Reversing and Exploiting ARM Binaries: rwthCTF Trafman
To set up a virtual ARM environment using Qemu, introduce ARM assembly, reverse ARM binaries, and demonstrate how to write basic exploits for ARM using the trafman challenge of rwthCTF as an example. Virtual ARM Environment To start we need an environment capable of running ARM binaries. Since I didn't have an ARM machine I created a virtual ARM environment using Qemu. Qemu is similar to VirtualBox or VMWare, except that it can support multiple architectures. This allows you the emulate ARM on your default x86 or x64 machine. First we need to know which ARM architecture to pick. Most Linux distributions support two architectures: armel and armhf. Armel supports the ARMv4 instruction set and emulates floating point operations in software, while armhf supports the ARMv7 instruction set and uses hardware floating point operations. At least that's the case for Debian, Ubuntu uses the term "armel" differently [Ubuntu FAQ, ARM FAQ].
FEATURES
ALTERNATIVES
A collaborative malware analysis framework with various features for automated analysis tasks.
Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.
A tool to locally check for signs of a rootkit with various checks and tests.
A tool designed to handle archive file data and augment Yara's capabilities.
A powerful tool for detecting and identifying malware using a rule-based system.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A simple Python script to test for a hypothetical JWT vulnerability
PINNED
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.