Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
347 topics in this forum
-
Obfuscating Operations using Linear Algebra
by DefCon42- 1 reply
- 6.1k views
Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using n…
-
slugsnacks reversing series by c0lo
by CodeExplorer- 0 replies
- 7.7k views
slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/
-
Anti Debugging Protection Techniques With Examples
by CodeExplorer- 1 follower
- 2 replies
- 7k views
Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
-
About Themida
by RYDB3RG- 1 follower
- 11 replies
- 14.6k views
Lets assume we have this code: test_proc proc VM_EAGLE_BLACK_START add rax, rcx add rax, rdx add rax, rsi add rax, rdi ret VM_EAGLE_BLACK_END test_proc endp So we have a single basicblock with multiple inputs: RAX, RCX, RDX, RSI, RDI and a single output: RAX. The protected version of that has about 10.000.000 instructions (Themida 2.4.6.0 demo). Lets run it through Unicorn and connect instructions via their sideeffects. While we are at it, lets assume we have an unlimited number of registers so we can remove memory indirections and connect instructions directly. Out of the initial 10mio instructions, how many contribute directly or ind…
-
- 0 replies
- 5.1k views
Reversing ALPC: Where are your windows bugs and sandbox escapes - https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
-
Reverse-Engineering WebAssembly binaries
by evilcry- 5 replies
- 9k views
Reverse-Engineering WebAssembly binaries: https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Best Regards, Evilcry
-
Flare On 5 1 2
by kao- 29 replies
- 16.3k views
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges coveri…
-
The "rebirth" of crackmes.de -> crackmes.one
by evilcry- 1 reply
- 5.7k views
Here you go: https://crackmes.one/ BR, Evilcry
-
- 0 replies
- 8.2k views
Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks : Link to Full Article
-
Exploiting CVE-2018-1038 - Total Meltdown
by Techlord- 0 replies
- 5.3k views
Full Article here: An excerpt from the post:
-
- 6 replies
- 7.8k views
I just came across to this video on YouTube and thought it will not be a bad idea to share it with the community, and I don't know if this is new for some people or not but...
-
- 0 replies
- 4.6k views
https://kbdsmoke.me/obtaining-unexported-function-addresses-using-exceptions BR, Evilcry
-
- 0 replies
- 4.7k views
A malware explicitly designed to sabotage the computer systems of the Olympic opening ceremony, how infects,steal credentials, performs lateral movements to propagate across the network and destroy the victim machines. https://cyber.wtf/2018/03/28/dissecting-olympic-destroyer-a-walk-through BR, Evilcry
-
Writing a simple x86 emulator with IDAPython
by evilcry- 0 replies
- 5.1k views
Hi, this is a really nice blog-post about using IDAPython to write an x86 emulator in order to solve (obtain) statically a challenge. http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython
-
Finspy Vm: Statically unpacking
by crystalboy- 8 replies
- 12.3k views
There you can find awesome articles on how to face FinSpy VM: http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf Credits to Rolf Rolles and Filip Kafka
-
2.85 GB of programming tutorials
by rubendodge- 7 replies
- 9.4k views
These couple hundred of tutorials also contains mainly game programming aswell . http://www.moviex.info/forums/index.php?ac...t=0#entry649239 NOTE:This website requires you to register at it to download stuff from it so register and enjoy first of all all these tutorials and second of all this great site to dl movies and stuff from .
-
White Rabbit crackme!
by Teddy Rogers- 0 replies
- 5.8k views
White Rabbit crackme! https://hshrzd.wordpress.com/2018/02/03/white-rabbit-crackme/ Ted.
-
- 0 replies
- 12.3k views
Print("hii") from math import math * Dec("1024)
-
Reverse Engineering a Gameboy ROM with radare2
by Teddy Rogers- 1 reply
- 8.6k views
Reverse engineering a Gameboy ROM with radare2 https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/ Ted.
-
LinuxReversing&Links
by CodeExplorer- 0 replies
- 6k views
LinuxReversing&Links: LinuxReversing.txt: small tutorial about reversing command for linux. LinuxReversingLinks.txt Maybe someone will find them usefull. I am not a linux expert! LinuxReversing&Links.zip
-
Introducing New Packing Method: First Reflective PE Packer Amber
by Teddy Rogers- 1 reply
- 4.9k views
Introducing New Packing Method: First Reflective PE Packer Amber https://pentest.blog/introducing-new-packing-method-first-reflective-pe-packer/ Ted.
-
Fourth Annual Flare-On Challenge
by Loki- 0 replies
- 7k views
The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering (FLARE) team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. Dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. As always, this contest is designed for individuals, not teams, and there is only one track of challenges. The contest runs for six full weeks and ends on Oct. 13, 2017, at 8pm ET. This year’s contest is the la…
-
- 0 replies
- 5.5k views
interesting research showing methods used to develop jailbreaks and dump apple watch kernel https://speakerdeck.com/mbazaliy/jailbreaking-apple-watch code posted to decrypt/dump the OS that handles all the secure stuff in your iphone. very cool. http://www.iclarified.com/62025/hacker-decrypts-apples-secure-enclave-processor-sep-firmware code: https://github.com/xerub/img4lib massive contribution by xerub
-
LabyREnth Capture the Flag (CTF) Challenge - 2017 1 2 3 4
by crystalboy- 92 replies
- 35.7k views
Official site: http://labyrenth.com/Announcement: https://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/
-
movfuscator
by Loki- 13 replies
- 14.1k views
Following the publication of a paper which proves that using 'mov' is turing complete (http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf) someone has written a mov only compiler.
