Unpacking NanoCore Sample Using AutoIT

May 5, 2019

In this article I want to take a look at a Nanocore sample that I found on HybridAnalysis that is using a compiled AutoIT script as a packing technique. This article will go over how to detect if a sample is using AutoIT and how to analyze it. The hash for this sample is ad9f99ad687a8ae71a40fd589b028ef6194e35c7....

Reverse Engineering, Malware Analysis, Malware, Unpacking, Scripting, Automation, DotNET, DnSpy, AutoIT

Flare-On 5: FLEGGO Write-up

Dec. 4, 2018

This is my second article on the Flare-On 5 CTF. This article will focus on the third challenge in the series, FLEGGO. If you haven’t read my other article detailing the first two challenges you can find it here. Unzipping FLEGGO presents us with 49 Windows Executable files. Running one of these files prompts us for a password, if we get the password wrong the program tells us to go step on a brick. We probably need to figure out the password for all of these files. This seems to be a daunting task, we can start by solving just one and working from there....

Reverse Engineering, Radare2, Linux, CrackMe, Scripting, Automation, r2pipe

Flare-On 5: MineSweeper Write-up

Oct. 13, 2018

With the Flare-On 5 challenge over and done I thought it would be a good idea to present my solutions for the challenges I managed to solve. This post will group the first two challenges together since they follow the same “story”, the Minesweeper World Championship is coming soon and you weren’t invited. However, you somehow managed to get your hands on the registration application for the challenge and need to crack the code in order to register. Let’s take a look at this application and see what we are dealing with....

Reverse Engineering, Radare2, Hacking, Linux, Windows, CrackMe, DotNET, DnSpy

Automating RE Using r2pipe

July 9, 2018

In this article we will go over Radare2’s r2pipe and its uses. R2pipe is the API for Radare2 that allows you to automate Radare2 and interact with a session from outside of Radare2. This can be used to simplify certain tasks, emulate a certain section of code, decrypt strings, or even reverse engineer multiple binaries with ease. In this specific example we will revisit a malware sample that I have detailed in a previous article titled Linux Malware Analysis—Why Homebrew Encryption is Bad. We will use r2pipe and Python to automate the process of deobfuscating strings within the binary....

Reverse Engineering, Radare2, Hacking, Malware Analysis, Malware, Scripting, Automation, r2pipe

MalwareBytes CrackMe #2 Write-Up

May 19, 2018

MalwareBytes recently released their second CrackMe Challenge and I managed to solve it. This article will be my write-up for it so readers can see the techniques that were used in this CrackMe and the steps I went through to reverse engineer the application and get the flag. If you want to follow along you can download the application from the official MalwareBytes post here....

Reverse Engineering, Radare2, Hacking, MalwareBytes, CrackMe


Page 1 of 3
>>