Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
346 topics in this forum
-
Following the good old tradition, this thread will be dedicated to the annual Flare-On challenge. Who's going to participate this year?
-
- 16 followers
- 178 replies
- 60.9k views
Get ready! Source: http://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
-
- 9 followers
- 117 replies
- 28.1k views
Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge
-
- 4 followers
- 103 replies
- 21.9k views
Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29! I wonder if the medal shipments of last year will be in time before this next installment Who's joining this year?
-
Flare-On 7 1 2 3 4
by kao- 8 followers
- 95 replies
- 67.2k views
Get your tools ready!
-
- 92 replies
- 31.5k views
Last year was fun! Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html Challenge site: http://www.flare-on.com/
-
LabyREnth Capture the Flag (CTF) Challenge - 2017 1 2 3 4
by crystalboy- 92 replies
- 35.2k views
Official site: http://labyrenth.com/Announcement: https://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/
-
- 8 followers
- 70 replies
- 10.8k views
VMProtect started using Heaven's gate to make it difficult to bypass Usermode Anti-Debug. VMP uses ZwQueryInformationProcess (ProcessWow64Information) to check if the running process is wow64, and if the value is 0, it runs the sysenter opcode, judging that it is a 32bit operating system. An exception occurred when the wow64 process ran the "sysenter" opcode, and I installed VectorHandler to handle the exception. Exception Handler Functions: 1. check that the exception location that occurred is the "sysenter" opcode. 2. Check which Zw** APIs are called (checked in the eax register) 3. load all the arguments recorded in Conte…
-
- 59 replies
- 23.5k views
Official site: http://labyrenth.com/ Announcement: http://researchcenter.paloaltonetworks.com/2016/06/unit-42-countdown-to-labyrenth-capture-the-flag-ctf-challenge/
-
Site for reverse engineering tutorials 1 2
by R4ndom- 35 replies
- 34.3k views
My name is Random and I have been in the reversing community for a long time. I have started a site offering what I hope to be a long list of tutorials on reverse engineering. I have been doing this quite a while and I really just felt like I owed it to all the people who helped me learn what I know to give something back. I know, I know, "Another site for cracking tutorials", ...great. But hey, I'm just trying to be more active in the community. Anyway, the site is http://www.TheLegendOfRandom.com/blog/ The first several tuts are done.
-
Video tutorial - how make skins for dUP2. 1 2
by Diver- 1 follower
- 32 replies
- 26.8k views
A large lesson on creating skins for the dUP2 Manufacture of skins for the dUP2, starting with Photoshop - finishing with dUP2. Parts: Part 1 - Photoshop. Steps: Change the main window Create buttons Create mask for RGNerator Create index of Main Window Create a window "About" Part 2 - RGNerator. Part 3 - ResHacker. Part 4 - DUP2. ==================================== Tools: 1 Photoshop. 2 RGNerator. 3 ResHacker. 4 dUP 2.21. ==================================== ==================================== Info: Format: SWF Time: 42 min. Size: 52 mb. Download Video-tut Tools - contains Adobe Photo…
-
Long List Of UnPackMe Formats... 1 2
by Teddy Rogers- 30 replies
- 24k views
I've added some new PE32 unpackme formats to Tuts 4 You. Rather than create a topic for each format I'll just give the list here: AlexProtector 1.0 Beta 2, Anskya Polymorphic Packer 1.3, AZProtect 0001, ExeFog 1.1, Hmimys Packer 1.0, JDPack 1.01 (Repacked), JDPack 2.00, JeyJey UPX Protector, Kkrunchy 0.23, Password Protect UPX 0.30, PeStubOEP 1.6, PolyCrypt PE 2.00, RLPack 1.0, Simple Pack 1.0, Simple Pack 1.11, Simple Pack 1.2, softSENTRY 3.00, Software Compress LITE 1.4, UnOpix 1.10, UPXScramb 2.2, VMProtect 1.1, VMProtect 1.2, VMProtect 1.21, VMProtect 1.22, VMProtect 1.24 There are more planned when I get the time, such as; Armadillo, ASProtect, Themida, Enigma, Mol…
-
Flare On 5 1 2
by kao- 29 replies
- 16k views
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges coveri…
-
- 4 followers
- 23 replies
- 23.6k views
I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use Me…
-
.Net Manual Deobfuscating
by gholam.illidan- 2 followers
- 19 replies
- 17.1k views
is there any tut or e-book for .net manual unpacking and deobfuscating? (google == nothing) and some e-book on .net DataStructure. my .net cracking skill is verywell but im sucks in deobfuscating. tnx
-
Learn Assembly And The Art Of Reverse Engineering
by Assembly101- 17 replies
- 15.4k views
Hello Community,I have recently opened up a site where I post "lessons" about assembly and reverse engineering. The main purpose of the site is to help people interested in assembly and reverse engineer get started and learn the fundamentals. I have seen a lot of assembly/RE tutorials and none of them try to make it simple and easily understandable. In my website, that is what i also really focus on. I want the readers to learn but not make it to hard on them.I think reverse engineering is a great skill, as you can use to to debug your own programs or even use it to exploit programs (make hacks,keys,etc..)If you guys are interested, the site is completely free and easy to…
-
Reversing: Secrets Of Reverse Engineering
by Teddy Rogers- 17 replies
- 10k views
Contents: http://rapidshare.com/files/48570545/john_...engineering.zip Ted.
-
- 17 replies
- 7.8k views
I just noticed that our "BND" (Bundesnachrichtendienst), equal to the NSA searches for some qualified Reverse Engineers and uploaded 3 Challenges to RE that are required to apply for the job. I haven't done them so far, but the first one is .NET and looks super easy. If you want to give it a try here is the article: http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/Reversing_Challenge_node.html And here is the direct downloadlink for the Challenges: http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/ZIP_Challenge.zip?__blob=publicationFile&v=2 Have fun :3
-
Revteam Reverse Engineering Collection
by markaz.jamal- 4 followers
- 17 replies
- 7.6k views
I will be adding more courses https://pan.huang1111.cn/s/v8XwSE Pass:revteam.re
-
VB API consult
by by:70- 17 replies
- 16.6k views
rtcMsgBox __vbaVarForNext __vbaLenVar __vbaLenVar ................... vb.rar
-
How Not To Get Hacked
by Guest kartook- 14 replies
- 5.9k views
1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple. 2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it. 3. Get Adaware SE and immediately update it. (Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill) 4. Update your anti virus 5. Boot into safe mode and run all three scans 6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify th…
-
movfuscator
by Loki- 13 replies
- 13.8k views
Following the publication of a paper which proves that using 'mov' is turing complete (http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf) someone has written a mov only compiler.
-
AnonW0rmer tracked down by iPhone EXIF picture...
by Teddy Rogers- 13 replies
- 10.5k views
Good forensic/detective work by the FBI from photographs taken with Apple's iPhone and EXIF... http://www.voiceofgr...cker-after.html Ted.
-
ARTeam: Primer on Reverse Engineering Symbian 3rd Applications v10
by Shub-Nigurrath- 12 replies
- 13.1k views
Hi all this time argv is releasing an interesting huge primer on reversing symbian s60 3rd edition applications. This was something missing from the collection of our tutorials, which I am proud to announce! The tutorial is quite huge (41Mb archive). It includes reversing of 15 applications, plus the original SIS files (so you can train yourself) and two hacking methods you can use to hack your phone. Hacking your phone means hack the system so as applications are allowed to access protected system folders, this was one of the protections added to s60 3rd symbian). Reversers need to hack their phones to ease the reversing process, users of patched apps do not need this st…
-
HexRays CTF Challenge
by kao- 1 follower
- 12 replies
- 4.2k views
https://hex-rays.com/blog/free-madame-de-maintenon-ctf-challenge/