Code of The Day

Before we start, this will probably be the last RE Series from HTB, as I’ve completed almost all of the RE challenges on HTB. Almost, because some of them has trouble running on my machine, and I’m honestly too lazy to fix broken challenges. I’ll probably now pivot towards analyzing real-life malware, and hopefully what […]

An interesting challenge with a tricky obfuscator. Honestly, once the code has been de-obfuscated, it’s quite straight forward! Static Analysis Running it through Exeinfo, we see that the binary has been packed with ConfuserEx. The hardest part actually is finding the deobfuscator Opening the binary with DNSpy, this is what the obfuscated version looks like: […]

A fun CTF that has unreachable code, although I wonder how practical this is in real life! Static Analysis with Ghidra We throw the binary into Ghidra to analyze the main function It’s pretty complicated. On line 13, its creating a value based off srand() from iVar2 On line 15, it checks if there are […]

My first Insane challenge, and I’m glad I solved it. Binary Analysis Running some simple analysis, we see that the binary prompts us for a password, it’s a stripped binary, dynamically linked, and curiously ltrace fails immediately. Dynamic Analysis with IDA As we step through the function, we get to the part where it calls […]

A write up for the challenges posted here: https://github.com/wapiflapi/exrs I’ve only done r1-r7, and I’ve yet to do r8 and r9 R1 As straight forward as running “strings” on the binary R2 Some dynamic analysis is involved. We run the program through IDA, and breakpoint at the string comparison to see what it’s comparing to […]

This RE challenge is quite challenging, and a bit of a step up from the other 3, rightly so, as it is classified as “Medium” difficulty on HTB. It involves code obfuscation, and anti-debugging techniques such as checking the debug flag and timing analysis. Running the binary When we execute the binary, we see that […]

In this challenge, there is elements of Packing and Bit Shifting, with a little twist in it. Binary Analysis Running “file” on the binary, we see that it is statically linked This means that all the functions and libraries are embedded within the binary itself, and does not call and link any libraries from the […]

In this post we’re going to solve the Bypass challenge from Hack The Box. This includes us learning and using dnSpy, which is a tool to analyze and debug .NET applications (WARNING! If you’re downloading dnSpy, be aware that there is a malicious version circulating around: https://heimdalsecurity.com/blog/malicious-campaign-spreading-dnspy-targets-developers-and-security-researchers/ . Download the original one here: https://github.com/dnSpy/dnSpy) x32dbg […]

In my earlier post, I said was going to focus deeply into one subject each quarter of this year, so that at the end of the year, I would have 4 more above average skillsets to add to my arsenal (not mastery within such a short period of time). This quarter, I decided to work […]