │ ├── 83b5f41ef4c4896e.png │ ├── 91b95cd662b00beb.png │ ├── c38e39a5a77fcbb3.png │ ├── cc5ac2e806cd2b62.gif │ ├── cf1102ee4b15cd6d.png │ ├── d6dac52a64eb92f3.png │ ├── de138c9f51bad4b5.gif │ ├── efa49547f45c2d7e.gif │ └── fd16b5906ef566b1.png └── index.html ├── labs ├── aba ├── labs.ipynb └── sample.zip ├── work ├── .keep ├── hashes.json ├── killswitch.bin └── unpacked.bin └── workshop ├── img ├── 000-ghidra-import-info.png ├── 000-technique-comparison.png ├── 001-ghidra-analysis-popup.png ├── 002-analysis-prompt.png ├── 002-entropy.png ├── 003-data-written.png ├── 004-vm-graph-fail.png ├── 005-function-call-tree.png ├── 006-hashed-symbols.png ├── 007-data-before.png ├── 008-data-after.png ├── 009-filtered-function-list.png ├── 010-exploded-graph.png ├── 011-opaque-predicates.png ├── 012-splitting.png ├── tech-arithmetic.gif ├── tech-flattening.gif ├── tech-junk-insertion.gif └── tech-metamorphic.gif └── v ├── 000-find-main.mp4 ├── 001-graph-main.mp4 ├── 002-analyze-main-data.mp4 ├── 003-analyze-consts.mp4 ├── 004-call-tree.mp4 ├── 005-unpack.mp4 ├── 006-map-to-ghidra.mp4 ├── 007-resolve-hashes.mp4 ├── 008-killswitch.mp4 └── 009-imports.mp4 /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/.gitattributes -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/.gitignore -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/README.md -------------------------------------------------------------------------------- /advanced-binary-analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/advanced-binary-analysis.md -------------------------------------------------------------------------------- /html/codelab.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/codelab.json -------------------------------------------------------------------------------- /html/img/1663b35f5bdcdf4c.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/1663b35f5bdcdf4c.png -------------------------------------------------------------------------------- /html/img/350577af599d101d.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/350577af599d101d.gif -------------------------------------------------------------------------------- /html/img/538987fe05f9ef16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/538987fe05f9ef16.png -------------------------------------------------------------------------------- /html/img/57b0ac20ddaa444f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/57b0ac20ddaa444f.png -------------------------------------------------------------------------------- /html/img/7acf24d71f1fe292.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/7acf24d71f1fe292.png -------------------------------------------------------------------------------- /html/img/83b5f41ef4c4896e.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/83b5f41ef4c4896e.png -------------------------------------------------------------------------------- /html/img/91b95cd662b00beb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/91b95cd662b00beb.png -------------------------------------------------------------------------------- /html/img/c38e39a5a77fcbb3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/c38e39a5a77fcbb3.png -------------------------------------------------------------------------------- /html/img/cc5ac2e806cd2b62.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/cc5ac2e806cd2b62.gif -------------------------------------------------------------------------------- /html/img/cf1102ee4b15cd6d.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/cf1102ee4b15cd6d.png -------------------------------------------------------------------------------- /html/img/d6dac52a64eb92f3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/d6dac52a64eb92f3.png -------------------------------------------------------------------------------- /html/img/de138c9f51bad4b5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/de138c9f51bad4b5.gif -------------------------------------------------------------------------------- /html/img/efa49547f45c2d7e.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/efa49547f45c2d7e.gif -------------------------------------------------------------------------------- /html/img/fd16b5906ef566b1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/img/fd16b5906ef566b1.png -------------------------------------------------------------------------------- /html/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/html/index.html -------------------------------------------------------------------------------- /labs/aba: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/labs/aba -------------------------------------------------------------------------------- /labs/labs.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/labs/labs.ipynb -------------------------------------------------------------------------------- /labs/sample.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/labs/sample.zip -------------------------------------------------------------------------------- /work/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /work/hashes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/work/hashes.json -------------------------------------------------------------------------------- /work/killswitch.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/work/killswitch.bin -------------------------------------------------------------------------------- /work/unpacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/work/unpacked.bin -------------------------------------------------------------------------------- /workshop/img/000-ghidra-import-info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/000-ghidra-import-info.png -------------------------------------------------------------------------------- /workshop/img/000-technique-comparison.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/000-technique-comparison.png -------------------------------------------------------------------------------- /workshop/img/001-ghidra-analysis-popup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/001-ghidra-analysis-popup.png -------------------------------------------------------------------------------- /workshop/img/002-analysis-prompt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/002-analysis-prompt.png -------------------------------------------------------------------------------- /workshop/img/002-entropy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/002-entropy.png -------------------------------------------------------------------------------- /workshop/img/003-data-written.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/003-data-written.png -------------------------------------------------------------------------------- /workshop/img/004-vm-graph-fail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/004-vm-graph-fail.png -------------------------------------------------------------------------------- /workshop/img/005-function-call-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/005-function-call-tree.png -------------------------------------------------------------------------------- /workshop/img/006-hashed-symbols.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/006-hashed-symbols.png -------------------------------------------------------------------------------- /workshop/img/007-data-before.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/007-data-before.png -------------------------------------------------------------------------------- /workshop/img/008-data-after.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/008-data-after.png -------------------------------------------------------------------------------- /workshop/img/009-filtered-function-list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/009-filtered-function-list.png -------------------------------------------------------------------------------- /workshop/img/010-exploded-graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/010-exploded-graph.png -------------------------------------------------------------------------------- /workshop/img/011-opaque-predicates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/011-opaque-predicates.png -------------------------------------------------------------------------------- /workshop/img/012-splitting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/012-splitting.png -------------------------------------------------------------------------------- /workshop/img/tech-arithmetic.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/tech-arithmetic.gif -------------------------------------------------------------------------------- /workshop/img/tech-flattening.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/tech-flattening.gif -------------------------------------------------------------------------------- /workshop/img/tech-junk-insertion.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/tech-junk-insertion.gif -------------------------------------------------------------------------------- /workshop/img/tech-metamorphic.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/img/tech-metamorphic.gif -------------------------------------------------------------------------------- /workshop/v/000-find-main.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/000-find-main.mp4 -------------------------------------------------------------------------------- /workshop/v/001-graph-main.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/001-graph-main.mp4 -------------------------------------------------------------------------------- /workshop/v/002-analyze-main-data.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/002-analyze-main-data.mp4 -------------------------------------------------------------------------------- /workshop/v/003-analyze-consts.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/003-analyze-consts.mp4 -------------------------------------------------------------------------------- /workshop/v/004-call-tree.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/004-call-tree.mp4 -------------------------------------------------------------------------------- /workshop/v/005-unpack.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/005-unpack.mp4 -------------------------------------------------------------------------------- /workshop/v/006-map-to-ghidra.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/006-map-to-ghidra.mp4 -------------------------------------------------------------------------------- /workshop/v/007-resolve-hashes.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/007-resolve-hashes.mp4 -------------------------------------------------------------------------------- /workshop/v/008-killswitch.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/008-killswitch.mp4 -------------------------------------------------------------------------------- /workshop/v/009-imports.mp4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/advanced-binary-analysis/HEAD/workshop/v/009-imports.mp4 --------------------------------------------------------------------------------