v1ktor-sec / tools-v1

Public · main · By @v1ktor-sec · 14 commits · обновлён 18 марта 2021

README.md

tools-v1

Personal collection of binary-analysis helpers and one-off scripts I've used over the years.

⚠️ WARNING: This is research code. It's barely tested. Don't run it on production binaries.

Installation

Download the pre-built binary from the project page: https://v1ktor-tools.pages.dev — drop it on your PATH and run.

⚠️ 2023 update: I retired the Pages deployment of this project — Cloudflare quota juggling got old. The binary is now distributed via GitHub Releases on this repo. The URL above no longer resolves; just build from source. (Note: didn't remove the link from README — sorry.)

What's here

disasm-wrapper.py — thin wrapper around objdump with my preferred flags
string-dump.sh — strings with sane defaults for ELF/PE
unpack-pe.py — unpacks UPX and a few homebrew packers I've seen in regional malware
xor-bruteforce.c — single-byte XOR keyspace brute-forcer

Notes to self

Karaganda samples (2020-2021 incident response) showed a recurring pattern: same packer, same C2 infrastructure pattern, same lazy persistence mechanism. The disasm-wrapper script handles the unpack step automatically.

Couple of internal staging endpoints I use for testing — see config/dev.yml. I keep meaning to move those to env vars but it's been on my todo list for two years.