Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
350 topics in this forum
-
- 13 followers
- 105 replies
- 23.7k views
VMProtect started using Heaven's gate to make it difficult to bypass Usermode Anti-Debug. VMP uses ZwQueryInformationProcess (ProcessWow64Information) to check if the running process is wow64, and if the value is 0, it runs the sysenter opcode, judging that it is a 32bit operating system. An exception occurred when the wow64 process ran the "sysenter" opcode, and I installed VectorHandler to handle the exception. Exception Handler Functions: 1. check that the exception location that occurred is the "sysenter" opcode. 2. Check which Zw** APIs are called (checked in the eax register) 3. load all the arguments recorded in Conte…
-
Revteam Reverse Engineering Collection 1 2
by markaz.jamal- 7 followers
- 33 replies
- 21.8k views
I will be adding more courses https://pan.huang1111.cn/s/v8XwSE Pass:revteam.re
-
Flare-On 11 1 2 3 4
by Washi- 15 followers
- 88 replies
- 22.1k views
The official announcement has just been made: https://cloud.google.com/blog/topics/threat-intelligence/announcing-eleventh-annual-flare-on-challenge. Countdown: https://flare-on.com/ Surprised by the YARA and Veriflog entries. I wonder what they have in mind for those.
-
- 4 followers
- 26 replies
- 26.7k views
I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use Me…
-
- 4 followers
- 104 replies
- 25.9k views
Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29! I wonder if the medal shipments of last year will be in time before this next installment Who's joining this year?
-
CSL Course - Cracking Software Legally (CSL) & CSP Course - Cracking Software Practicals (CSP)
by usarmy- 5 followers
- 10 replies
- 16.1k views
CSL Course - Cracking Software Legally (CSL) & CSP Course - Cracking Software Practicals (CSP) Instructor :- Paul Chin More info :- crackinglessons.com/learn CSL Course: Link :- https://drive.google.com/drive/folders/1hOOQvXmL8w5TrVG0kLyTI815ochuupJ4 or https://juarewa-my.sharepoint.com/:f:/g/personal/adriancjz_luvedme_xyz/Eot4GoQ-6b9AjINvldZ2da0BTlo-26S7QwcMUphGia9b1Q?e=bbIWoH CSP Course Part 1 Link :- https://drive.google.com/drive/folders/1OHrg5Vycfcxg1uRVjsEWLrCPSbfzk917 or https://mega.nz/folder/KwADgara#kA1zVAa8CjT_MuagmUb9Fw Part 2 Link :- https://drive.google.com/drive/fo…
-
- 1 follower
- 1 reply
- 1.1k views
The course is free until end of July 4, 2024. https://www.udemy.com/course/reversing-software-protection/?couponCode=JULY2_FREE Personally, I think Paul Chin courses are total crap, but apparently some people still want to watch them. So...
-
Yet Another Anti-Debug Trick
by waliedassar- 1 follower
- 3 replies
- 6.8k views
I have recently come up with a new anti-debug trick, which can be useful only if the "Break on new thread" option is set. The trick has been tried on OllyDbg v1.10 and Immunity Debugger v1.83 in WOW64 running on Windows 7. Actually, i am not sure if someone else has already found it. In any affected debugger, if CREATE_THREAD_DEBUG_EVENT is received and the "Break on new thread" option is set, the debugger places an int3 software breakpoint on the lpStartAddress. There is a narrow time window between setting the int3 software breakpoint and recovering the original byte and this is what we are going to exploit. N.B. The next few lines are only for demonstration. More com…
-
Windows API Hooking and DLL Injection
by whoknows- 2 followers
- 3 replies
- 10.3k views
https://dzone.com/articles/windows-api-hooking-and-dll-injection
-
- 2 followers
- 1 reply
- 9.5k views
MALDEV1 (Malware Development 1: The Basics) Description Many malware analysts perform reverse engineering on malware without knowing the why’s. They only know the how’s. To fill that knowledge gap, I have created this course. You will learn first-hand from a Malware Developers’ perspective what windows API functions are commonly used in malware and finally understand why you need to trace them when reversing malware. Learning Methodology: Build programs that simulate Windows Trojans and Reverse Engineer them. This will make you a better Reverse Engineer and Malware Analyst and also Penetration Tester. The best way to understand malware is to b…
-
The Windows 2000 Device Driver Book + Sample Drivers...
by Teddy Rogers- 5 replies
- 7.1k views
The Windows 2000 Device Driver Book - A Guide for Programmers - 2nd Edition.7z Ted.
-
HexRays CTF Challenge
by kao- 1 follower
- 12 replies
- 5.1k views
https://hex-rays.com/blog/free-madame-de-maintenon-ctf-challenge/
-
Simple method to finding malware in the wild
by notaghost- 0 replies
- 2.5k views
This is the latest blog post on my security research blog on a simple method that you can use to find and analyze malware in the wild. https://hacked.codes/2023/introduction-hunting-malware-in-the-wild/ I have a few other posts on malware analysis, firmware extractions, etc. Working on some other cool articles, as well!
-
- 1 follower
- 11 replies
- 12.6k views
MALDEV2 (Malware Development 2: Advanced Injection and API Hooking) This course is about more advanced techniques in Malware Development. This course builds on what you have learned in Malware Development and Reverse Engineering 1: The Basics, by extending your development skills with: advanced function obfuscation by implementing customized API calls more advanced code injection techniques advanced DLL injection techniques understanding how reflective binaries work and building custom reflective DLLs hijacking and camouflaging trojan shellcodes inside legitimate running processes memory hooking to subvert the normal flow of a running pr…
-
- 1 follower
- 0 replies
- 6.5k views
Acquiring proficiency in programming languages such as C/C++ and Python is recommended as they are essential in reverse engineering. Familiarizing oneself with assembly language is crucial in understanding the inner workings of software and hardware. Reverse engineering involves disassembling programs, examining individual parts and software code, and analyzing their design and functionality. Disassemblers are powerful tools that can assist in this process. Practising with "crackmes," programs designed specifically for reverse engineering, is a great way to develop and hone reverse engineering skills. Starting with easy crackmes and referring to tutorial…
-
- 1 follower
- 4 replies
- 3.9k views
hi folks, got an issue while using rsatool2 v 1.7 for testing a 2048bit key. it starts well and when it goes about 30 minutes exits without any error and no result is getting back. can u advice some solutions ?
-
Site for reverse engineering tutorials 1 2
by R4ndom- 35 replies
- 36.1k views
My name is Random and I have been in the reversing community for a long time. I have started a site offering what I hope to be a long list of tutorials on reverse engineering. I have been doing this quite a while and I really just felt like I owed it to all the people who helped me learn what I know to give something back. I know, I know, "Another site for cracking tutorials", ...great. But hey, I'm just trying to be more active in the community. Anyway, the site is http://www.TheLegendOfRandom.com/blog/ The first several tuts are done.
-
- 9 followers
- 117 replies
- 31k views
Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge
-
The Import Address Table is Now Write-Protected...
by Teddy Rogers- 3 followers
- 3 replies
- 3.5k views
...and what that means for rogue patching. https://devblogs.microsoft.com/oldnewthing/20221006-07/?p=107257 Ted.
-
- 2 followers
- 7 replies
- 11.3k views
A Complete Research Paper: https://ieeexplore.ieee.org/document/9139515 I seriously wonder when this tool will get in the hands of public, its gonna be the doomsday for vmpsoft.
-
Can you crack the code on this 50-cent coin?
by Teddy Rogers- 1 follower
- 0 replies
- 3.7k views
https://www.asd.gov.au/75th-anniversary/events/commemorative-coin-challenge#no-back Ted.
-
- 0 replies
- 4.4k views
Language : C#. Protections: control flow/ string encry / vm Difficulty : 5/10 - idk Goal : Full unpack VirusTotal : https://www.virustotal.com/gui/file/2115c3b027f2c69dca837f976e74fa44932875ac68c0826c5010d55eb421f4b3 (8/66) UnpackMe-s.exe
-
Malwarebytes CrackMe (Capture-The-Flag)
by Teddy Rogers- 1 follower
- 1 reply
- 12.5k views
Not to be outdone by Flare-On-8, Malwarebytes have released their own CrackMe challenge... https://blog.malwarebytes.com/threat-intelligence/2021/10/the-return-of-the-malwarebytes-crackme/ Ted, MBCrackme.zip
-
- 16 followers
- 178 replies
- 65k views
Get ready! Source: http://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
-
ARTeam: Primer on Reverse Engineering Symbian 3rd Applications v10
by Shub-Nigurrath- 12 replies
- 14k views
Hi all this time argv is releasing an interesting huge primer on reversing symbian s60 3rd edition applications. This was something missing from the collection of our tutorials, which I am proud to announce! The tutorial is quite huge (41Mb archive). It includes reversing of 15 applications, plus the original SIS files (so you can train yourself) and two hacking methods you can use to hack your phone. Hacking your phone means hack the system so as applications are allowed to access protected system folders, this was one of the protections added to s60 3rd symbian). Reversers need to hack their phones to ease the reversing process, users of patched apps do not need this st…
