Reverse Engineering Articles

350 topics in this forum

1. 

   Hancitor Packer Demystified...

   April 28, 2019 by Teddy Rogers

   • 2 replies
   • 6.4k views

   https://www.uperesia.com/hancitor-packer-demystified Ted.

   

   Last reply by Samz, June 29, 2019

   • 
2. 

   A Crash Course in Everything Cryptographic...

   April 26, 2019 by Teddy Rogers

   • 0 replies
   • 5.8k views

   https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482 Ted.

   

   Last reply by Teddy Rogers, April 26, 2019

   • 
3. 

   Reversing WannaCry w/ Ghidra

   April 13, 2019 by whoknows

   • 0 replies
   • 6.4k views

   https://youtu.be/Sv8yu12y5zM bonus - VSCodium - Binary releases of VS Code without MS branding/telemetry/licensing - hxxps://github.com/VSCodium/vscodium

   

   Last reply by whoknows, April 13, 2019

   • 
   • 
4. 

   Obfuscating Operations using Linear Algebra

   April 1, 2019 by DefCon42

   • 1 reply
   • 6.7k views

   Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using n…

   

   Last reply by XenocodeRCE, April 2, 2019

   • 
5. 

   slugsnacks reversing series by c0lo

   February 12, 2019 by CodeExplorer

   • 0 replies
   • 8.3k views

   slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/

   

   Last reply by CodeExplorer, February 12, 2019

   • 
6. 

   Anti Debugging Protection Techniques With Examples

   January 29, 2019 by CodeExplorer

   • 1 follower
   • 2 replies
   • 7.6k views

   Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software

   

   Last reply by deepzero, January 31, 2019

   • 
7. 

   About Themida

   December 21, 2018 by RYDB3RG

   • 1 follower
   • 11 replies
   • 15.8k views

   Lets assume we have this code: test_proc proc VM_EAGLE_BLACK_START add rax, rcx add rax, rdx add rax, rsi add rax, rdi ret VM_EAGLE_BLACK_END test_proc endp So we have a single basicblock with multiple inputs: RAX, RCX, RDX, RSI, RDI and a single output: RAX. The protected version of that has about 10.000.000 instructions (Themida 2.4.6.0 demo). Lets run it through Unicorn and connect instructions via their sideeffects. While we are at it, lets assume we have an unlimited number of registers so we can remove memory indirections and connect instructions directly. Out of the initial 10mio instructions, how many contribute directly or ind…

   

   Last reply by RYDB3RG, December 27, 2018

   • 
   • 
8. 

   Reversing ALPC: Where to find your windows bugs and sandbox escapes

   November 1, 2018 by evilcry

   • 0 replies
   • 5.6k views

   Reversing ALPC: Where are your windows bugs and sandbox escapes - https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html

   

   Last reply by evilcry, November 1, 2018
9. 

   Reverse-Engineering WebAssembly binaries

   July 2, 2018 by evilcry

   • 5 replies
   • 9.7k views

   Reverse-Engineering WebAssembly binaries: https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Best Regards, Evilcry

   

   Last reply by CyberBullets, October 15, 2018

   • 
   • 
10. 

    Flare On 5 1 2

    August 15, 2018 by kao

    • 29 replies
    • 17.8k views

    The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges coveri…

    

    Last reply by Extreme Coders, October 2, 2018

    • 
11. 

    The "rebirth" of crackmes.de -> crackmes.one

    March 27, 2018 by evilcry

    • 1 reply
    • 6.3k views

    Here you go: https://crackmes.one/ BR, Evilcry

    

    Last reply by ala_borbe, August 18, 2018

    • 
    • 
12. 

    Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks

    April 25, 2018 by Techlord

    • 0 replies
    • 8.6k views

    Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks : Link to Full Article

    

    Last reply by Techlord, April 25, 2018
13. 

    Exploiting CVE-2018-1038 - Total Meltdown

    April 23, 2018 by Techlord

    • 0 replies
    • 5.9k views

    Full Article here: An excerpt from the post:

    

    Last reply by Techlord, April 23, 2018
14. 

    Themida x64 architecture decision vulnerability exploit to unpack protected targets

    February 1, 2018 by loggedout

    • 6 replies
    • 8.4k views

    I just came across to this video on YouTube and thought it will not be a bad idea to share it with the community, and I don't know if this is new for some people or not but...

    

    Last reply by jameswoods, April 9, 2018

    • 
15. 

    Obtaining unexported function addresses using exceptions

    April 8, 2018 by evilcry

    • 0 replies
    • 5k views

    https://kbdsmoke.me/obtaining-unexported-function-addresses-using-exceptions BR, Evilcry

    

    Last reply by evilcry, April 8, 2018

    • 
16. 

    Dissecting Olympic Destroyer – a walk-through

    March 29, 2018 by evilcry

    • 0 replies
    • 5.3k views

    A malware explicitly designed to sabotage the computer systems of the Olympic opening ceremony, how infects,steal credentials, performs lateral movements to propagate across the network and destroy the victim machines. https://cyber.wtf/2018/03/28/dissecting-olympic-destroyer-a-walk-through BR, Evilcry

    

    Last reply by evilcry, March 29, 2018
17. 

    Writing a simple x86 emulator with IDAPython

    March 23, 2018 by evilcry

    • 0 replies
    • 5.5k views

    Hi, this is a really nice blog-post about using IDAPython to write an x86 emulator in order to solve (obtain) statically a challenge. http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython

    

    Last reply by evilcry, March 23, 2018
18. 

    Finspy Vm: Statically unpacking

    January 24, 2018 by crystalboy

    • 8 replies
    • 14.6k views

    There you can find awesome articles on how to face FinSpy VM: http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf Credits to Rolf Rolles and Filip Kafka

    

    Last reply by evilcry, March 23, 2018

    • 
19. 

    2.85 GB of programming tutorials

    May 29, 2008 by rubendodge

    • 7 replies
    • 9.9k views

    These couple hundred of tutorials also contains mainly game programming aswell . http://www.moviex.info/forums/index.php?ac...t=0#entry649239 NOTE:This website requires you to register at it to download stuff from it so register and enjoy first of all all these tutorials and second of all this great site to dl movies and stuff from .

    

    Last reply by honeygame, February 20, 2018
20. 

    White Rabbit crackme!

    February 3, 2018 by Teddy Rogers

    • 0 replies
    • 6.3k views

    White Rabbit crackme! https://hshrzd.wordpress.com/2018/02/03/white-rabbit-crackme/ Ted.

    

    Last reply by Teddy Rogers, February 3, 2018

    • 
21. 

    Simple python puzzle what is my mistake just figure out

    December 28, 2017 by AGSKY

    • 0 replies
    • 12.7k views

    Print("hii") from math import math * Dec("1024)

    

    Last reply by AGSKY, December 28, 2017
22. 

    Reverse Engineering a Gameboy ROM with radare2

    October 10, 2017 by Teddy Rogers

    • 1 reply
    • 9.1k views

    Reverse engineering a Gameboy ROM with radare2 https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/ Ted.

    

    Last reply by devereux, November 23, 2017

    • 
23. 

    LinuxReversing&Links

    October 27, 2017 by CodeExplorer

    • 0 replies
    • 6.6k views

    LinuxReversing&Links: LinuxReversing.txt: small tutorial about reversing command for linux. LinuxReversingLinks.txt Maybe someone will find them usefull. I am not a linux expert! LinuxReversing&Links.zip

    

    Last reply by CodeExplorer, October 27, 2017

    • 
24. 

    Introducing New Packing Method: First Reflective PE Packer Amber

    October 25, 2017 by Teddy Rogers

    • 1 reply
    • 5.5k views

    Introducing New Packing Method: First Reflective PE Packer Amber https://pentest.blog/introducing-new-packing-method-first-reflective-pe-packer/ Ted.

    

    Last reply by kao, October 25, 2017

    • 
25. 

    Flare-On 4 1 2 3

    September 8, 2017 by rand0m

    • 62 replies
    • 22.2k views

    So how is everyone going with it

    

    Last reply by Rurik, October 19, 2017

    • 
    •