reverse engineering

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

Published December 10, 2013 |

Introduction Last weekend I had some time so I wanted to have a look at a reversing challenge which you can find here: https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity Reverse Engineering 101 Contest Steps Get the exe to be hacked Break it open and start exploring. The only rule for the challenge is that it has to be solved by […]

Posted in Malware and Reversing | Tagged C#, challenge, corelan, corelan-be-facebook, corelan-coder, corelancoder, crack, dbi, dynamic binary instrumentation, elearnsecurity, elearnsecurity-reverse-engineering, hexedit, ida pro, immunity, m0n0sapiens, patching, Peter Van Eeckhoutte, pin, reverse engineering, reversing

BlackHatEU2013 – Day2 – DropSmack: How cloud synchronization services render your corporate firewall worthless

Published March 15, 2013 |

By Peter Van Eeckhoutte (corelanc0d3r)

Jake Williams (@malwareJake) from CSR Group has more than a decade of experience with systems engineering, network defines, malware reverse engineering, penetration testing and forensics. He spent some good time looking at Cloud synchronization services and is presenting some findings in this talks. First of all, think of Dropbox (or any similar tools) as a […]

Posted in Cons and Seminars | Tagged 2013, blackhat, blackhat europe, blackhat-2013-dropbox, C2, cloud, command and control, core-lan, corelan, dropbox, dropbox-jake-williams, dropsmack, dropsmack-application, exfiltrate, jacob-williams-dropsmack, jake williams, malware, reverse engineering, storage, synchronization

HITB2012AMS Day 2 – Taint Analysis

Published May 25, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

Automatically Searching for Vulnerabilities: How to use Taint Analysis to find Security Flaws (by Alex Bazhanyuk (not present) and Nikita Tarakanov, Reverse Engineers, CISS) Nikita explains they have been working on reversing binaries and auditing source code for a long time. Alex currently works on the BitBlaze work, and moved to the US to […]

Posted in Cons and Seminars | Tagged alex bazhanyuk, bitblaze, bitblaze-ida-pro, dangerousfunctions-ida, fuzzing, hooking, ida pro, ida-plugin-taint, kernel, nikita tarakanov, qemu, reverse engineering, sasv-taint-analysis, taint analysis, tainted-path-analyse-security, temu, tracing, vine, vulnerability, www-corelan-be

Reversing 101 – Solving a protection scheme

Published May 14, 2012 |

By Corelan Team (fancy)

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading →

Posted in Malware and Reversing | Tagged active-directory-schema-update-log, app17win-zip, breakpoint, challenge, corelan, corelan-be, corelan-be-ollydbg, corelen-be, crack, ctf, hackthissite, HTS, immunity debugger, keygen, ollydbg-tutorial-command-alt-f9, password, reverse engineering, reversing, reversing-challenge-2012, wargame

Many roads to IAT

Published December 1, 2011 |

By Dinos

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.

I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading →

Posted in Malware and Reversing | Tagged corelan, iat, ida, immunity, import address directory, import address table, impre, lordpe, monaida-plugin, ollydbg, python, rebuild iat, reconstruct, resetsearchinindex-ps1, restore, reverse, reverse engineering, reversing, view names, windbg

Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained

Published March 14, 2011 |

By Corelan Team (fancy)

Aloha,

Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF.
And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video.
Continue reading →

Posted in 001_Security, Malware and Reversing, Video | Tagged anti, anti debugging, binary, binary200, bpexp, breakpoint, codegate, corelan, ctf, debugger, fancy, int 2d, ntglobalflags, ntqueryinformationprocess, peb, reverse engineering, reversing, seh, seoul, tls callback

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

HITB2012AMS Day 2 – Taint Analysis

Reversing 101 – Solving a protection scheme

Many roads to IAT

Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!