Tetrane's BLOG
Getting ready for analysis with REVEN (3/3): Finalizing the Workflow
This video article is part of a series on virtual machine configuration for use with REVEN: Importing a VM Lightening the VM for more efficient scenario recording Finalizing the configuration workflow (this article) Today’s video contains the last, but not least steps required in the configuration of a VM for...
Getting ready for analysis with REVEN (2/3): Lightening of the VM
This video article is part of a series on virtual machine configuration for use with REVEN: Importing a VM Lightening the VM for more efficient scenario recording (this article) Finalizing the configuration workflow Today’s video is about an unsuspected, yet very important step in the VM configuration process: VM lightening...
Getting ready for analysis with REVEN (1/3): Importing a new VM
Among all RE tasks, setting up the environment is a tedious, but necessary step. With the recent release of REVEN 2.5, getting up to start with your first scenario is now easier than ever! This series of video articles will guide you through the process of configuring a virtual machine...
Tracing network data back to encryption
In this video, we demonstrate how REVEN makes it possible to connect data sent through the network with the code that generated it beforehand. In our case, this reveals a decryption routine in a malware. The first step is to reconstruct a usable PCAP file from the trace to explore...
Announcing REVEN version 2.5
Tetrane is happy to announce the release of REVEN 2.5 Enterprise and Professional. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis...
Automated analysis of crashes or malware, and integration with fuzzers
06 May 2020
by
Mathieu
-
Tutorial
Automation
-
Demo
Automation
Workflow API
Analysis API
Scenario recording
Analyzing a crash within a fuzzing process or not, capturing and analyzing malware activities, those tasks can now be fully automated with REVEN. It’s also easy to plug it into your tool chain or customize it. This demo presents the entire automated workflow: starting a VM. loading and launching the...
REVEN DEMO - Comparing the dynamic execution on 2 systems (3/3)
This video continues the analysis of CVE-2019-1347. It demonstrates how to compare 2 executions, on a vulnerable system vs non-vulnerable system to extract valuable information about the vulnerability. The first video demonstrated how to move quickly from a system crash to the input file responsible and the WinDbg Integration. The...
REVEN DEMO - Taint and IDA Integration (2/3)
This video continues the analysis of CVE-2019-1347. This part of the demo uses data flow tainting forward. It also shows the IDA integration to get both the static & the dynamic view of the application under analysis. The first video demonstrated how to move quickly from a system crash to...
REVEN DEMO - From a crash to the input file and WinDbg Integration (1/3)
In this video, we show how to quickly move from a system crash to the input file at its origin. It demonstrates the usage of REVEN features like the data flow tainting and the integration with WinDbg. This demo is related to the CVE-2019-1347 (“When a mouse over a file...
REVEN Tainting and APIs for automation
This demo focuses on 2 areas: The REVEN data flow tainting feature that makes it easy to follow data across processes using IPC or local network communications The REVEN Python API to automate analysis tasks, used here for data tainting. The example is based on the application Tokio chat with...
Older Posts
