0x6d696368

Ghidra: Patch Diff Correlator Project

Ghidra: Patch Diffing libPNG (via Version Tracking Tool)

Ghidra: Fix unaff_ via Set Register Values...

Ghidra: Fix in_, extraout_, in_stack_ decompiler variables

Ghidra: Fix .text function names

Ghidra: Stack Depth (to detect stack manipulation)

ghidra_scripts: GoogleSearch.py (to lookup function names via Google)

ghidra_scripts: SimpleStackStrings.py (to reassemble "stack strings")

ghidra_scripts: colorCallGraphCallsTo.py (using SetBackroundColor and traversing the call graph)

Ghidra: Shadow Hammer (Stage 1: Setup.exe) complete static Analysis

Ghidra: Search Program Text... (to find XOR decoding functions in malware)

Ghidra: Version Tracking

Ghidra: Export Symbols and Load External Libraries (to resolve imported function names)

Ghidra: Data Type Manager / Archives and Parse C Source... (resolve function signatures)

ghidra_scripts: RC4Decryptor.py

Ghidra: Generate Checksum... (to extract hashes of embedded malware artifacts)

Ghidra: FunctionID (to identify libraries and code reuse)

Ghidra: Server / Shared Projects (using ghidra-server.org)

Ghidra: Bytes View (to patch binary and export to a working PE file)

Ghidra: Fixing Bugs (Fixing PE section import size alignment)

Ghidra: Clear Flow and Repair, and Patch Instruction (to defeat anti-disassembly)

Ghidra: Scripting (Python) (a quick introduction by implementing pipeDecoder.py)

Ghidra: Decompile and compile (to quickly reimplement malware decoding functions)

Ghidra: EditBytesScript (to fix/manipulate PE header to load ShadowHammer setup.exe sample)

Ghidra: Extract and Import ... (to extract resources from PE binaries)

Ghidra: YaraGhidraGUIScript (to generate a YARA signature for threat/retro hunting)

Ghidra: XORMemoryScript (to XOR decode strings)

"Reviewing" the PasswordsFAST hardware password safe

Cold boot attack with RAM transplantation against DDR2

Hardware reverse engineering gear (Part 2): Communication interfaces