Diaphora – The Most Advanced Free And Open Source Program Diffing Tool

Diaphora (διαφορά, Greek for ‘difference’) is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc… It was released during SyScan 2015.It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary Ninja is also planned but will come after Ghidra’s port. If you are looking for Radare2 support you can check this very old fork.For more details, please check the tutorial in the “doc" directory.NOTE: If you’re looking for a tool for diffing or matching functions between binaries and source codes, you might want to take a look to Pigaios.Getting help and asking for featuresYou can join the mailing list https://groups.google.com/forum/?hl=es#!forum/diaphora to ask for help, new features, report issues, etc… For reporting bugs, however, I recommend using the issues tracker: https://github.com/joxeankoret/diaphora/issuesPlease note that only the last 3 versions of IDA are officially supported. As of today, it means that only IDA 7.1, 7.2 and 7.3 are supported. Versions 6.8, 6.9, 6.95 and 7.0 do work (with all the last patches that were supplied to customers), but no official support is offered for them. However, if you run into any problem with these versions, ping me and I will do my best.DocumentationYou can check the tutorial https://github.com/joxeankoret/diaphora/blob/master/doc/diaphora_help.pdfScreenshotsThis is a screenshot of Diaphora diffing the PEGASUS iOS kernel Vulnerability fixed in iOS 9.3.5:And this is an old screenshot of Diaphora diffing the Microsoft bulletin MS15-034:These are some screenshots of Diaphora diffing the Microsoft bulletin MS15-050, extracted from the blog post Analyzing MS15-050 With Diaphora from Alex Ionescu.Here is a screenshot of Diaphora diffing iBoot from iOS 10.3.3 against iOS 11.0:Download Diaphora

Link: http://www.kitploit.com/2019/08/diaphora-most-advanced-free-and-open.html

UPDATE: Nmap 7.80

PenTestIT RSS Feed
Good news guys! The Nmap 7.80 update is now available. We’ve had to wait for such a long time since the guys behind Nmap were extremely busy improving the Npcap raw packet capturing/sending driver. It now uses modern APIs and is more performant as well as more secure and more featureful than WinPcap. We allRead more about UPDATE: Nmap 7.80
The post UPDATE: Nmap 7.80 appeared first on PenTestIT.

Link: http://pentestit.com/nmap-7-80-update/

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed
If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools.  Sometime back, an update – the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always, this version discusses the different updates made toRead more about UPDATE: MITRE CALDERA 2.2.0
The post UPDATE: MITRE CALDERA 2.2.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-mitre-caldera-2-2-0/

UPDATE: OWASP Dependency-Check 5.1.0

PenTestIT RSS Feed
My first post about this open source OWASP project was about an older version. Some days back, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 5.1.0, which includes a lot of bug fixes and enhancements. What is OWASPRead more about UPDATE: OWASP Dependency-Check 5.1.0
The post UPDATE: OWASP Dependency-Check 5.1.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-owasp-dependency-check-5-1-0/

Electronegativity: An Open Source Electron Security Auditor

PenTestIT RSS Feed
Electron is a pretty recent framework for building desktop applications and there are not many tools that deal with the security part either. There is a electronjs security checklist, providing guidelines for building secure applications, but there is no tool per-se – atleast none I know of! Electronegativity changes this. This post describes the open sourceRead more about Electronegativity: An Open Source Electron Security Auditor
The post Electronegativity: An Open Source Electron Security Auditor appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/kjHNVXhvAkM/

UPDATE: Ostinato 0.9!

PenTestIT RSS Feed
This tool came to my rescue yet again today! If you remember, I had blogged about this tool in my older post titled – Ostinato: The Network Traffic Generator and Analyzer! As always, before using any tool I tried to update it and there it was – Ostinato 0.9. This update was released long ago,Read more about UPDATE: Ostinato 0.9!
The post UPDATE: Ostinato 0.9! appeared first on PenTestIT.

Link: http://pentestit.com/update-ostinato-0-9/

UPDATE: Cuckoo Sandbox 2.0.7

PenTestIT RSS Feed
It has been some time that I posted about the Cuckoo Sandbox. Good news is that the guys at the Cuckoo Foundation are not silent and have released the Cuckoo Sandbox 2.0.7, with lots of improvements, code cleanup, support for VirtualBox 6 and the well deserved support for the MITRE ATT&CK TTP detection. What isRead more about UPDATE: Cuckoo Sandbox 2.0.7
The post UPDATE: Cuckoo Sandbox 2.0.7 appeared first on PenTestIT.

Link: http://pentestit.com/update-cuckoo-sandbox-2-0-7/

Unprotect Project: Classify Malwares Based on Known Evasion Techniques

PenTestIT RSS Feed
One of the first steps in learning about a malware is to see if it is evasive in any sense and then proceed accordingly. The Unprotect Project helps you do this easily. It is an open source project in Python that proposes a malware classification techniques based on their evasive capabilities to help understand andRead more about Unprotect Project: Classify Malwares Based on Known Evasion Techniques
The post Unprotect Project: Classify Malwares Based on Known Evasion Techniques appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/K1U3Sf1ZrMg/