reversing

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

Published December 10, 2013 |

Introduction Last weekend I had some time so I wanted to have a look at a reversing challenge which you can find here: https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity Reverse Engineering 101 Contest Steps Get the exe to be hacked Break it open and start exploring. The only rule for the challenge is that it has to be solved by […]

Posted in Malware and Reversing | Tagged C#, challenge, corelan, corelan-be-facebook, corelan-coder, corelancoder, crack, dbi, dynamic binary instrumentation, elearnsecurity, elearnsecurity-reverse-engineering, hexedit, ida pro, immunity, m0n0sapiens, patching, Peter Van Eeckhoutte, pin, reverse engineering, reversing

Reversing 101 – Solving a protection scheme

Published May 14, 2012 |

By Corelan Team (fancy)

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading →

Posted in Malware and Reversing | Tagged active-directory-schema-update-log, app17win-zip, breakpoint, challenge, corelan, corelan-be, corelan-be-ollydbg, corelen-be, crack, ctf, hackthissite, HTS, immunity debugger, keygen, ollydbg-tutorial-command-alt-f9, password, reverse engineering, reversing, reversing-challenge-2012, wargame

Many roads to IAT

Published December 1, 2011 |

By Dinos

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.

I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading →

Posted in Malware and Reversing | Tagged corelan, iat, ida, immunity, import address directory, import address table, impre, lordpe, monaida-plugin, ollydbg, python, rebuild iat, reconstruct, resetsearchinindex-ps1, restore, reverse, reverse engineering, reversing, view names, windbg

Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained

Published March 14, 2011 |

By Corelan Team (fancy)

Aloha,

Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF.
And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video.
Continue reading →

Posted in 001_Security, Malware and Reversing, Video | Tagged anti, anti debugging, binary, binary200, bpexp, breakpoint, codegate, corelan, ctf, debugger, fancy, int 2d, ntglobalflags, ntqueryinformationprocess, peb, reverse engineering, reversing, seh, seoul, tls callback

Anti-debugging tricks revealed – Defcon CTF Qualifications 2009: Bin300 Analysis

Published February 27, 2011 |

By Corelan Team (fancy)

A while ago I stumbled upon an awesome write-up of a very nice CTF challenge created by sapheads: http://hackerschool.org/DefconCTF/17/B300.html I love cartoons, and I love reversing, so I decided to play a little bit with that binary (b300.exe) which was a lot of fun. Because some interesting anti-debugging tricks were implemented into the binary…
Continue reading →

Posted in 001_Security, Malware and Reversing, Video | Tagged a-new-anti-debug-trick-2011, analysis, anti debugging, anti-anti-debugging-tricks, anti-debug-tools-2011, anti-debug-tricks, b300.exe, binary, corelan, ctf, defcon, fancy, immunity-debugger-antidebug, index-of-tools-defcon, infosec-corelan, mona-py-defcon-movie, new-anti-debugging-trick-2011, offsec-defcon-videos, reversing, writing-debugger-ctf

The Honeypot Incident – How strong is your UF (Reversing FU)

Published January 31, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading →

Posted in 001_Security, Exploits, Malware and Reversing | Tagged analysis, anti, challenge, compromise, conficker, corelan, debugger, debugging, engineer, game, honeypot, how strong is you uf, iat, isdebuggerpresent, malware, ms08-067, netapi, peb, reverse, reversing, svchost.ee, worm

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

Reversing 101 – Solving a protection scheme

Many roads to IAT

Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained

Anti-debugging tricks revealed – Defcon CTF Qualifications 2009: Bin300 Analysis

The Honeypot Incident – How strong is your UF (Reversing FU)

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!