An Intro to Binary Ninja (Free) for Malware Analysis
ฝัง
- เผยแพร่เมื่อ 27 ก.ค. 2024
- Description: In this video, I introduce a workflow for analyzing malware with Binary Ninja, free edition.
Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!
SANS Malware Analysis Courses I Author and Teach:
sans.org/for610 (co-author)
sans.org/for710
Samples: github.com/as0ni/youtube-file...
Password: infected
Description: WannaCry DLL
Unzipped SHA-256: 1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830
Tools
Binary Ninja: binary.ninja/free/
Documentation:docs.binary.ninja
Resources:
Binary Ninja Official Plugins: github.com/Vector35/official-...
Binary Ninja Community Plugins: github.com/Vector35/community...
Binary Ninja Community Themes: github.com/Vector35/community...
Reverse Engineering Malware with Ghidra (Off By One Security stream): th-cam.com/users/livecv95ddz_...
Find Anuj Soni on X: x.com/asoni
Connect on LinkedIn: / sonianuj - แนวปฏิบัติและการใช้ชีวิต
Vector 35 Co-Founder here; Great video! Better than anything we've made internally! 😆
Thank you, that means a lot to me coming from you!
This video actually makes me want to buy the non-commercial (personal) license. NSA had their chances with Ghidra, their API is not that great even considering the widely support that is out there for Ghidra Python. Once a 3 headed dragon remains a "horrible" dragon, although it has its pros for a free disassembler. Their binary emulator / debugger is something I have tried but not user friendly which made me run away directly to Unicorn / x64Dbg. Similar to WinDbg, I cant feel that vibe.
can I have binary ninja for free?
jk
unless...
Binary Ninja is really a game-changer! Especially with v4, it’s wild
This video anwers all my questions! The quality of this video is 10/10, congrats Anuj!
Im buying this now.
You made my day, thank you!
Binary Ninja is absolutely where it’s at.
You are able to explain well and understandably.
I would be happy to see more videos around the topic of malware analysis with Binary Ninja.
Thank you! I do plan to release more analysis videos using Binja!
Anuj bhai !! thank you forrr thissss and please keep producing such top notch content on reverse engineering and malware analysis!!
respect
Anuj, you should be an anchor man on the Evening Malware News! Outstanding presentation.
Lol thanks Terry. Hope you’re well!
this is high quality content, make moooore!
Glad you enjoyed it!
Hi Anuj,
very good video, I like how binary ninja shows more readable decompiled code than Ghidra and also displays the import functions! I have a question/suggestion for upcoming video:
How would you deal with executables that compile JIT like .Net?
Best regards
DNSpy, or equivalent tool
@@theotheryachtclub2215 yeah, but I have many questions about debugging it.
Thanks for the topic idea! Introducing debugging .NET with dnspyEx (github.com/dnSpyEx/dnSpy) might be a good one!
These videos are so good
Thanks for watching!
Fully agree, one of the best SANS instructors that is out there! Why? If you're able to lecture such a relatively 'advanced' topic and still being able to explain it crystal clear and comprehensively.
Short video but very educative..
Thank you!
UI like VSCode and Sublime text style
So the plugins tab will not work for the free version?
Sorry if i missed it somewhere in the video, is binary patching possible with the free version?
It is!
The only type of patching you can't do in the free version is the patching using the built-in compiler SCC that the full version has. Otherwise everything in this old blog post still applies: binary.ninja/2017/12/15/change-is-in-the-air.html
@@JordanWiensthank you very much, great video !
What's the added value of Binary Ninja over Ghidra? Is it worth paying for it?
Depends how you feel about what I presented in the video :-)
Is your vm the base FLARE install?
Actually it’s based off the SANS FOR610 VM but similar idea!
@@sonianuj it looks so much cleaner!