Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
346 topics in this forum
-
- 4 followers
- 103 replies
- 19.7k views
Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29! I wonder if the medal shipments of last year will be in time before this next installment Who's joining this year?
-
- 8 followers
- 70 replies
- 10.7k views
VMProtect started using Heaven's gate to make it difficult to bypass Usermode Anti-Debug. VMP uses ZwQueryInformationProcess (ProcessWow64Information) to check if the running process is wow64, and if the value is 0, it runs the sysenter opcode, judging that it is a 32bit operating system. An exception occurred when the wow64 process ran the "sysenter" opcode, and I installed VectorHandler to handle the exception. Exception Handler Functions: 1. check that the exception location that occurred is the "sysenter" opcode. 2. Check which Zw** APIs are called (checked in the eax register) 3. load all the arguments recorded in Conte…
-
HexRays CTF Challenge
by kao- 1 follower
- 12 replies
- 4.2k views
https://hex-rays.com/blog/free-madame-de-maintenon-ctf-challenge/
-
Simple method to finding malware in the wild
by notaghost- 0 replies
- 1.5k views
This is the latest blog post on my security research blog on a simple method that you can use to find and analyze malware in the wild. https://hacked.codes/2023/introduction-hunting-malware-in-the-wild/ I have a few other posts on malware analysis, firmware extractions, etc. Working on some other cool articles, as well!
-
- 1 follower
- 0 replies
- 3.8k views
Acquiring proficiency in programming languages such as C/C++ and Python is recommended as they are essential in reverse engineering. Familiarizing oneself with assembly language is crucial in understanding the inner workings of software and hardware. Reverse engineering involves disassembling programs, examining individual parts and software code, and analyzing their design and functionality. Disassemblers are powerful tools that can assist in this process. Practising with "crackmes," programs designed specifically for reverse engineering, is a great way to develop and hone reverse engineering skills. Starting with easy crackmes and referring to tutorial…
-
Revteam Reverse Engineering Collection
by markaz.jamal- 4 followers
- 17 replies
- 7.4k views
I will be adding more courses https://pan.huang1111.cn/s/v8XwSE Pass:revteam.re
-
- 1 follower
- 4 replies
- 3.2k views
hi folks, got an issue while using rsatool2 v 1.7 for testing a 2048bit key. it starts well and when it goes about 30 minutes exits without any error and no result is getting back. can u advice some solutions ?
-
The Import Address Table is Now Write-Protected...
by Teddy Rogers- 3 followers
- 3 replies
- 2.7k views
...and what that means for rogue patching. https://devblogs.microsoft.com/oldnewthing/20221006-07/?p=107257 Ted.
-
Can you crack the code on this 50-cent coin?
by Teddy Rogers- 1 follower
- 0 replies
- 2.8k views
https://www.asd.gov.au/75th-anniversary/events/commemorative-coin-challenge#no-back Ted.
-
- 9 followers
- 117 replies
- 27.9k views
Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge
-
- 0 replies
- 3.8k views
Language : C#. Protections: control flow/ string encry / vm Difficulty : 5/10 - idk Goal : Full unpack VirusTotal : https://www.virustotal.com/gui/file/2115c3b027f2c69dca837f976e74fa44932875ac68c0826c5010d55eb421f4b3 (8/66) UnpackMe-s.exe
-
- 1 follower
- 11 replies
- 10.8k views
MALDEV2 (Malware Development 2: Advanced Injection and API Hooking) This course is about more advanced techniques in Malware Development. This course builds on what you have learned in Malware Development and Reverse Engineering 1: The Basics, by extending your development skills with: advanced function obfuscation by implementing customized API calls more advanced code injection techniques advanced DLL injection techniques understanding how reflective binaries work and building custom reflective DLLs hijacking and camouflaging trojan shellcodes inside legitimate running processes memory hooking to subvert the normal flow of a running pr…
-
- 2 followers
- 1 reply
- 7.7k views
MALDEV1 (Malware Development 1: The Basics) Description Many malware analysts perform reverse engineering on malware without knowing the why’s. They only know the how’s. To fill that knowledge gap, I have created this course. You will learn first-hand from a Malware Developers’ perspective what windows API functions are commonly used in malware and finally understand why you need to trace them when reversing malware. Learning Methodology: Build programs that simulate Windows Trojans and Reverse Engineer them. This will make you a better Reverse Engineer and Malware Analyst and also Penetration Tester. The best way to understand malware is to b…
-
CSL Course - Cracking Software Legally (CSL) & CSP Course - Cracking Software Practicals (CSP)
by usarmy- 4 followers
- 7 replies
- 12.6k views
CSL Course - Cracking Software Legally (CSL) & CSP Course - Cracking Software Practicals (CSP) Instructor :- Paul Chin More info :- crackinglessons.com/learn CSL Course: Link :- https://drive.google.com/drive/folders/1hOOQvXmL8w5TrVG0kLyTI815ochuupJ4 or https://juarewa-my.sharepoint.com/:f:/g/personal/adriancjz_luvedme_xyz/Eot4GoQ-6b9AjINvldZ2da0BTlo-26S7QwcMUphGia9b1Q?e=bbIWoH CSP Course Part 1 Link :- https://drive.google.com/drive/folders/1OHrg5Vycfcxg1uRVjsEWLrCPSbfzk917 or https://mega.nz/folder/KwADgara#kA1zVAa8CjT_MuagmUb9Fw Part 2 Link :- https://drive.google.com/drive/fo…
-
Malwarebytes CrackMe (Capture-The-Flag)
by Teddy Rogers- 1 follower
- 1 reply
- 5.3k views
Not to be outdone by Flare-On-8, Malwarebytes have released their own CrackMe challenge... https://blog.malwarebytes.com/threat-intelligence/2021/10/the-return-of-the-malwarebytes-crackme/ Ted, MBCrackme.zip
-
V2m 1.0 problem fix with IDA Pro
by r0ger- 1 follower
- 1 reply
- 5.1k views
Yeah, today i've discovered it when most of tPORt releases, even with v2m's in it (with libv2 1.0 mostly), don't work on Vista and higher, so if u wanna test these releases/having some experience with them but ur just lazy too open them up in XP (or simply you don't have it), here's how i did it : I firstly opened one of tPORt's releases with v2m in it i have in my collection with IDA pro , then i've analyzed the whole EXE file . The v2m initialization must start with DirectSoundCreate function most of it , from which it was called from this : sub_406E82 proc near ; CODE XREF: sub_403DEA+38^p PS_____:00406E82 PS_____:00406E82 var_9C = d…
-
- 2 followers
- 7 replies
- 9.7k views
A Complete Research Paper: https://ieeexplore.ieee.org/document/9139515 I seriously wonder when this tool will get in the hands of public, its gonna be the doomsday for vmpsoft.
-
- 1 follower
- 0 replies
- 5.3k views
A Complete Research Paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9312198 Summary of anti-VM and anti-DBI techniques used in commercial protectors. It is a great read, also it'd be awesome to see the techniques mentioned in this paper in action video by the fellow reversers
-
- 16 followers
- 178 replies
- 60.8k views
Get ready! Source: http://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
-
- 1 reply
- 5k views
https://www.blackhat.com/us-21/briefings/schedule/index.html#greybox-program-synthesis-a-new-approach-to-attack-dataflow-obfuscation-22930 code: https://github.com/quarkslab/qsynthesis documentation: https://quarkslab.github.io/qsynthesis/ demo: https://www.youtube.com/watch?v=AwZs56YajJw slides: https://i.blackhat.com/USA21/Wednesday-Handouts/US-21-David-Greybox-Program-Synthesis.pdf whitepaper: https://i.blackhat.com/USA21/Wednesday-Handouts/US-21-David-Greybox-Program-Synthesis.pdf
-
- 5 followers
- 8 replies
- 10.2k views
A Complete Article - https://back.engineering/17/05/2021/ Download Link - https://githacks.org/vmp2 Author - https://githacks.org/_xeroxz Spoiler
-
- 1 follower
- 2 replies
- 6.4k views
Hi, I want to start a thread to collect root-cause-analysis of vulnerabilities. I am aiming for detailed writeups of real vulnerabilities in real software, preferably in native code. This first post is going to be a bit of a mess, and I will include a bunch of interesting posts that are not technically root-cause-analysis, but I will be more clean in the future. Of course everyone is invited to join in. First a few famous blogarchives full of good content: A whole BUNCH of rootcause analysis by google project zero: https://googleprojectzero.github.io/0days-in-the-wild/rca.html same for ssd-disclosure https://ssd-di…
-
Learn to devirtualize x86 code
by Munroc- 1 follower
- 4 replies
- 8.5k views
Hello everybody, this is my first post in this forum... I have been trying to learn devirtualization for protectors like VMProtect or Themida. But I coudn't find much information. I was hoping someone here can point me to the right direction, recommend me any book or literature. Thanks in advance.
-
Analysis of changes in .Net Reactor 6
by Kingmaker_oo7- 3 followers
- 2 replies
- 7.2k views
Necrobit To mess up the old de4dot implementation, the .Net reactor changed the P / Invoke methods, but for the unpack, you can use the SMD from Code Cracker, which will do an excellent job of this. Control Flow To break de4dot.blocks, ezriz added a number of instructions to the flow cases, which de4dot cannot process, it's easy to fix it, just repeat after me) Spoiler We are looking for a problematic instruction Go to IL Nop call and change brfalse to br.s As you can see, the cocoa is gone)) The whole thing can be automated with my favorite dnlib …
-
Eziriz .NET Reactor 6.3 ( Request for Decompile Tools on it? )
by SkieHackerYT- 2 followers
- 0 replies
- 7k views
Does anyone knows how to decompile an Eziriz .NET Reactor ( Using Tools )