잡동사니/각종 자료들
C# 언패킹
dnspy https://github.com/dnSpy/dnSpy ConfuserEx https://github.com/BedTheGod/ConfuserEx-Unpacker-Mod-by-Bed megadumper https://github.com/CodeCracker-Tools/MegaDumper ksdumper https://github.com/EquiFox/KsDumper 1. C# 프로그램 실행해서 메모리에 적재 2. megadumper, ksdumper로 메모리에 적재된 C# 데이터 dump 3. ConfuserEx로 암호화되어 있는 경우 ConfuseEx-Unpacker를 사용하여 언패킹 4. dnspy로 결과물 확인
Vmware Win7 vmware tools 설치
https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419 Microsoft Update 카탈로그 www.catalog.update.microsoft.com https://www.catalog.update.microsoft.com/search.aspx?q=kb4490628 Microsoft Update 카탈로그 www.catalog.update.microsoft.com 팩 설치 후 Install vmware tools 하면 됩니다.
volatility2,3 cheatsheet
https://blog.onfvp.com/post/volatility-cheatsheet/ Volatility 3 CheatSheet Comparing commands from Vol2 > Vol3 blog.onfvp.com https://book.hacktricks.xyz/forensics/basic-forensic-methodology/memory-dump-analysis/volatility-examples Volatility - CheatSheet - HackTricks “scan” plugins, on the other hand, will take an approach similar to carving the memory for things that might make sense when dere..
점프리스트 ID 값 목록(Jumplist ID)
https://github.com/EricZimmerman/JumpList/blob/master/JumpList/Resources/AppIDs.txt GitHub - EricZimmerman/JumpList Contribute to EricZimmerman/JumpList development by creating an account on GitHub. github.com