MMinHeeinn0pex3.hashnode.dev·Apr 25 · 6 min readUnflattening the Maze: Automating CFF Deobfuscation using Microcode Hex-Rays (P2)1. Limitations of MIASM compared to Hex-Rays microcode Although Miasm is a great data flow analysis tool, when coming to the final step of function recovery, this method reveals two major disadvantage00
MMinHeeinn0pex3.hashnode.dev·Apr 18 · 11 min readUnflattening the Maze: Automating CFF Deobfuscation using Miasm (P1)1. Introduce In recent years, it has become quite common for malware to use the control flow flattening (CFF) obfuscation technique. This is considered one of the most annoying types of obfuscation fo00
MMinHeeinn0pex3.hashnode.dev·Jan 10 · 3 min readExtract config by CyberChef in advanced1. Introduction After analyzing malware, the next common step is to extract its configuration information for future research. Most people choose to write Python scripts for this task. While Python is powerful, it can be a challenge for those who pre...00
MMinHeeinn0pex3.hashnode.dev·Dec 15, 2025 · 5 min readQuick note FlareOn 2025This year, I participated in FlareOn and was fortunate enough to solve all the challenges. Overall, many of this year’s challenges leaned heavily toward math or cryptography, which I found less appealing since they didn’t focus as much on reverse eng...00
MMinHeeinn0pex3.hashnode.dev·Oct 31, 2023 · 9 min readReverse OOP from scratch1. Preface Nowadays, more and more malware is written in C++ instead of pure C. The difference between C++ and C when programming is the OOP. This causes many difficulties when reversing malware. Through this blog, I will guide you to reverse OOP in ...00
