Tetrane's BLOG

Tetrane launches REVEN Professional Edition

04 Feb 2020 by Marc and Benoit - Reven - Reven Announcement Releases

Tetrane launches REVEN Professional Edition! You were many to request and wait for a lighter, more accessible, more affordable version of REVEN. Here it is! REVEN Professional Edition democratizes full-system timeless analysis for vulnerability and malware analysis. Now, it is directly available for purchase on TETRANE website REVEN Professional Edition...

Analysis of CVE-2019-0708, a.k.a. BlueKeep, with REVEN: Another point of view

22 Jan 2020 by Luc - Technical - Use-after-free UaF Reverse Engineering Garbage Collector Memory Management CVE Demo Reven

Bluekeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol, which allows remote code execution. At least one analysis already describes precisely this vulnerability with a specific approach. This blog post aims to demonstrate how REVEN can be used to analyze the crash, the root cause...

Analyzing an Out-of-Bounds read in a TTF font file

17 Dec 2019 by Luc - Technical - OOB Read Overflow Reverse Engineering CVE Demo REVEN

In this post we will analyze some specific points from the proof of concept for CVE-2019-1244, that has been found by Mateusz @j00ru Jurczyk. This vulnerability is a user-mode out-of-bounds read in Microsoft DirectWrite function dwrite.dll!sfac_GetSbitBitmap while processing a TTF font file. Our starting point is a first recording of...

REVEN 2.3: 32-bit symbols, Current Process Information, and more

05 Dec 2019 by Louis - Technical - Reven Releases Announcement OSSI

Tetrane is happy to announce the recent release of REVEN 2.3. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis features that...

Who's calling? Finding out which process made a system call

21 Nov 2019 by Louis - Tutorial Technical - Automation Syscall Reverse Engineering Script

The version 2.2 of REVEN saw the addition of the Analysis Python API, that lets you automate the analysis of a scenario using scripts. The API sparkled the interest of our users and gave them inspiration to handle many use cases by scripting. One of these use cases is going...

CVE-2019-1347: When a mouse over a file is enough to crash your system

12 Nov 2019 by Luc - Technical - Reven Reverse Engineering PE Parsing CVE Taint Kernel PTE

CVE-2019-1347 is a vulnerability disclosed in october 2019 by Mateusz @j00ru Jurczyk in the Windows relocation mechanism when parsing a PE file. By simply placing your mouse cursor over the Proof of Concept file, a Blue Screen Of Death is triggered. We thought the original description could be positively completed...

REVEN 2.2: Python API, Automatic Recording, and more

12 Sep 2019 by Louis - Technical - Reven Releases Announcement Automation Analysis API Workflow API

Tetrane is happy to announce the recent release of REVEN 2.2. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis features that...

Analysis of the Uroburos malware with REVEN

12 Jun 2019 by Luc and Mathieu - Technical - Reverse Engineering Malware Analysis Windows Kernel Demo Reven

In this post, we present how Timeless Analysis can be used to analyze a few mechanisms of a Uroburos recent version. We use REVEN and its integration with Volatility and IDA to detect indicators of compromise, analyze the dropping mechanisms and circumvent tricks the malware uses to hide itself. The...

Windows boot from UEFI to kernel

20 May 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Windows boot UEFI Demo Reven

Getting full visibility into the Windows 10 OS’ boot mechanisms is challenging. REVEN opens up a new world of possibilities with its timeless analysis technology! We used REVEN to record the Windows OS’ boot process, all the way from before the UEFI firmware transfers control to the boot process, to...

Full visibility of a Windows Kernel Bug with Timeless Analysis (CVE-2018-8410)

26 Mar 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Scripts CVE Demo Reven

One of the situations where REVEN (aka Tetrane) really shines is digging into undocumented kernel mechanisms, especially in cases where WinDBG abstracts information away from the user. In the following video, we will analyze a reference counting bug in the Windows Kernel (CVE-2018-8410 published by Google Project Zero) and try...



Older Posts