Coder Social home page Coder Social logo

muffi's Introduction

Hi there ๐Ÿ‘‹

  • ๐Ÿ”ญ Iโ€™m currently working on incident response & digital forensics (DFIR), cyber security consulting/blue teaming services, system/internal penetration testing/red teaming.
  • ๐ŸŒฑ Iโ€™m currently learning Mathematics for Computer Science and Security Engineering.
  • ๐Ÿ‘ฏ Iโ€™m looking to collaborate on study/researching state-of-the-art tools, techniques, tactics in binary analysis and reverse engineering.
  • ๐Ÿค” Iโ€™m looking for help with business development in Vietnam.
  • ๐Ÿ’ฌ Ask me about any Cyber Security questions if you need Cyber Security Consulting (securing accounts/systems, system security assessments, cyber-security maturity assessment, suspicious/malicious file examination,...) or have a malware/hacking outbreak and need an incident compromise assessment (how and when a hacker got into your system, what post-exploitation activities they did in your system,...), malware remediation help, securing your systems and digital assets.
  • ๐Ÿ“ซ How to reach me: +84962797946 (WhatsApp, Viber, Signal), LinkedIn (https://www.linkedin.com/in/trietptm/), Twitter DM (https://twitter.com/MinhTrietPT) or reaching me via our company Facebook page for our reverse engineering online courses: https://www.facebook.com/novasec.vn .

GitHub Stats

chybeta's github stats

muffi's People

Watchers

avatar

muffi's Issues

Add DLL injection and hiding functionality. 

We need to add the ability to inject DLLs as well as hide the injected DLL
from the process.

Not entirely sure where to put this, but we may want to create a
muffi.utils() class specifically for this. We could also put it into the
patch_utils() class, but it's not really a patching utility. 

Either way, it needs to be built and tested, especially the DLL hiding
technique.

Original issue reported on code.google.com by [email protected] on 9 Jan 2008 at 11:23

Module: vm_detect - The cloak_vmware method must be WORD sensitive. 

For some reason, I couldn't get Assemble() to give me a:

MOV WORD PTR [R32], 0

So we treat the LDT instruction as storing a DWORD even though the
requirements are only for a WORD, and we could possibly be clobbering
another WORD value.

Track down why we can't use a WORD in that assemble and fix it!

Original issue reported on code.google.com by [email protected] on 8 Jan 2008 at 11:41

Create a template file for muffi scripts. 

People are gonna complain if we don't :) Create a template file to drop
into the PyCommands directory that illustrates how to use the muffi
framework. Make it painless.

Original issue reported on code.google.com by [email protected] on 9 Jan 2008 at 11:32

Module: patch_utils - create a function patch slicer. 

We need to create a helper function that will either take a predetermined
number of instructions, or a random number of instructions from a function
header.

From the saved instructions, we can then build patches that maintain the
first instructions which will make detection much harder. 

For instance, in kernel32.Process32FirstW, the function begins with:

{{{
7C863D64: MOV EDI,EDI
7C863D66: PUSH EBP
7C863D67: MOV EBP,ESP
7C863D69: SUB ESP,10
7C863D6C: PUSH EBX
7C863D6D: PUSH ESI
7C863D6E: PUSH EDI
7C863D6F: MOV EDI,DWORD PTR SS:[EBP+C]
...
}}}

Our slicing function could then slice into save 0x7C863D66, where we could
install our patch.

Once this function is finished we should change and re-test any patching
code to use it.

Original issue reported on code.google.com by [email protected] on 2 Jan 2008 at 5:31

Friendly PEB dumper. 

Create a function in the common utils that will dump the PEB in a WinDbg
fashion. Should be easy since Nico/Dami have already done most of the
legwork in immlib.

Original issue reported on code.google.com by [email protected] on 9 Jan 2008 at 11:37

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.