Great Video! Thank you so much for posting. You're probably the first one to post a tutorial for ghidra's BSim on youtube! And the quality and clarity of the video are awesome! Even for someone who's just starting out with reverse engineering. How doesn't your channel have more subscribers! I expect it to have much more subs if you start posting videos more often. Good luck. I have a couple of questions regarding ghidra's BSim though and it would be great if you could address them for me. First one is, can we say that ghidra's BSim is similar or does the same functionality of BinDiff, IDA's FLIRT/Lumina and ApplySig script for ghidra? Like is it ghidra's native alternative? And the second question is, how can I use this functionality to figure out "Which libraries were statically linked into this executable, and possibly what version of the library?" as it's said in ghidra's BSim introduction on "What's New in Ghidra 11.0" page? Thank you so much in advance.
Thanks for watching and sorry I missed this comment earlier. BSim is similar to BinDiff in its goal, but they do take different approaches (the documentation dives into this a bit). IDA's FLIRT is more similar to Ghidra's FID (Function ID) feature. Unfortunately I don't have any experience with ApplySig. Regarding your last question ("Which libraries were statically linked..."), I think you would need to load a library (with symbols) in Ghidra and create a BSim database first. Then you could compare another binary with that BSim db to answer the question.
@@sonianuj hey Anuj, I definitely have some ideas. I am wondering how you would tackle Control Flow Flattening and bypass heavy anti debugging/ anti disassembly techniques. I have recently deep dived into this topic, Intel In-Circuit Emulator ( 0xF1) and some TEB TIB and SEH chains
Great video! I'm trying to learn coding and all the software out there. It's been like drinking water through a fire house, but you explain things really simply. One question I have: can you use Ghidra's BSim function to compare two similar .dll written in C++ files to find the differences between them?
![ตีสิบเดย์ [FULL] | อาจารย์โอเล่ ญาณสัมผัส ผ่าดวงคนดัง ประเทศไทยจะเป็นยังไงหลังจากนี้!](http://i.ytimg.com/vi/gszT2O76fL4/mqdefault.jpg)
Amazing tutorial. Thank you. Super useful.
Glad it was helpful!
As clear and informative as ever, great video Anuj.
Thank you, very happy to hear you enjoyed it!
Great video. Exactly what I was looking for - this deserves more views.
Much appreciated!
Thank you for all useful explanation
thank you for all useful explanations
You are welcome!
Great Video! Thank you so much for posting. You're probably the first one to post a tutorial for ghidra's BSim on youtube! And the quality and clarity of the video are awesome! Even for someone who's just starting out with reverse engineering. How doesn't your channel have more subscribers! I expect it to have much more subs if you start posting videos more often. Good luck.
I have a couple of questions regarding ghidra's BSim though and it would be great if you could address them for me. First one is, can we say that ghidra's BSim is similar or does the same functionality of BinDiff, IDA's FLIRT/Lumina and ApplySig script for ghidra? Like is it ghidra's native alternative? And the second question is, how can I use this functionality to figure out "Which libraries were statically linked into this executable, and possibly what version of the library?" as it's said in ghidra's BSim introduction on "What's New in Ghidra 11.0" page? Thank you so much in advance.
Thanks for watching and sorry I missed this comment earlier. BSim is similar to BinDiff in its goal, but they do take different approaches (the documentation dives into this a bit). IDA's FLIRT is more similar to Ghidra's FID (Function ID) feature. Unfortunately I don't have any experience with ApplySig.
Regarding your last question ("Which libraries were statically linked..."), I think you would need to load a library (with symbols) in Ghidra and create a BSim database first. Then you could compare another binary with that BSim db to answer the question.
John sent me here. Will check u out later. But so far the topics seem interesting and your presentation is spot on
Thanks for stopping by! If you have ideas for malware analysis topics you’d like to see, let me know.
@@sonianuj hey Anuj, I definitely have some ideas. I am wondering how you would tackle Control Flow Flattening and bypass heavy anti debugging/ anti disassembly techniques. I have recently deep dived into this topic, Intel In-Circuit Emulator ( 0xF1) and some TEB TIB and SEH chains
Great video! I'm trying to learn coding and all the software out there. It's been like drinking water through a fire house, but you explain things really simply. One question I have: can you use Ghidra's BSim function to compare two similar .dll written in C++ files to find the differences between them?
Hi there, thanks for watching! Hopefully I'm understanding your question correctly - yes, you can definitely use BSim to compare two DLLs.
cool vid, im still learning basics
Thanks for watching!
Need more content ❤
lol any day now…
Hey Anuj! Ever had problems with Ghidra where it crashes in extremely large/complex binaries written in rust like the Hive ransomware?
I’ve certainly have seen that before…wish I had a solution :-(
is there anyway we can get an ova copy of the vm you use? or someway to dup the tools you have?
Unfortunately I can’t provide the VM, but a flare-vm install should get you pretty close: github.com/mandiant/flare-vm