capa explorer integrates capa’s automated capabilities detection seamlessly with IDA Pro. The plugin aims to focus your reverse engineering efforts, especially when analyzing malware. Check it out and let us know what you think!
🚨 capa v5 release is out! Great improvements with big additions for .NET binary analysis. Did you know that capa displays the method token + instruction offset for each .NET match? You can use this info to find the matched location in dnSpy helping focus your analysis!
What better way to finish off the year than a fresh release of FLARE VM?! 🥳 This release focuses on empowering community contributions and automation. Get it while its hot 🔥🔥🔥https://t.co/ZXd7bPr8v1
Don't miss the next installment of the Mandiant FLARE team's webinar series, The Sample. This week, Principal Reverse Engineer Blaine Stancill will explain the inner workings of a dropper from the #WHITEDAGGER malware family. Register now! https://t.co/ocDKpqnOLA
@SeanTheGeek Yep, we’re in the works of refreshing it! Main goal is open sourcing the packages for community support, ease of package creation, and automation via GitHub actions. It’s been slow going but we are working on it. Trying to target a new release later this year
🚨 Today we're excited to release Ghidrathon, a Ghidra extension that adds modern Python 3 scripting (including Python 3.10) to Ghidra!
Blog 👉 https://t.co/oA1aY813R0
GitHub 👉 https://t.co/8wy30NmNoN
@MalGamy12 [2/2] you got last native loader which will be hosting .NET to be able to load "redline" code which is written in .NET. If you want to process the unpacking of these sh*t loading .NET payload really quickly use DNSpy. Load the original native sample, set module breakpoint - bam