Linux Malware Analysis—Why Homebrew Encryption is Bad

Feb. 2, 2018

Linux is one of my favorite operating systems, but you seldom see malware for it, so I was pretty interested when Linux Malware was caught by my honeypot. This article will be my analysis of the sample, particularly the decryption function that was used throughout it. It’s a good example of why using your own encryption algorithm isn’t very secure....

Reverse Engineering, Radare2, Malware Analysis, Malware, Linux

Flare-On 5: MineSweeper Write-up

Oct. 13, 2018

With the Flare-On 5 challenge over and done I thought it would be a good idea to present my solutions for the challenges I managed to solve. This post will group the first two challenges together since they follow the same “story”, the Minesweeper World Championship is coming soon and you weren’t invited. However, you somehow managed to get your hands on the registration application for the challenge and need to crack the code in order to register. Let’s take a look at this application and see what we are dealing with....

Reverse Engineering, Radare2, Hacking, Linux, Windows, CrackMe, DotNET, DnSpy

Flare-On 5: FLEGGO Write-up

Dec. 4, 2018

This is my second article on the Flare-On 5 CTF. This article will focus on the third challenge in the series, FLEGGO. If you haven’t read my other article detailing the first two challenges you can find it here. Unzipping FLEGGO presents us with 49 Windows Executable files. Running one of these files prompts us for a password, if we get the password wrong the program tells us to go step on a brick. We probably need to figure out the password for all of these files. This seems to be a daunting task, we can start by solving just one and working from there....

Reverse Engineering, Radare2, Linux, CrackMe, Scripting, Automation, r2pipe

Robbinhood Malware Analysis with Radare2

July 1, 2019

This article will provide an overview of how we can extract function names from Windows GoLang binaries to make reversing easier and to give a brief analysis on the Robbinhood Ransomware that attacked Baltimore recently. GoLang is a programming language designed around multi-threaded applications. The difficulty in reversing GoLang binaries is that all libraries are statically linked which means there will be a large number of functions in the application, most of which are not even used during execution. For example, in a normal Hello World compiled GoLang binary, radare2 detects 1800 functions....

Reverse Engineering, Radare2, Malware Analysis, Malware, Linux, Windows, Scripting, Automation, r2pipe, GoLang


Page 1 of 1