A Beginner’s Guide to Tracking Malware Infrastructure using Censys.io
Indicators that we can use:
- TLS Certificates
- HTTP Response Titles
- Service Banners
- Locations and ASN Providers
- Open Directories
https://censys.com/a-beginners-guide-to-tracking-malware-infrastructure/
Indicators that we can use:
- TLS Certificates
- HTTP Response Titles
- Service Banners
- Locations and ASN Providers
- Open Directories
https://censys.com/a-beginners-guide-to-tracking-malware-infrastructure/
Censys
A Beginner's Guide to Tracking Malware Infrastructure
Find approachable and high-value methods that can be used to hunt for malware infrastructure in this guest blog from Embee Research.
Ghidriff: Ghidra Binary Diffing Engine | clearbluejar
https://clearbluejar.github.io/posts/ghidriff-ghidra-binary-diffing-engine/
https://clearbluejar.github.io/posts/ghidriff-ghidra-binary-diffing-engine/
clearbluejar
Ghidriff: Ghidra Binary Diffing Engine
As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security…
Frida-server crash on the latest Android Runtime update.
There are two solution for this:
1. Downgrade the com.google.android.art dex
- Download previous version of dex file, i got the file from this comment https://github.com/frida/frida/issues/2037#issuecomment-2314986070, https://github.com/user-attachments/files/16782293/com.android.art%40331012050.decompressed.apex.zip
- Run this command to downgrade:
- Reboot and re running the frida
2. Uninstall com.google.android.art
- Reboot and rerunning the frida
Ref: https://github.com/frida/frida/issues/2958
{"type":"error","description":"Error: Unable to perform state transition; please file a bug","stack":"Error: Unable to perform state transition; please file a bug\n at bt (frida/node_modules/frida-java-bridge/lib/android.js:578:1)\n at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n at k._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:168:1)\n at k.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:62:1)\n at frida/node_modules/frida-java-bridge/index.js:224:1\n at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:12:1)\n at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:223:1)\n at _.perform (frida/node_modules/frida-java-bridge/index.js:204:1)\n at /internal-agent.js:490:6","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":578,"columnNumber":1}
There are two solution for this:
1. Downgrade the com.google.android.art dex
- Download previous version of dex file, i got the file from this comment https://github.com/frida/frida/issues/2037#issuecomment-2314986070, https://github.com/user-attachments/files/16782293/com.android.art%40331012050.decompressed.apex.zip
- Run this command to downgrade:
adb install -r -d com.android.art@331012050.decompressed.apex
~ % adb install -r -d com.android.art@331012050.decompressed.apex
Performing Streamed Install
Success. Reboot device to apply staged session
- Reboot and re running the frida
~ % adb shell
surya:/ $ su
surya:/ # cd /data
data/ data_mirror/
surya:/ # cd /data/local/tmp
surya:/data/local/tmp # ./frida-server-16.4.9-android-arm64
2. Uninstall com.google.android.art
adb shell
pm uninstall com.google.android.art
- Reboot and rerunning the frida
Ref: https://github.com/frida/frida/issues/2958
GitHub
Android Server; n is not a function, unable to perform state transition · Issue #2037 · frida/frida
I get these two error lines: { "type": "error", "description": "TypeError: n is not a function", "stack": "TypeError: n is not a function\n at...