CyberGuerrilla 2014
 Vol.4--No.2014 | 6 Users Online
Thursday,Jul 18,2019 
By ro0ted avatar | December 23, 2014 - 11:30 | Posted in CyberGuerrilla | 44 Comments

#ro0ted #OpNewblood What the Blackhats don’t want you to know: Creating the Whitehat Lab

In the upcoming weeks to months we will be taking the year to come a new direction towards hacking. We have gone through malicious attacks on websites. You probably thought I was a blackhat by now but you are wrong. My hats always been gray. We are going to put a whitehat on in these couple of months.  Most people think being a whitehat is boring. Friend, being a whitehat is far from boring. I’m not a whitehat nor blackhat but I have both traits and now so can you in my series in “What the blackhats don’t want you to know” tutorials. Brought to you by Cyber Guerrilla AnonNexus Collective. These tuts will show you that the media can call Anonymous a group full of malicious rebels all they want. This should show otherwise.  – https://twitter.com/ro0ted

If you haven’t check out a preview of what the tuts will be like:

What the Blackhats don’t want you to know: Analyze an .exe in 5mins

Okay before we can start the tutorials this post is only for the tools needed to follow my tuts. These will be cracker tuts. 

 

Cracker Toolbox kinda like your dads toolbox  in the shed:

 If some links aren’t working, google is your best friend.

 Everything is required unless it says Optional to the right. This is our Lab. – ro0ted

 

Memory Forensics:

Volatility – Advanced Memory Analysis Framework

Volatility Research Blog

MoonSols Windows Memory Toolkit http://www.moonsols.com/windows-memory-toolkit/

PyMal – The Malware Analysis Framework
Sandbox:

Warning: Don’t think cause it says Sandbox you don’t need any of these just cuz you have sandboxie.

CWSandbox :: Behavior-based Malware Analysis System

Cuckoo Sandbox – Open source automated malware analysis

Capture BAT – Malware behavioral analysis tool

INetSim – Software for Network Behaviour Analysis of Malwares

Anubis: Online Malware Analysis Service

 

Detection and Removal of Malware:

GMER – Anti-rootkit Tool http://www.gmer.net/

SpyDLLRemover – Tool to Remove Malicious DLLs from Process http://securityxploded.com/spydllremover.php

SpyBHORemover – Tool to Remove Malicious BHOs from Process http://bit.ly/1zGRN

VirusTotal Scanner – Desktop Tool for Quick Anti-virus Scan http://bit.ly/Lir4Qz

TCPView – http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

AutoRuns – Manage Startup Entries http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

File and Registry:

Regshot: http://sourceforge.net/projects/regshot/

Capturebat – http://www.honeynet.org/node/315

InstallWatchPro. – http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html

FileMon – http://technet.microsoft.com/en-us/sysinternals/bb896642

.NET Decompilers:

.NET Reflector http://www.red-gate.com/products/dotnet-development/reflector/

iLLSpy https://github-cloud.s3.amazonaws.com/releases/1327739/14d80a9e-ff8f-11e3-9f99-6f6d3592f800.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20160625%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20160625T044953Z&X-Amz-Expires=300&X-Amz-Signature=ff87758ae7ea7f60795008ab19bb7f593f56675c0e5c537120737321720b4eb2&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DILSpy_2.2.0.1706_Binaries.zip&response-content-type=application%2Foctet-stream

Reverse Engineer Toolbox:

DEDE : The Delphi Disassembler

Delphi creates its own set of challenges when reverse engineering and DEDE is a lifesaver. It allows you to take a binary compiled in Delphi, disassemble it, view all of the forms, buttons, function calls and so forth, and even export a MAP file that can be imported into Olly to help with the naming of functions. I don’t even consider attempting to disassemble a Delphi binary without it.

Denabler

Every once in a while you have a feature disabled in some way as part of the protection scheme, for instance the “Save” button is greyed out until you purchase the product. Denabler can help in this case by allowing you to attach to a window and enable any resource in it. It also allows you to do more such as adding menu options and changing resources, but mostly I use it to enable disabled buttons

API Monitor

allows you to spy and display Win32 API calls made by applications. It can trace any exported APIs and display wide range of information, including  function name, call sequence, input and output parameters, function return value and more. A useful developer tool for seeing how win32 applications work and learn their tricks.

 

Notepad++  
Beefer Better Version of Notepad
Sysinternal Tools
System Suite
VMWARE

Optional only need 1 Virtual Machine
VirtualBox

Optional only need 1 Virtual Machine
Spoon

Optional only need 1 Virtual Machine
DEV C++

Compilers/IDE
Microsoft Visual C++

Compilers/IDE
MASM

Assemblers
NASM

Assemblers
WinAsm (IDE)

Assemblers
Python

Language
IDA (5.0)

Disassembler
IDA Python

Disassembler
 Windbg
Debugger
Pydbg

Debugger
ProcMon

Process
ProcessExp

Process
Wireshark
Network














OllyDBG – the original (ver. 1.10) http://www.thelegendofrandom.com/files/tools/OllyDBG_Original.zip

Debugger Optional only need 1 OllyDBG
OllyDBG – R4ndom’s version (with scripts and plugins)

Debugger Optional only need 1 OllyDBG
CmpDisasm

Compare binary disassemblies, as well as hex and PE headers.
Detect It Easy (DIE)

PE Packer identifier
PeID

PE Packer identifier
RDG

PE Packer identifier
exeinfoPE

PE Packer identifier
ImpREC

Import Re-constructor
LordPE

PE verifier, dumper, editor etc.
PEBrowse

PE viewer/editor/disassembler
Peditor http://www.thelegendofrandom.com/files/tools/peditor1.7.zip

PE viewer/editor
PEView http://www.thelegendofrandom.com/files/tools/peview.zip

PE viewer/editor
ShowString

Shows all ASCII strings in a binary
Resource Hacker

Allows modifying resources in binaries
Armadillo KeyTool

A great tool by eXoDia for analyzing Armadillo packed binaries.
CFF Explorer Suite

Great PE and hex editor.
dUP2

Universal patcher by diablo2002.
ShellOp Converter

Convert shellcode to opcodes and disassembly by Levis.










































Screenshot from 2014-10-14 01:56:45















							  
 	

  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

44 Responses to #ro0ted #OpNewblood What the Blackhats don’t want you to know: Creating the Whitehat Lab

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know: Memory Cloning + BE in Linux

    […] Whitehat Lab […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the Blackhats don’t want you to know series

    […] Whitehat Lab […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood The art of unpacking & Covert Debugging

    […] Whitehat Lab […]

  4. avatar

    So im building my lab and getting all in hand, ive done my best to find the alternate webpages to find the tool VMRay how ever i cant get my head round this one, i know i can get a 30 day trial but it asks for corparate email address and as the site in link seems all too legit to use a gatormail, any suggestions ??? :s TY <3

nonymous. Whoever you are, we are ungovernable!
> =[]= This site is run by cyberguerrilla, your friendly anonymous autonomous tech collective since 2010 =[]= This the past that can NOT be changed! <