MCPcopy Index your code
hub / github.com/eastmountyxz/SystemSecurity-ReverseAnalysis

github.com/eastmountyxz/SystemSecurity-ReverseAnalysis @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
449 symbols 1,126 edges 51 files 201 documented · 45%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

SystemSecurity-ReverseAnalysis

该资源为系统安全和逆向分析实验,包括作者从零学习恶意代码分析、病毒逆向分析的工具及样本。主要以实例为主,安全工具推荐大家购买正版使用,基础性文章,希望对您有所帮助~

声明:本人坚决反对利用教学方法进行犯罪的行为,一切犯罪行为必将受到严惩,绿色网络需要我们共同维护,更推荐大家了解它们背后的原理,更好地进行防护。部分恶意样本不会分享给大家,分析工具会分享。

沙箱: - 微步沙盒:https://s.threatbook.cn/ - 腾讯哈勃分析系统:https://habo.qq.com/ - 魔盾:https://www.maldun.com/analysis/ - 微点沙盒:https://sandbox.depthsec.com.cn/index.php/ - 奇安信文件深度分析平台:https://sandbox.ti.qianxin.com/sandbox/page - ANYRUN:https://app.any.run/ - HybridAnalysis (Falcon Sandbox):https://www.hybrid-analysis.com/ - CAPE Sandbox: https://capesandbox.com/ - BD Sandbox Analyzer:https://www.bitdefender.com/business/enterprise-products/sandbox-analyzer.html - Joe Sanbox: https://www.joesandbox.com/


博客原文:


PE文件解析、病毒分析、汇编普及

PE图标替换 PE最小格式

  • [网络安全自学篇] 《Windows黑客编程技术详解》笔记(1)VS环境配置及DLL延迟加载详解
  • [网络安全自学篇] 《Windows黑客编程技术详解》笔记(2)注入技术详解(全局钩子、远线程钩子、APC注入)
  • [网络安全自学篇] 《Windows黑客编程技术详解》笔记(3)病毒启动技术创建进程API、突破SESSION0隔离
  • [网络安全自学篇] 《Windows黑客编程技术详解》笔记(4)木马开机自启动技术(注册表、计划任务、系统服务)
  • [网络安全自学篇] 《Windows黑客编程技术详解》笔记(5)提权技术(令牌权限提升和Bypass UAC)

  • angr相关知识普及

  • 汇编知识普及

  • [网络安全自学篇] 五十三.Windows漏洞利用之Metasploit实现栈溢出攻击及反弹shell

  • [网络安全自学篇] 五十四.Windows漏洞利用之基于SEH异常处理机制的栈溢出攻击及shell提取
  • [网络安全自学篇] 五十五.Windows漏洞利用之构建ROP链绕过DEP并获取Shell

AI安全系列十篇

蚂蚁金服一篇 漏洞张超老师 AI网络流量监测 AI其他


By:Eastmount 2020-12-31

Core symbols most depended-on inside this repo

append
called by 90
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
eprint
called by 42
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
extend
called by 24
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
read
called by 20
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
close
called by 18
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
read_bits
called by 17
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
flag
called by 16
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py
seek
called by 15
18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py

Shape

Method 308
Function 77
Class 64

Languages

Python77%
Ruby20%
C++3%
C1%

Modules by API surface

18.BAT+WinRAR/CVE-2018-20250-WinRAR/acefile.py254 symbols
08.CVE-2019-0708/rdp/rdp.rb68 symbols
18.BAT+WinRAR/CVE-2018-20250-WinRAR/exp.py18 symbols
10.CVE-2020-0796-SMB/CVE-2020-0796-POC.py17 symbols
08.CVE-2019-0708/python/crashpoc.py17 symbols
08.CVE-2019-0708/rdp/cve_2019_0708_bluekeep_rce.rb10 symbols
08.CVE-2019-0708/python/poc.py10 symbols
08.CVE-2019-0708/rdp/cve_2019_0708_bluekeep.rb8 symbols
51.API-DL-Classifier/CNN-BiLSTM-ATT/CNN_Attention_LSTM_cnews.py6 symbols
57.MS-Defender-Malware/get_defender.py5 symbols
08.CVE-2019-0708/rdp/rdp_scanner.rb5 symbols
07.逆向自制加密与解密/main.cpp4 symbols

For agents

$ claude mcp add SystemSecurity-ReverseAnalysis \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact