CyberGuerrilla 2014
 Vol.4--No.2014 | 2 Users Online
Friday,Jan 24,2020 
By ro0ted avatar | December 23, 2014 - 11:30 | Posted in CyberGuerrilla | 1 Comment

#ro0ted #OpNewblood What the Blackhats don’t want you to know: Creating the Whitehat Lab

In the upcoming weeks to months we will be taking the year to come a new direction towards hacking. We have gone through malicious attacks on websites. You probably thought I was a blackhat by now but you are wrong. My hats always been gray. We are going to put a whitehat on in these couple of months.  Most people think being a whitehat is boring. Friend, being a whitehat is far from boring. I’m not a whitehat nor blackhat but I have both traits and now so can you in my series in “What the blackhats don’t want you to know” tutorials. Brought to you by Cyber Guerrilla AnonNexus Collective. These tuts will show you that the media can call Anonymous a group full of malicious rebels all they want. This should show otherwise.  –

If you haven’t check out a preview of what the tuts will be like:

What the Blackhats don’t want you to know: Analyze an .exe in 5mins

Okay before we can start the tutorials this post is only for the tools needed to follow my tuts. These will be cracker tuts. 


Cracker Toolbox kinda like your dads toolbox  in the shed:

 If some links aren’t working, google is your best friend.

 Everything is required unless it says Optional to the right. This is our Lab. – ro0ted


Memory Forensics:

Volatility – Advanced Memory Analysis Framework

Volatility Research Blog

MoonSols Windows Memory Toolkit

PyMal – The Malware Analysis Framework

Warning: Don’t think cause it says Sandbox you don’t need any of these just cuz you have sandboxie.

CWSandbox :: Behavior-based Malware Analysis System

Cuckoo Sandbox – Open source automated malware analysis

Capture BAT – Malware behavioral analysis tool

INetSim – Software for Network Behaviour Analysis of Malwares

Anubis: Online Malware Analysis Service


Detection and Removal of Malware:

GMER – Anti-rootkit Tool

SpyDLLRemover – Tool to Remove Malicious DLLs from Process

SpyBHORemover – Tool to Remove Malicious BHOs from Process

VirusTotal Scanner – Desktop Tool for Quick Anti-virus Scan

TCPView –

AutoRuns – Manage Startup Entries


File and Registry:


Capturebat –

InstallWatchPro. –

FileMon –

.NET Decompilers:

.NET Reflector


Reverse Engineer Toolbox:

DEDE : The Delphi Disassembler

Delphi creates its own set of challenges when reverse engineering and DEDE is a lifesaver. It allows you to take a binary compiled in Delphi, disassemble it, view all of the forms, buttons, function calls and so forth, and even export a MAP file that can be imported into Olly to help with the naming of functions. I don’t even consider attempting to disassemble a Delphi binary without it.


Every once in a while you have a feature disabled in some way as part of the protection scheme, for instance the “Save” button is greyed out until you purchase the product. Denabler can help in this case by allowing you to attach to a window and enable any resource in it. It also allows you to do more such as adding menu options and changing resources, but mostly I use it to enable disabled buttons

API Monitor

allows you to spy and display Win32 API calls made by applications. It can trace any exported APIs and display wide range of information, including  function name, call sequence, input and output parameters, function return value and more. A useful developer tool for seeing how win32 applications work and learn their tricks.


Beefer Better Version of Notepad
Sysinternal Tools
System Suite

Optional only need 1 Virtual Machine

Optional only need 1 Virtual Machine

Optional only need 1 Virtual Machine

Microsoft Visual C++



WinAsm (IDE)


IDA (5.0)

IDA Python





OllyDBG – the original (ver. 1.10)

Debugger Optional only need 1 OllyDBG
OllyDBG – R4ndom’s version (with scripts and plugins)

Debugger Optional only need 1 OllyDBG

Compare binary disassemblies, as well as hex and PE headers.
Detect It Easy (DIE)

PE Packer identifier

PE Packer identifier

PE Packer identifier

PE Packer identifier

Import Re-constructor

PE verifier, dumper, editor etc.

PE viewer/editor/disassembler

PE viewer/editor

PE viewer/editor

Shows all ASCII strings in a binary
Resource Hacker

Allows modifying resources in binaries
Armadillo KeyTool

A great tool by eXoDia for analyzing Armadillo packed binaries.
CFF Explorer Suite

Great PE and hex editor.

Universal patcher by diablo2002.
ShellOp Converter

Convert shellcode to opcodes and disassembly by Levis.

Screenshot from 2014-10-14 01:56:45


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

One Response to #ro0ted #OpNewblood What the Blackhats don’t want you to know: Creating the Whitehat Lab

  1. avatar

    So im building my lab and getting all in hand, ive done my best to find the alternate webpages to find the tool VMRay how ever i cant get my head round this one, i know i can get a 30 day trial but it asks for corparate email address and as the site in link seems all too legit to use a gatormail, any suggestions ??? :s TY <3

nonymous. Whoever you are, we are ungovernable!
> =[]= This site is run by cyberguerrilla, your friendly anonymous autonomous tech collective since 2010 =[]= This the past that can NOT be changed! <