Collection of works, presentations, blogpost, etc for Qiling related projects

[xwings]

Official Youtube

• Official Youtube Channel: https://www.youtube.com/@qilingframework

Showcase

• Emotet's embedded C2

• https://gist.github.com/LloydLabs/d4e0ffba3ba6ccce17fafc08d9118385

• dragonfly

• https://dragonfly.certego.net/

• pwnservice

• https://github.com/The-Soloist/pwnservice

• Karton Unpacker

• https://github.com/CERT-Polska/karton

• Qualcomm Sahara / Firehose Attack Client / Diag Tools

• https://github.com/bkerler/edl

• FileInsight-plugins

• https://github.com/nmantani/FileInsight-plugins

• efi_fuzz

• https://github.com/Sentinel-One/efi_fuzz

• vacation3

• https://github.com/ioncodes/vacation3-emu

Tutorial

• Qiling Lab 01

• https://www.shielder.it/blog/2021/07/qilinglab-release/
• https://joansivion.github.io/qilinglabs/
• https://gist.github.com/dark-lbp/e957b43fee6df67cece4a58ccef633ab
• https://gist.github.com/h4x5p4c3/da447b85a59a5defa4b5747d949f0a03

• Arm64 binary emulation using Qiling Framework

• https://www.youtube.com/watch?v=VSdV2JW_7oA

Papers

• On the Effectiveness of Binary Emulation in Malware Classification

• https://arxiv.org/pdf/2204.04084.pdf

• LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

• https://documents.trendmicro.com/images/TEx/pdf/Technical-Brief---LoRaWANs-Protocol-Stacks-The-Forgotten-Targets-at-Risk.pdf

• FIRMGUIDE: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided
  Kernel Execution

• http://yajin.org/papers/ase21_firmguide.pdf

• EDGE OF THE ART IN VULNERABILITY RESEARCH VERSION 4 OF 4

• https://apps.dtic.mil/sti/pdfs/AD1126216.pdf

• Dragonfly: next generation sandbox

• https://amslaurea.unibo.it/20894/1/Dragonfly%20next%20generation%20sandbox.pdf

Writeup

• [Fuzzing] Qiling 框架在 Ubuntu22.04 rootfs下遇到 CPU ISA level 错误的临时解决方案

• https://cloud.tencent.com/developer/article/2144036

• Unionware Writeup Part A [UnionCTF 2021]

• https://cxiao.net/posts/2021-10-10-unionware-writeup-part-a/

• Dynamic analysis of firmware components in IoT devices

• https://ics-cert.kaspersky.com/publications/reports/2022/07/06/dynamic-analysis-of-firmware-components-in-iot-devices/?utm_source=securelist&utm_medium=link&utm_campaign=dynamic-analysis-of-firmware-components-in-iot-devices

• [原创]一种新的Android Runtime环境仿真及调试方法

• https://bbs.pediy.com/thread-272605.htm

• A Sneak Peek into Smart Contracts Reversing and Emulation

• https://www.shielder.com/blog/2022/04/a-sneak-peek-into-smart-contracts-reversing-and-emulation/

• QILING: un framework para emular binarios muy útil para el análisis de malware

• https://www.welivesecurity.com/la-es/2022/04/01/qiling-framework-emular-binarios-para-analisis-malware/

• Reversing embedded device bootloader (U-Boot)

• https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1/
• https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2/

• PancakeCon CTF "Crack" Challenge

• https://devilinside.me/blogs/pancakecon-ctf-crack-challenge

• TP-Link XDR-5430-V2 研究分享 - 第一章

• https://mp.weixin.qq.com/s?__biz=MzIzODAwMTYxNQ==&mid=2652141409&idx=1&sn=9d11237b4ea6457431de5bcf72e6a786&chksm=f320dbc1c45752d718b086a1061ba806efd741f54384d9bf4f063fb0f6dc1d52c77d39b64def&mpshare=1&scene=1&srcid=1228QkzhEvROEcflXGTLtmQh&sharer_sharetime=1640686032792&sharer_shareid=543a59f5c558dcd522e161779f8928f8#rd

• Leveraging Qiling for Kport strings decryption

• https://raw-data.gitlab.io/post/kpotv1_emul/

• Decrypt configuration files like exactly how Huawei ONT does

• https://devilinside.me/blogs/decrypt-configuration-files-exactly-how-huawei-ont-does

• Hunting IcedID and unpacking automation with Qiling

• https://blogs.vmware.com/security/2021/07/hunting-icedid-and-unpacking-automation-with-qiling.html

• [Mal Series # 17] Binary Emulation with Qiling Framework

• https://ghoulsec.medium.com/mal-series-17-binary-emulation-with-qiling-framework-322fb4602cfe

• Automatic unpacking with Qiling framework

• https://kernemporium.github.io/posts/unpacking/

• WINTERN 2020: IOT FIRMWARE ANALYSIS

• https://margin.re/blog/wintern-2020-iot-firmware-analysis.aspx

• Unpacking In-Memory Malware with Qiling

• https://codemuch.tech/2021/04/28/unpacking-in-memory-malware/

• Qiling: A true instrumentable binary emulation framework

• https://isc.sans.edu/diary/Qiling%3A+A+true+instrumentable+binary+emulation+framework/27372

• Playing with PE Files, Packers and Qiling Framework

• https://nahueldsanchez.com.ar/Playing-with-PE-Files-Packers-and-Qiling-Framework/

• Unpacking RAGNARLOCKER via emulation

• https://blog.reversing.xyz/docs/posts/unpacking_ragnarlocker_via_emulation/

• Reproducing n-day vulnerabilities and writing N-day based fuzzer with Qiling

• https://devilinside.me/blogs/reproducing-ndays-qiling

• Emulated a Netgear router binary using qiling to reverse a backdoor

• https://github.com/bkerler/netgear_telnet/blob/main/research/qiling_emulate.py

• Using Qiling Framework to Unpack TA505 packed samples

• https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/using-qiling-framework-to-unpack-ta505-packed-samples/#ta505-packer

• [PT007] Simulating and hunting firmware vulnerabilities with Qiling

• https://blog.vincss.net/2020/12/pt007-simulating-and-hunting-firmware-vulnerabilities-with-Qiling.html

• Decrypt Aisuru Bot Encoded Strings with Qiling Framework

• http://binaryhax0r.blogspot.com/2020/07/decrypt-aisuru-bot-encoded-strings-with.html

• Brute-Force Flareon2015 Challenge#2 with Qiling

• http://binaryhax0r.blogspot.com/2020/09/brute-force-flareon2015-challenge2-with.html

• Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

• https://labs.sentinelone.com/moving-from-manual-re-of-uefi-modules-to-dynamic-emulation-of-uefi-firmware/

• Qiling & Binary Emulation for automatic unpacking

• https://kernemporium.github.io/articles/en/auto_unpacking/m.html

• [原创]使用Qiling IDA插件解密Mirai病毒数据

• https://bbs.pediy.com/thread-262073.htm

• Part II: Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework, Part II

• https://github.com/nahueldsanchez/blogpost_qiling_dlink_2

• Part I: Analyzing a buffer overflow in the DLINK DIR-645 with Qiling framework and Ghidra.

• https://nahueldsanchez.wordpress.com/2020/08/10/analizing-a-buffer-overflow-in-the-dlink-dir-645-with-qiling-framework-and-ghidra/
• 翻译: https://xz.aliyun.com/t/8156

• Automated dynamic import resolving using binary emulation

• https://lopqto.me/posts/automated-dynamic-import-resolving

• Using Qiling to resolve obfuscated import on windows

• https://gist.github.com/y0ug/b83fcf121f80d419c8d5eb342ca31a59

• Dive deeper – Analyze real mode binaries like a Pro with Qiling Framework

• https://hackmd.io/@ziqiaokong/BkbGuCJND
• 中文; https://blog.ihomura.cn/2020/09/06/%E7%94%A8%E9%BA%92%E9%BA%9F%E6%A1%86%E6%9E%B6%E6%B7%B1%E5%85%A5%E5%88%86%E6%9E%90%E5%AE%9E%E6%A8%A1%E5%BC%8F%E4%BA%8C%E8%BF%9B%E5%88%B6%E6%96%87%E4%BB%B6

• How to reproduce CVE-2020-8962 with Qiling Framework

• https://ucgjhe.github.io/post/cve_2020_8962/

• Qiling For Malware Analysis: Part 1 and Part 2

• https://n1ght-w0lf.github.io/tutorials/qiling-for-malware-analysis-part-1/
• https://n1ght-w0lf.github.io/tutorials/qiling-for-malware-analysis-part-2/

• PE Emulation With Code Coverage Using Qiling and Dragon Dance

• https://pwnage.io/pe-code-coverage-emulation-qiling/
• 翻译: https://bbs.pediy.com/thread-261841.htm

• Automated malware unpacking with binary emulation

• https://lopqto.me/posts/automated-malware-unpacking

• ByteBandits CTF 2020 - Autobot

• https://chinmaydd.in/2020/04/13/Autobot/

• Qiling Scripting and Simple RE Task

• https://trib0r3.github.io/posts/qiling-scripting-and-simple-re-task/

• Certego research at the HITB Security Conference:

• https://www.certego.net/en/news/certego-research-at-the-hitb-security-conference/

• EFI_DXE_Emulator: Qiling support in the works!

• https://firmwaresecurity.com/2020/05/06/efi_dxe_emulator-qiling-support-in-the-works/

• 多架构二进制 Fuzzing 的几种环境搭建

• https://www.zybuluo.com/H4l0/note/1666939

• Phân tích mẫu mã độc khai thác lỗ hổng Microsoft Office Equation Editor

• https://blog.viettelcybersecurity.com/phan-tich-mau-ma-doc-khai-thac-lo-hong-microsoft-office-equation-editor/

• Qiling Fuzzer

• https://github.com/domenukk/qiling/blob/unicornafl/afl/README.md

• Csaw CtF

• https://github.com/re-fox/capture_the_flag/blob/master/rabbithole/rabbithole_qiling.py

Media

• https://isc.sans.edu/podcastdetail.html?id=7482
• https://www.kitploit.com/2020/02/qiling-advanced-binary-emulation.html
• https://hakin9.org/qiling-advanced-binary-emulation-framework/
• https://infoseccampus.com/sectools-e19-kaijern/

Conference

• https://www.blackhat.com/eu-22/arsenal/schedule/#reversing-mcu-with-firmware-emulation-29553
• https://blackhatmea.com/node/724
• https://www.blackhat.com/us-21/arsenal/schedule/index.html#bringing-the-x-complete-re-experience-to-smart-contract-24119
• https://conference.hitb.org/hitbsecconf2021ams/sessions/when-qiling-framework-meets-symbolic-execution/

• Video: https://www.youtube.com/watch?v=8omtif6CnnY

• https://www.blackhat.com/asia-21/arsenal/schedule/index.html#qiling-smart-analysis-for-smart-contract-22643
• https://www.blackhat.com/eu-20/arsenal/schedule/index.html#qiling-framework-deep-dive-into-obfuscated-binary-analysis-21781
• https://conference.hitb.org/hitb-lockdown002/virtual-labs/virtual-lab-qiling-framework-learn-how-to-build-a-fuzzer-based-on-a-1day-bug/
• https://www.blackhat.com/us-20/arsenal/schedule/index.html#qiling-framework-from-dark-to-dawn-----enlightening-the-analysis-of-the-most-mysterious-iot-firmware--21062
• https://www.blackhat.com/asia-20/arsenal/schedule/index.html#qiling-lightweight-advanced-binary-analyzer-19245
• https://nullcon.net/website/goa-2020/speakers/kaijern-lau.php
• https://conference.hitb.org/lockdown-livestream/
• https://www.defcon.org/html/defcon-27/dc-27-demolabs.html#QiLing
• https://hitcon.org/2019/CMT/agenda
• https://zeronights.ru/report-en/qiling-io-advanced-binary-emulation-framework/

Podcast

• Episode 1: https://www.youtube.com/watch?v=lCSVNr5p9LI
• Episode 2: https://www.youtube.com/watch?v=074zX1LeR5I
• Episode 3: https://www.youtube.com/watch?v=BOFG5GzdM4k
• Episode 4: https://www.youtube.com/watch?v=14NQJkvR_gU

Youtube

• Official Youtube Channel: https://www.youtube.com/@qilingframework
• Talk In HITB Cyberweek, Nov 2020: https://www.youtube.com/watch?v=ykUXUZo8fAk
• Talk In HITBLockdown 002, July 2020: https://www.youtube.com/watch?v=e3_T3KLh2NU
• Talk In HITBLockdown 001, April 2020: https://www.youtube.com/watch?v=2fHCrWduGuw
• Talk In Nullcon, March 2020: https://www.youtube.com/watch?v=K_eyXesGJbQ
• Talk in zeronights, Nov 2019: https://www.youtube.com/watch?v=xf0i9kfHKDI