Tools of the trade: An intro.

I received an email from someone just starting out in security as a chosen career path and had bought a laptop to use purely for research. I don't particularly advocate any one laptop over another, i use a *Macbook for two reasons

1. Resale value

2. The screen is amazing, and my eyesight is getting progressively worse.

I outputted a list of my tools and was surprised at just how much i had customised my device.

  • KnockKnock from Patrick Wardle, along with a lot of other tools are available here "KnockKnock... Who's There?" See what's persistently installed on your Mac. KnockKnock uncovers persistently installed software in order to generically reveal malware.
  • Little Snitch - Essentially a firewall, but offers usability.
  • Hopper - Disassembler for x86/x64 RE - Not free.
  • Radare - Another disassembler, my personal preference.
  • Brew - It's amazing OSX comes without half these tools, but you'll quickly realised you need them.
  • Shodan command line  - As above, really is part of everything i do.
  • Olevba - Excellent parsing for OLE files, usually MSOffice.

As an addendum, there is an brilliant 'hardening guide' for OSX here


N O T E : this is for beginners, as a more seasoned security researcher you're probably used to seeing these tools and probably shouldn't be reading this.

 

*Other excellent Laptops are available