Reverse Engineering Articles

https://www.reverzor.com/ Universal Cloud Decompiler The first cloud based tool that decompiles almost everything! Decompile files on the fly, from everywhere, and on every device. PHP Encoded Reverzor can decompile most PHP encoded files. Examples are ionCube, Zend Guard, bCompiler bz2, TrueBug, Nu-Coder, MMCache, eAccelerator and more! .NET Binaries Reverzor can decompile all the latest C# and VB compiled related files, including EXE and DLLs. You are able to recover the full SLN project file for Visual Studio. Android APK Reverzor can decompile up to the latest Android apps, recovering almost all compiled binaries in to source files. Inc…

By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration testers, sysadmins, and developers, but it doesn't have to be. In this blog I'll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system. I'm sure there are many techniques that I've missed (or simply don't know about), but hopefully this cheat sheet will offer a good start for those who need it. What is the PowerShell Execution Policy? The PowerShell execution policy is the setting that determines which type of PowerShell scripts (if any) can be run on the system. By de…

Last year was fun! Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html Challenge site: http://www.flare-on.com/

FULL CONTENT HERE and CHALLENGES HERE . From the authors webpage :

Full article HERE. The Windows Subsystem for Linux can invoke native Windows binaries and be invoked from a Windows command line. This feature is available to Windows 10 users running Anniversary Update build 14951. This new interoperability functionality delivers a seamless experience between Windows and WSL. Technical details on how this interoperability works can be found on the WSL blog. Important note (from MSDN Site) This is the first release of Bash on Windows and it is branded "beta" deliberately - it's not yet complete! You should expect many things to work and for some things to fail! We greatly appreciate you using Bash on Windows and helping u…

Hacking Android Apps Using Backup Techniques http://resources.infosecinstitute.com/android-hacking-security-part-15-hacking-android-apps-using-backup-techniques/ Cracking Android App Binaries http://resources.infosecinstitute.com/android-hacking-security-part-17-cracking-android-app-binaries/ Android Application hacking with Insecure Bank Part 4 http://resources.infosecinstitute.com/android-application-hacking-with-insecure-bank-part-4/ Android Application hacking with Insecure Bank – Part 3 http://resources.infosecinstitute.com/android-application-hacking-w…

Deadpool is a repository of various public white-box cryptographic implementations and their practical attacks. MAIN LINK : DETAILS : Attacks Differential Computation Analysis Differential Fault Analysis White-box implementations Wyseur 2007 challenge A Linux binary implementing a DES. Hack.lu 2009 challenge A Windows binary implementing an AES 128. Karroumi 2010 challenge A Linux binary implementing an AES 128. SSTIC 2012 challenge A Python serialized object implementing a DES. NoSuchCon 2013 challenge A Windows binary implementing an AES 128 with uncompensated external encodin…

I just noticed that our "BND" (Bundesnachrichtendienst), equal to the NSA searches for some qualified Reverse Engineers and uploaded 3 Challenges to RE that are required to apply for the job. I haven't done them so far, but the first one is .NET and looks super easy. If you want to give it a try here is the article: http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/Reversing_Challenge_node.html And here is the direct downloadlink for the Challenges: http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/ZIP_Challenge.zip?__blob=publicationFile&v=2 Have fun :3

Downlaod link

Official site: http://labyrenth.com/ Announcement: http://researchcenter.paloaltonetworks.com/2016/06/unit-42-countdown-to-labyrenth-capture-the-flag-ctf-challenge/

Getting Started with WinDBG - Part 1 http://blog.opensecurityresearch.com/2013/12/getting-started-with-windbg-part-1.html Ted.

Hello everyone, This challenge was written by naquadria in at4re forum: There is a file main.c contains this code: #include <windows.h> int iWinMain() { MessageBoxW(NULL, "PoC", "Hello!", MB_ICONINFORMATION); return 0; } 1- Is there a mistake in the code ? 2- Is it possible to build it ? Try to answer without testing it. One more thing... PM me your answer so others can have fun too, I'll post the answer after 3 days

X86 Shellcode Obfuscation https://breakdev.org/x86-shellcode-obfuscation-part-1/ https://breakdev.org/x86-shellcode-obfuscation-part-2/ Ted.

Reversing a 16-bit NE File Part 1: Clumsy and Unprepared Link: http://uncomputable.blogspot.ro/2014/09/reversing-16-bit-ne-file-part-1-clumsy.html

I Am Different: On all Operating system (Ms Win, MAC, Android, Unix ... etc) , every machine , every app , every path , Some Messages , In debugger , in Packer, Protector regrettably some talked about me but did not described who really i am If u know something about me, please leave a link or write something describe who really I Am. Regards, Amer

Following link Android App Hacking can be a very good article on android shared lib reverse engineering and patching. Thanks.

I have .NET assembly packed with StarForce 5.91.1512.010. Here is some obfuscated code: [System.Diagnostics.DebuggerStepThrough, AsyncStateMachine(typeof(Form1.<metroButton9_Click>d__15))] private void metroButton9_Click(object sender, System.EventArgs e) { Form1.<metroButton9_Click>d__15 <metroButton9_Click>d__ = new Form1.<metroButton9_Click>d__15(); <metroButton9_Click>d__.<>4__this = this; <metroButton9_Click>d__.sender = sender; <metroButton9_Click>d__.e = e; <metroButton9_Click>d__.<>t__builder = AsyncVoidMethodBuilder.Create(); <metroButton9_Click>d__.<>1__state = -1; AsyncVoidMethod…

2015 has been a very active year for volcanoes. It's a very active year for ascii art volcanos too \/\/\//<---------------- Peak of Eruption \ / \_/<------------------ Base of Eruption / \<------------------ Peak of volcano / \ / \ / \ /_________\<-------------- Base of Volcano CHALLENGE: Create a code (via function, stdin, etc) that accepts 2 inputs Input1 = Distance in lines between base and peak of volcano Input2 = Distance in lines between base and peak of eruption Based on these inputs, program should output to the console (s…

Any one used this script to Deobfuscate VMPROTECT https://github.com/jnraber/VirtualDeobfuscator

Hello Community,I have recently opened up a site where I post "lessons" about assembly and reverse engineering. The main purpose of the site is to help people interested in assembly and reverse engineer get started and learn the fundamentals. I have seen a lot of assembly/RE tutorials and none of them try to make it simple and easily understandable. In my website, that is what i also really focus on. I want the readers to learn but not make it to hard on them.I think reverse engineering is a great skill, as you can use to to debug your own programs or even use it to exploit programs (make hacks,keys,etc..)If you guys are interested, the site is completely free and easy to…

Help me determine the obfuscator, please!

In case you missed it the SHA-3 standard has been finalised... http://csrc.nist.gov/news_events/#aug5 http://keccak.noekeon.org/fips202final.html Ted.

Hello all, I have ever had experience to crack windows application by ollydbg 10 year ago. Today, I want to come back but almost application is based .NET and protected. I have an application needed to deobfuscated. Anyone can help me to identify obfuscator and dump source code? This is link to download app: http://www.mediafire.com/download/na5kkg407qeee8j/AMC+MAIL+SDT.rar Thanks.