In this tutorial we’ll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being executed in a debugger, in a virtual machine or in a sandbox.
Malware analysis today depends on a great deal of factors, but we’re often using a […]
Sometimes we come across situations when we are in need of doing something inside our debuggers or to extend the functionality of them. For such things, debuggers usually provide an API interface to extend or provide extra functionality for the debugger.
There are two types of API provided by the […]
Obfuscation is a distinctive mechanism equivalent to hiding, often applied by security developers, to harden or protect the source code (which is deemed as intellectual property of the vendor) from reversing. The goal of such an approach is to transform the source code into new encrypted byzantine source code […]
This paper attempts to explain one of the critical buffer overﬂow vulnerabilities and its detection approaches that check the referenced buffers at run time, moreover suggesting other protection mechanics applied during software deployment configuration. Programs typically written in C or C++ language are inherently susceptible to buffer overflow attacks, […]
This article explains the techniques of inline Assembly programming by linking or invoking the CPU-dependent Native Assembly 32-bit code to C#.NET managed code. The .NET framework in fact doesn’t support assembly code execution explicitly via the CLR compiler because it JITs the IL code to native code, and there […]
MASM is maintained by Microsoft and is an x86 assembler that consumes Windows and Intel syntax to produce a COFF executable. It is compatible for both 16 bit and 32 bit sources. Fortunately, Microsoft’s Visual Studio IDE endorses MASM programming tasks just by making a couple of project property […]
While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the app, checking if the application stores any important data in plist files, analyzing the content in the database files etc. […]
Download the code associated with this article by filling out the the form below.
Once we’ve already gained access to the system, we can use various post-mortem attack vectors to exploit the system further. There might be various reasons for doing that, but attackers mostly use them for hiding the […]
In this paper, I’ll describe how to start reverse code engineering in Android devices. In this tutorial, you’ll learn:
Installation & configuration of Android Virtual Device.
How to build your debugging environment.
Short ARM assembly description.
Debugging with GDB inside your Android device.
Remote Debugging using gdbserver.
Remote debugging using IDA.
1. Installation & configuration of […]
If you’re used WinDbg before, you might already know that you can debug the whole Windows operating system with it. To do that, you must have two Windows operating systems, where the first one is the one we’ll be debugging and the second is where we’ll be debugging from. […]
In this tutorial we’ll take a look at how we can install and configure the Samba server on a host operating system to create a shared folder, which the guest Qemu virtual machines can use.
The first thing we have to do is install Samba, which we can do with […]
RevEngX is a freely available extension for the Debugging Tools for Windows. It offers several new commands to simplify the work of reverse engineering, code injection, hooking and other types of instrumentation that are useful when analyzing 3rd party software, malware, or developing commercial Windows applications that utilize code […]
We have already got the taste of reverse engineering with Reflector in the previous paper. It was basically a kick-start about this dissembling tool in terms of presenting its features and advantages. We have been performing the entire reverse engineering tactics over our custom made software called Champu. This […]
This editorial is committed to subverting the essential security restriction mechanisms of a native binary executable by employing the IDA Pro Dissembler. This paper is basically elaborating a very complex mechanism of reverse engineering among the previously demonstrated papers, yet because it is a very exhaustive and long process, […]
Implanting malicious code in the form of spyware to an existing running process is one of the more sophisticated tasks. Before the advent of disassembler or patching tools, the malevolent code is usually invoked from the hard-core programming code, which is a very exhaustive process in itself, because we […]
This article is especially designed to show how to crack a Java executable by disassembling the corresponding bytes code. Disassembling of Java bytecode is the act of transforming Java bytecode to Java source code. Disassembling is an inherent issue in the software industry, causing revenue loss due to software […]
We have already presented a couple of papers on modifying binaries through IDA Pro and OllyDbg disassembler, where we added functionality to an executable by modifying the code directly, using code caves. However, there is a suitable alternative to this approach, in that added functionality code that can be […]
Every organization is keener in investing in security because they don’t want to lose their entire assets by negligence. Most organizations have information security officers who implement policies, model threats, investigate security breaches, etc. The role of a malware analyst is closely aligned to what engineers in security incident […]
This article is a continuation of the previous effort of writing the “Disassembler-Mechanized” series, in which we are showing the process of developing special software which disassembles source code and injects arbitrary .exe into a process. The first two articles in this serious were about the design, configuration of […]
TLS (thread local storage) calls are subroutines that are executed before the entry point . There is a section in the PE header that describes the place of a TLS callback. Malwares employ TLS callbacks to evade debugger messages. When a particular malware employed with TLS callbacks is loaded […]