-
RE: Crackme Guess the Password
https://crackmes.one/crackme/60906d5833c5d458ce0ec80b I’ve been doing plenty of crackmes as a way to improve my RE skills, although I do stay away from Keygen challenges as I don’t find them particularly interesting. Instead, I’m attempting those that require you to key in a right username or password. This write up is about a pretty interesting and challenging […]
-
FormBook / AgentTesla
Today we’re gonna look at a sample of FormBook Malware, which contains AgentTesla within it. It features things such as hiding an EXE within an EXE, and installing a persistent backdoor within the system. Source: https://bazaar.abuse.ch/sample/35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d/#intel First DNSpy Analysis When we run the exe file through DNSpy, it looks to be building a simple form. […]
-
Ave Maria RAT (Loader?)
The sample we’re analyzing is part of the Ave Maria RAT malware family, but judging from it’s simple functions, perhaps it’s simply a loader to download the more complete malware. The file disguises itself as a PDF file with the icon, but in actuality, it’s a .NET program. We fire up DNSpy and load it […]
-
RE Series #10: LockBit ELF
After doing a substantial amount of RE challenges, I decided to analyze real Malware to see if what I’ve learnt is actually useful, and I have to say, I think it really helped! In this post, I’ll be dissecting the initial portions of the Linux variant of LockBit. Basic Information The binary on its own […]
-
RE Series #9: HTB Headache2
Before we start, this will probably be the last RE Series from HTB, as I’ve completed almost all of the RE challenges on HTB. Almost, because some of them has trouble running on my machine, and I’m honestly too lazy to fix broken challenges. I’ll probably now pivot towards analyzing real-life malware, and hopefully what […]
-
RE Series #8: CrackThis!
An interesting challenge with a tricky obfuscator. Honestly, once the code has been de-obfuscated, it’s quite straight forward! Static Analysis Running it through Exeinfo, we see that the binary has been packed with ConfuserEx. The hardest part actually is finding the deobfuscator Opening the binary with DNSpy, this is what the obfuscated version looks like: […]
-
RE Series #7: HTB Find The Secret Flag
A fun CTF that has unreachable code, although I wonder how practical this is in real life! Static Analysis with Ghidra We throw the binary into Ghidra to analyze the main function It’s pretty complicated. On line 13, its creating a value based off srand() from iVar2 On line 15, it checks if there are […]
-
RE Series #6: HTB Headache
My first Insane challenge, and I’m glad I solved it. Binary Analysis Running some simple analysis, we see that the binary prompts us for a password, it’s a stripped binary, dynamically linked, and curiously ltrace fails immediately. Dynamic Analysis with IDA As we step through the function, we get to the part where it calls […]
-
RE Series #5: exrs 1-7
A write up for the challenges posted here: https://github.com/wapiflapi/exrs I’ve only done r1-r7, and I’ve yet to do r8 and r9 R1 As straight forward as running “strings” on the binary R2 Some dynamic analysis is involved. We run the program through IDA, and breakpoint at the string comparison to see what it’s comparing to […]
-
Exercised
Throughout my life, I’ve always maintained health to be of paramount importance, even surpassing career aspirations as a need. A healthy body predicates a healthy mind, which is the ultimate derivative of everything else. Even though I would self-proclaim to be knowledgeable about most things fitness, this book has expanded my knowledge even more, which […]