0xdevalias

Reverse Engineering Golang

Some notes, tools, and techniques for reverse engineering Golang binaries.

Table of Contents

• Go Reverse Engineering Tool Kit (go-re.tk)
• GoReSym
• Unsorted

dclark

#!/usr/bin/env bash

# Retrieve AWS credentials from AWS CloudShell

# shellcheck disable=SC2001
HOST=$(echo "$AWS_CONTAINER_CREDENTIALS_FULL_URI" | sed 's|/latest.*||')
TOKEN=$(curl -s -X PUT "$HOST"/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
OUTPUT=$(curl -s "$HOST/latest/meta-data/container/security-credentials" -H "X-aws-ec2-metadata-token: $TOKEN")
echo "export AWS_ACCESS_KEY_ID=$(echo "$OUTPUT" | jq -r '.AccessKeyId')"
echo "export AWS_SECRET_ACCESS_KEY=$(echo "$OUTPUT" | jq -r '.SecretAccessKey')"

anvbis

Pwntools Cheatsheet

1. Program Interaction
2. Environment and Contexts
3. Logging and Output
4. Encoding, Packing and Utility
5. Assembly and Shellcraft
6. ELFs, Strings and Symbols
7. Return Oriented Programming
8. SROP and Sigreturn Frames

muff-in

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

w00tc

Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts 

([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()


Grab Forest Trusts.

([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()

wdormann

'''checkaslrfiles.py: Check for files that opt into ASLR with /DYNAMICBASE,
but do not have a relocation table to allow ASLR to function.

usage: checkaslrfiles.py <dir>
ex: checkaslr.py "C:\Program Files\"

requires: pefile <https://github.com/erocarrera/pefile>, which should be
installable via: pip install pefile
'''

CMCDragonkai

Understanding the Memory Layout of Linux Executables

Required tools for playing around with memory:

• hexdump
• objdump
• readelf
• xxd
• gcore