Aug 26, 2015

Tools: Static Code Analysis for Smali

Dynamic program analysis will give you a pretty good overview of your applications activities and general behaviour. However sometimes you'll want to just analyze your application without running it. You'll want to have a look at its components, analyze how they interact and how data is tainted from one point to another. This is was the major factor driving the development of smalisca. There are indeed some good reasons for a static code analysis before the dynamic one. Before interacting with the application I like to know how the application has been build, if there is any API and generate all sort of call flow graphs. In fact graphs have been very important to me since they visualize things. Instead of jumping from file to file, from class to class, I just look at the graphs.
While graph building has been an important reason for me to code such a tool, smalisca has some other neat features you should read about.

Source:: https://github.com/dorneanu/smalisca

Aug 25, 2015

Tools: dnSpy - .NET decompiler

dnSpy is a .NET assembly editor, decompiler, and debugger forked from ILSpy.

Source:: https://github.com/0xd4d/dnSpy

Aug 24, 2015

Howto: Install Metasploit 4.0.5 on Ubuntu 14.04

1. Install and update some software
$ apt-get update && apt-get upgrade -y
$ apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev ruby-dev

2. Get the metasploit
$ git clone https://github.com/rapid7/metasploit-framework

3. Install ruby gem
$ cd metasploit-framework/
$ apt-get install ruby ruby-dev
$ gem install bundler

5. Install rvm
$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
$ \curl -sSL https://get.rvm.io | bash -s stable --ruby

6. Use Ruby 2.2.3
$ source /usr/local/rvm/scripts/rvm
$ rvm install ruby-2.2.3
$ rvm use --default  2.2.3

6. Install bundle
$ gem install bundle bundler
$ gem install ffi -v '1.9.8'
$ gem install nokogiri -v '1.6.6.2'
$ gem install metasploit-concern -v '1.0.0'
$ bundle install

7. Done.
./msfconsole

Aug 23, 2015

Tools: Exe2Image

A simple utility to convert EXE files to JPEG images and vice versa.

Source:: https://github.com/OsandaMalith/Exe2Image

Howto: Install VMware Tools in Kali Linux 2

1. Update your app and repository list
$ apt-get update && apt-get upgrade -y

2. Install Linux kernel header
$ apt-get install -y linux-headers-$(uname -r)

3. Install VMWare tool
- mount by Click Install VMware Tools. from menu
- copy the file VMwareTools-9.9.3-2759765.tar.gz to your Kali
$ tar -xf VMwareTools-9.9.3-2759765.tar.gz
$ cd vmware-tools-distrib
$ perl vmware-install.pl -d