My setup for apple M1/2
By: Idan Maman
The source of this post is Scribble format (not Markdown) - SO YEY I guess or somethind IDC.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Emulation
So Emulation in macos in the m series is a nightmare everthing is so slow if we are trying to use any graphicl feature or something like that . this is why I recommend to install a server version or any os without desktop env . Personaly I use Ubuntu server . any kind of modern windows will not be useable !!! only old version like xp or 95 .
Setup
So firstly you need to Install UTM.
UTM is just a gui warpper of qemu - so if you are in kernel pwning just use qemu directly .
so after that we can add a machine -
Or if we want to directly use qemu - just
1 |
qemu-system-x86_64 disk_image
|
later on I will show more things about qenu - this is the most basic form .
Virtualization
VmWare Fusion
For Virtualization I am using VMWare Fusion(12)
Personaly I am using Windows 11 and Fedora .
Disclaimer: Windows 11 arm is sucks - you can’t use a lot of tools becuase you can’t run x64 drivers and any type of Remote process memory write didnt work for me in windows arm so a lot of tools like cmder doesn’t work as well .
1 Linux
2 Windows
Terminal
1 Warp
At start I used the default terminal for a while - it is pretty nice but Warp
is a major upgrade to that .
link to warp :
so with warp you have AI chat , tmux like windows spliting , warp supporting ssh with bash/fish/zsh - that means you can use all warp’s features with your remote machine .
so it is pretty cool and have a realy nice gui and text complete so try it !
Packge Manager
1 |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" |
Reversing and pwning
so most of ur real job will be probaly in linux - but for static analysis it will much nicer to use gui on macos . so I will show a few tools - and mayn I will upload part B on linux later on .
PE edit tools
1 PE BEAR
tool to analyze the PE format .
2 PortEx
another tool to analyze the PE format with support of yara rules run in gui and rsrc files extraction and visualization of the enatropy of the sections .
3 Detect It Easy
tools to recognize the compilers , linkers , packers that used to create that PE .
ELF edit tools
1 XELFViewer
tool to analyze the ELF format
Reversing tools
1 IDA
Interactive debuger to show the PE file code deassembled in graph mode and decompile it as well as advanced searches and tools and in the pro version there is option to add plugins and programming with python with the ida API .
2 Ghidra
Like ida - open source not like ida with better decompiling in some cases and free decompiling to all the archs .
Netowrk analyze tools
1 wireshark
packet analsis tool .
2 burpsuite
tool to research of web applications .
CLI tools
1 tshark
2 pev-tools : pestr , pecheck , peldd ...
Developing
1 Docker
so I can’t say much - it works pretty nice , you can emualte x86 containers or use arm it doesn’t use the native kernel it is Virtualalized but it still works great .