GEF 2018.10 released: GDB Enhanced Features for exploit devs & reversers

New features:
Support for RISC-V architecture (@dlrobertson )
Brand new skin, designed by our own @Grazfather
New command print-format
New convenience variables / functions ($_pie , $_heap) by @wbowling
Better AARCH64 support
All command outputs are now buffered, so less IO, more perf
“Repeatable” commands are in
PyEnv support (@hazedic)
Ditched Travis-CI for Circle-CI
Glibc Tcache bins support
Colorized hexdump byte (pwntools-like)

Bugfix in x86 EFLAGS parsing
Better and more unit tests
More caching (on key functions, settings, etc.)
Fixed the doc
(ARM) Auto. adjust GEF mode from cspr flag
Bugfix in capstone integration
Fixed minor issues in format-string-helper
Fixed IDA integration, thx @cclauss
And more minor bugfixes, and speed improvement


CheckPoint Research: Scout Debugger

“Scout” is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios, such as:

Collecting information on the address space of the debuggee – recon phase and exploit development
Exploring functionality of the original executable by accessing and executing selected code snippets
Adding and testing new functionality using custom debugger instructions

We have successfully used “Scout” as a debugger in a Linux Kernel setup, and in an embedded firmware research, and so we believe that it’s extendable API could prove handy for other security researchers in their research projects.

Windbg updated

Windbg, Microsoft’s Windows system debugger, has been released with new features, one of which is ability to write debugger scripts in JavaScript.

(WordPress renders the MSDN blog URL strangely, if you can’t click on that, click on the URL in Alex’s twtter.)

tool: Edb

Edb is a system debugger, written by Evan Teran (@eteran). It’s been around for a while, but recently updated to use the Capstone engine, where I noticed it:

Edb is a cross platform x86/x86-64 debugger, inspired by OllyDbg, but aims to function on x86 and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality. It is written in C++ using Qt. It contains these plugins: Analyzer, Assembler, BinaryInfo, BinarySearcher, Bookmarks, BreakpointManager, CheckVersion, DebuggerCore, DumpState, FunctionFinder, HardwareBreakpoints, HeapAnalyzer, OpcodeSearcher, ProcessProperties, ROPTool,References, and SymbolViewer.

Some security researchers may not know of OllyDbg, but only of Immunity Debugger (ImmyDbg), which is a fork of the GPL OllyDBg (but Immunity doesn’t seem to provide source…). Edb is also GPL-licensed, but source is easily available, and with Capstone backing it, looks to be very interesting!