© 2023 Hashnode
#reverse-engineering
This weekend's project was to refresh on assembly language and more specifically disassemblers and decompilers for reverse engineering. It's been a while (early in my career) since I've worked with to…
https://pwnable.tw The challenge description says: Only open read write syscalls are allowed to use. But is that enforced? How? Seccomp Taking a look using the ghidra decompiler: void orw_seccomp(void…
I've been modding some games on Steam recently, and some of them make use of the Steamworks product to add an extra layer of security, as well as adding other features such as the overlay and cloud saves. This isn't an article on how Steam …
What's Web Scraping? Web scraping is a process of extracting data from websites. It involves making HTTP requests to a website's server to retrieve the HTML or XML source code and then parsing that co…
How has everyone been lately? I hope you are all doing well out there. Today's topic will be about the Simple methods in which Reverse Email Lookup can be utilised. First of all, what exactly is Rever…
Upon starting a new role in a new team at a new company, one of the IT processes that was not fully understood by existing staff was how desktop shortcuts to file shares were created on user's desktops. Here is a rundown of my process to "r…
Hello, dear reader. This is my first post on this blog and I wanted to use it to explain something that bugged me for a while. At ALX-Holberton, we had some optional tasks which involved cracking the …
I've started looking into the Adylkuzz malware, as mentioned by Tim Blazytko in his article on Automated Detection of Obfuscated Code. Initial analysis shows a TLS entry handler that dumps us straight into a VMProtect VMEnter() function, th…
Hashing function names slows down reversers It's common for packed and otherwise obfuscated binaries to effectively user their own shellcode to populate the imports that they plan to use. This does two things: It hides imports from the rev…
Carrying on from the previous article, we can take the first of the tigress challenges and finesse it so the VM parser shows up nicely as a big switch/case statement and we can unpick what all the VM handlers do. The next step is to transla…
