Posts

Virtualbox Networking Modes

References https://www.virtualbox.org/manual/ch06.html https://www.nakivo.com/blog/virtualbox-network-setting-guide/ ViratualBox Network Modes Not attached (No connection) NAT NAT Network Bridged Adapter Internal networking Host-only Generic (shared with the host) NAT Sufficient in most cases Internet-enabled: from Internal network to Internet access is possible Guests on internel network CANNOT talk each other (from www.nakivo.com) Enabling NAT for a VM with VBoxManage: VBoxManage modifyvm VM_name --nic1 nat VM_name: name of a virtual machine nic1: number of virtual machine adapter NAT Network Similar to NAT, but guest CAN talk each other basically,, CANNOT access guest machines either from the host or from external network However, “Port forwarding” enables the host or the machines of the host network to access guests A built-in VBox NAT router uses Network address and name can be changed: (Global preference) File > Preferences > Network > Edit the settings(icon): Default address 10.

Simple XOR Decoding With Ghidra

References Talks by Dr. Josh Stroschein, “Using Ghidra to Statically XOR Obfuscated Shellcode” (https://www.youtube.com/watch?v=DgaPPixn9k4) The author’s blog: https://0xevilc0de.com/ “Repository that provides sample codes mimicking real malware” (https://github.com/jstrosch/learning-malware-analysis ) Steps Create a new project Import a shellcode (shellcode.bin provided by the author) Tell Language: x86 (visual studio) The analyzed result shows up Go to the first offset (00000000) (at this moment, the codes seem to be a series of random bytes) ‘D’ or ‘Disassemble’ (now, the unpacking codes will show up) Codes The first jump (at 00000000) goes to 00000016 CALL FUN_00000002 Looking at the codes from 00000002, there is function that works as a XOR decoder: 0x186 and 0x97 seem to be the size of the packed code and the encoding key from the code above, 00000009 XOR byte ptr DS:[EAX + ECX*1],0x97 0000000e TEST ECX,ECX 00000010 JNZ LAB_00000008 EAX is a location (of the encoded shell codes).

Create Github Pages With Hugo

Create a static github page with Hugo Install Hugo on Ubuntu 22.04 apt install hugo Create github repositories Login to github.com; Create two repositories: [PAGE_SRC_REPO] contains sources; a regular github repo. [GITHUB_IO_REPO] contains rendered pages Tts name should be_USER_NAME_.github.io, and needs to be public Move to the newly created repository -> ‘Settings’ -> ‘Pages’, then set Source: Deploy from a branch Branch: master / root Create a hugo site mkdir ~/webpages; cd ~/webpages hugo new site hugo_pages Install a theme (as a submodule) Visit https://themes.

Install Ghidra

Install Java Visit the Oracle page (https://www.oracle.com/java/technologies/downloads/ ) Download an installation .deb package Install JDK Set alternatives sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk-19/bin/java 1 sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk-19/bin/javac 1 sudo update-alternatives --install /usr/bin/jar jar /usr/lib/jvm/jdk-19/bin/jar 1 set JAVA_HOME properly Install Ghidra Download the ghidra: https://github.com/NationalSecurityAgency/ghidra/releases Place the ghidra properly (e.g., under /usr/local) Create a symbolic links at your conveniences sudo ln -s DOWNLOADED_GHIDRA /usr/local/ghidra sudo ln -s /usr/local/ghidra/ghidraRun /usr/local/bin/ghidraRun Create a Ghidra.

Run the REMnux VMs on a Apple Silicon (M2) Macbook

I tried to run REMnux VM with the following settings: Macbook pro (M2) Mac OSX Sonoma UTM 4.4.5 (brew installed; brew install --cask utm) Downloaded the REMNux VM (from https://remnux.org/#distro) References https://www.technomancer.com/archives/568 https://www.youtube.com/watch?v=krGvTMq29gA Convert the format of the REMNux disk image $ qemu-img convert -p -f vmdk -O vhdx REMnuxVM.vmdk REMnuxVM.vhdx * -p: indicates the conversion progress. * -f: indicates the source image format. * $ qemu-img convert -p -f vmdk -O qcow2 REMnuxVM.

Run Ubuntu(amd64) with UTM on a Apple Silicon (M2) Macbook

Install Install a Ubuntu Server version(I installed the minimal Ubuntu 22.04 Server). Use the Shared Folder Ref: https://docs.getutm.app/guest-support/linux/#virtfs on the UTM Menu, “Edit” the configuration of the Ubuntu VM and set up a shared directory with the “VirtFS” (not SPECI WebDAV) create a local directory on the guest $ sudo mkdir /media/share mount $ sudo mount -t 9p -o trans=virtio share /media/share -oversion=9p2000.L

Setup Kali VM on a Apple Silicon (M2) Macbook

Ref: https://www.kali.org/docs/virtualization/install-vmware-guest-tools/ Install VMWare-Tools (not only on Kali, but on Ubuntu also) $ sudo apt update $ sudo apt install -y --reinstall open-vm-tools-desktop fuse $ sudo reboot -f Use Shared Folders Run Kali-tweaks kali@kali:~$ kali-tweaks Select Virtualization Mount the shared folder $ sudo mount-shared-folders If it doesn’t work restart the Tools $ sudo restart-vm-tools

Prelude installation sudo apt install golang-go

Android studio and Frida on Apple silicon M2

Install Android Studio and run an AVD on MacbookPro(M2) install with brew: $ brew install --cask android-studio search and run Android Studio from Spotlight choose, “More Actions” from the main popup, then “Virtual Device Manager” Install Android SDK Platform-Tools for Mac Download the platform tools (https://developer.android.com/tools/releases/platform-tools?hl=en) Unzip the downloaded file(ex, platform-tools_rXX.X.X-darwin.zip) Move the unzipped folder somewhere and create a symbolic link to it $ sudo ln -s /Users/XXX/local/platform-tools/adb /usr/local/bin/adb Run a virtual device Device ((added a Pixel 6 device with Release S - API 31, ABI arm64-v8a, Android 12.