Reverse Engineering Articles

I will be adding more courses https://pan.huang1111.cn/s/v8XwSE Pass:revteam.re

VMProtect started using Heaven's gate to make it difficult to bypass Usermode Anti-Debug. VMP uses ZwQueryInformationProcess (ProcessWow64Information) to check if the running process is wow64, and if the value is 0, it runs the sysenter opcode, judging that it is a 32bit operating system. An exception occurred when the wow64 process ran the "sysenter" opcode, and I installed VectorHandler to handle the exception. Exception Handler Functions: 1. check that the exception location that occurred is the "sysenter" opcode. 2. Check which Zw** APIs are called (checked in the eax register) 3. load all the arguments recorded in Conte…

CSL Course - Cracking Software Legally (CSL) & CSP Course - Cracking Software Practicals (CSP) Instructor :- Paul Chin More info :- crackinglessons.com/learn CSL Course: Link :- https://drive.google.com/drive/folders/1hOOQvXmL8w5TrVG0kLyTI815ochuupJ4 or https://juarewa-my.sharepoint.com/:f:/g/personal/adriancjz_luvedme_xyz/Eot4GoQ-6b9AjINvldZ2da0BTlo-26S7QwcMUphGia9b1Q?e=bbIWoH CSP Course Part 1 Link :- https://drive.google.com/drive/folders/1OHrg5Vycfcxg1uRVjsEWLrCPSbfzk917 or https://mega.nz/folder/KwADgara#kA1zVAa8CjT_MuagmUb9Fw Part 2 Link :- https://drive.google.com/drive/fo…

The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested. http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html Have fun! -------------------------------------------- Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android s…

rtcMsgBox __vbaVarForNext __vbaLenVar __vbaLenVar ................... vb.rar

The official announcement has just been made: https://cloud.google.com/blog/topics/threat-intelligence/announcing-eleventh-annual-flare-on-challenge. Countdown: https://flare-on.com/ Surprised by the YARA and Veriflog entries. I wonder what they have in mind for those.

I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use Me…

Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29! I wonder if the medal shipments of last year will be in time before this next installment Who's joining this year?

The course is free until end of July 4, 2024. https://www.udemy.com/course/reversing-software-protection/?couponCode=JULY2_FREE Personally, I think Paul Chin courses are total crap, but apparently some people still want to watch them. So...

I have recently come up with a new anti-debug trick, which can be useful only if the "Break on new thread" option is set. The trick has been tried on OllyDbg v1.10 and Immunity Debugger v1.83 in WOW64 running on Windows 7. Actually, i am not sure if someone else has already found it. In any affected debugger, if CREATE_THREAD_DEBUG_EVENT is received and the "Break on new thread" option is set, the debugger places an int3 software breakpoint on the lpStartAddress. There is a narrow time window between setting the int3 software breakpoint and recovering the original byte and this is what we are going to exploit. N.B. The next few lines are only for demonstration. More com…

https://dzone.com/articles/windows-api-hooking-and-dll-injection

MALDEV1 (Malware Development 1: The Basics) Description Many malware analysts perform reverse engineering on malware without knowing the why’s. They only know the how’s. To fill that knowledge gap, I have created this course. You will learn first-hand from a Malware Developers’ perspective what windows API functions are commonly used in malware and finally understand why you need to trace them when reversing malware. Learning Methodology: Build programs that simulate Windows Trojans and Reverse Engineer them. This will make you a better Reverse Engineer and Malware Analyst and also Penetration Tester. The best way to understand malware is to b…

The Windows 2000 Device Driver Book - A Guide for Programmers - 2nd Edition.7z Ted.

https://hex-rays.com/blog/free-madame-de-maintenon-ctf-challenge/

This is the latest blog post on my security research blog on a simple method that you can use to find and analyze malware in the wild. https://hacked.codes/2023/introduction-hunting-malware-in-the-wild/ I have a few other posts on malware analysis, firmware extractions, etc. Working on some other cool articles, as well!

MALDEV2 (Malware Development 2: Advanced Injection and API Hooking) This course is about more advanced techniques in Malware Development. This course builds on what you have learned in Malware Development and Reverse Engineering 1: The Basics, by extending your development skills with: advanced function obfuscation by implementing customized API calls more advanced code injection techniques advanced DLL injection techniques understanding how reflective binaries work and building custom reflective DLLs hijacking and camouflaging trojan shellcodes inside legitimate running processes memory hooking to subvert the normal flow of a running pr…

Acquiring proficiency in programming languages such as C/C++ and Python is recommended as they are essential in reverse engineering. Familiarizing oneself with assembly language is crucial in understanding the inner workings of software and hardware. Reverse engineering involves disassembling programs, examining individual parts and software code, and analyzing their design and functionality. Disassemblers are powerful tools that can assist in this process. Practising with "crackmes," programs designed specifically for reverse engineering, is a great way to develop and hone reverse engineering skills. Starting with easy crackmes and referring to tutorial…

hi folks, got an issue while using rsatool2 v 1.7 for testing a 2048bit key. it starts well and when it goes about 30 minutes exits without any error and no result is getting back. can u advice some solutions ?

My name is Random and I have been in the reversing community for a long time. I have started a site offering what I hope to be a long list of tutorials on reverse engineering. I have been doing this quite a while and I really just felt like I owed it to all the people who helped me learn what I know to give something back. I know, I know, "Another site for cracking tutorials", ...great. But hey, I'm just trying to be more active in the community. Anyway, the site is http://www.TheLegendOfRandom.com/blog/ The first several tuts are done.

Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge

...and what that means for rogue patching. https://devblogs.microsoft.com/oldnewthing/20221006-07/?p=107257 Ted.

A Complete Research Paper: https://ieeexplore.ieee.org/document/9139515 I seriously wonder when this tool will get in the hands of public, its gonna be the doomsday for vmpsoft.

https://www.asd.gov.au/75th-anniversary/events/commemorative-coin-challenge#no-back Ted.

Language : C#. Protections: control flow/ string encry / vm Difficulty : 5/10 - idk Goal : Full unpack VirusTotal : https://www.virustotal.com/gui/file/2115c3b027f2c69dca837f976e74fa44932875ac68c0826c5010d55eb421f4b3 (8/66) UnpackMe-s.exe

Not to be outdone by Flare-On-8, Malwarebytes have released their own CrackMe challenge... https://blog.malwarebytes.com/threat-intelligence/2021/10/the-return-of-the-malwarebytes-crackme/ Ted, MBCrackme.zip