Recon 2025 Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
https://www.youtube.com/watch?v=jPDJ_Zo6jiY
@reverseengine
https://www.youtube.com/watch?v=jPDJ_Zo6jiY
@reverseengine
YouTube
Recon 2025 - Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
Recon 2025 - Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
Presenters: Lars Wallenborn, Tillmann Werner, Sebastian Walla, Steffen Haas
As malware authors increasingly adopt .NET for its ease of development and stability…
Presenters: Lars Wallenborn, Tillmann Werner, Sebastian Walla, Steffen Haas
As malware authors increasingly adopt .NET for its ease of development and stability…
❤4
❤4
Reverse Engineering Tools both Offensive and Defensive Operations can utilize
https://github.com/InfosecHouse/InfosecHouse/blob/main/re.md
@reverseengine
https://github.com/InfosecHouse/InfosecHouse/blob/main/re.md
@reverseengine
GitHub
InfosecHouse/re.md at main · InfosecHouse/InfosecHouse
Tools & Resources for Cyber Security Operations. Contribute to InfosecHouse/InfosecHouse development by creating an account on GitHub.
❤4
Deep Dive into a Modern Stealth Linux Kernel Rootkit
https://blog.kyntra.io/Singularity-A-final-boss-linux-kernel-rootkit
@reverseengine
https://blog.kyntra.io/Singularity-A-final-boss-linux-kernel-rootkit
@reverseengine
❤4
List of Awesome Reverse Engineering Resources
https://github.com/wtsxDev/reverse-engineering
@reverseengine
https://github.com/wtsxDev/reverse-engineering
@reverseengine
GitHub
GitHub - wtsxDev/reverse-engineering: List of awesome reverse engineering resources
List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.
❤3
Awesome Malware Development Resources
https://github.com/rootkit-io/awesome-malware-development
@reverseengine
https://github.com/rootkit-io/awesome-malware-development
@reverseengine
GitHub
GitHub - rootkit-io/awesome-malware-development: Organized list of my malware development resources
Organized list of my malware development resources - rootkit-io/awesome-malware-development
❤3
بخش سوم بافر اور فلو
تفاوت های مهم بین استک هیپ و خطاهای off by one رو بررسی میکنیم
توضیح stack overflow
استک جاییه که فریم تابع ها قرار میگیره و معمولا بافر های محلی اینجا ساخته میشن
استک overflow زمانی رخ میده که نوشته های بیش از اندازه به بافر محلی برسن و بخش هایی مثل saved rbp و saved return address رو بازنویسی کنه
در عمل این نوع باعث کرش سریع میشه و معمولا به صورت overwrite روی فریم جاری قابل مشاهده هست
توضیح کد استک
در این کد یک تابع بافر محلی داره و با strcpy مقدار وارد شده رو کپی میکنه
دیدن کرش و بررسی saved return address در gdb هست
کد استک فایل stack.c
#include <stdio.h>
#include <string.h>
void vuln(char *s) {
char buf[32];
printf("inside vuln\n");
strcpy(buf, s);
printf("buf says %s\n", buf);
}
int main(int argc, char **argv) {
if (argc < 2) {
printf("usage stack input\n");
return 1;
}
vuln(argv[1]);
printf("returned normally\n");
return 0;
}
دستورات اجرا و دیباگ مربوط به استک
این دستورات رو اجرا کنید تا کرش و فریم رو ببینید
gcc -g stack.c -o stack
gdb --args ./stack $(python3 -c "print('A'*80)")
داخل gdb
break vuln
run
info frame
x/40gx $rbp
backtrace
Part Three Buffer Overflow
We examine important differences between stack, heap, and off‑by‑one errors
Explanation stack overflow
The stack is where function frames are placed and local buffers are usually allocated
A stack overflow occurs when writes exceed a local buffer and overwrite areas like saved rbp and the saved return address
In practice this type causes a fast crash and is usually visible as an overwrite on the current frame
Explanation stack code
In this code a function has a local buffer and uses strcpy to copy the supplied input
You will see the crash and inspect the saved return address in gdb
Stack source file stack.c
#include <stdio.h>
#include <string.h>
void vuln(char *s) {
char buf[32];
printf("inside vuln\n");
strcpy(buf, s);
printf("buf says %s\n", buf);
}
int main(int argc, char **argv) {
if (argc < 2) {
printf("usage stack input\n");
return 1;
}
vuln(argv[1]);
printf("returned normally\n");
return 0;
}
Commands to build and debug the stack
Run these commands to see the crash and inspect the frame
gcc -g stack.c -o stack
gdb --args ./stack $(python3 -c "print('A'*80)")
Inside gdb
break vuln
run
info frame
x/40gx $rbp
backtrace
@reverseengine
❤3
BlackSuit Ransomware Actors Breached Corporate Environment
https://cybersecuritynews.com/blacksuit-ransomware-vmware-esxi
@reverseengine
https://cybersecuritynews.com/blacksuit-ransomware-vmware-esxi
@reverseengine
Cyber Security News
BlackSuit Ransomware Actors Breached Corporate Environment, Including 60+ VMware ESXi Hosts
The BlackSuit ransomware group, tracked as Ignoble Scorpius by cybersecurity experts, devastated a prominent manufacturer's operations.
❤3
این کنفرانس در زمینه ی مهندسی معکوس و توسعه اکسپلویت هست
This conference is about reverse engineering and exploit development.
https://www.youtube.com/@reconmtl/videos
@reverseengine
This conference is about reverse engineering and exploit development.
https://www.youtube.com/@reconmtl/videos
@reverseengine
Youtube
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
❤3
Windows Drivers Reverse Engineering Methodology
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
@reverseengine
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
@reverseengine
VoidSec
Windows Drivers Reverse Engineering Methodology
Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.
❤3
❤3
Best Anti-Debugging Techniques
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software#best-anti-debugging-techniques-from-apriorit
@reverseengine
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software#best-anti-debugging-techniques-from-apriorit
@reverseengine
Apriorit
Anti Debugging Protection Techniques with Examples
This article considers popular anti-cracking, anti reverse engineering protection techniques, namely anti-debug methods in Windows OS.
❤3
ReverseEngineering
Roadmap Zero Day Hunter پیش نیازها و پایه یادگیری عمیق زبان C و C پلاس پلاس درک ساختار حافظه stack و heap و calling conventions پروژه های ساده C برای نشان دادن فهم در گیت هاب خروجی ریپوی گیت هاب با چند پروژه کوچک فاز 1 سیستم عامل و حافظه درک virtual memory…
https://medium.com/firat-on-frontend/fuzzing-for-zero-day-vulnerabilities-step-by-step-understanding-676e71c2b72b
@reverseengine
@reverseengine
Medium
🔐 Fuzzing for Zero-Day Vulnerabilities: Step by Step Understanding
✳️ What Is a Zero-Day Vulnerability and Why Does It Matter?
❤3