Reversing DirtyC0W

Everybody keeps in mind the Dirtyc0w Linux kernel bug. For those who don't, take some time to refresh your memory here.

The kernel race condition is triggered from user-space and can easily lead a random local user to write into any root owned file.

In this article, we will ...

more ...

"REVEN, that Time-Traveling machine" lightning talk at RECON Montreal 2017

During the short-presentations session, I had the opportunity to talk about REVEN, our Time-Traveling machine (applied for Software Reverse-Engineering and debugging). Until the video is available, you can have a look at my slides (20170618_recon17_REVEN.pdf) and imagine the live on-stage demo by watching some demos videos.

TETRANE is very ...

more ...





Making your own REVEN Axion plugin step by step

In this article we will shed light on REVEN Axion's customisation possibilities by describing step by step how to create a simple plugin.

Percent plugin screenshot.

Percent plugin in action on push edi.

We will walk you through:

  • The specification of our plugin
  • The basics of plugin API for REVEN Axion
  • The ...

more ...

SWF file unpacking with REVEN

Matryoshka dolls.

Source: wikimedia commons

Recently we took a look at a new flash player exploit used by the Angler exploit kit. The sample was obfuscated using the well known 'packing' technique: the dropped swf file embeds a second stage swf in the form of an encrypted blob that will be decrypted ...

more ...

REVEN in your toolkit

Reven provides many analysis tools but still might lack some of your favorite tool features. To address this issue we created a Python API to allow you to create and share plugins. We also developed some ourselves to make REVEN’s interaction with external tools possible.

Universal debugging

The Gnu ...

more ...

Decoding function arguments

Today I will show you a feature that is pretty useful when analysing an application. We call it the "arguments decoder", and it displays the content of a function's arguments when its prototype is known. The latter's definition can be either extracted from the msdn function and structures ...

more ...