Tetrane's BLOG

Who corrupted the data! Get a fast and precise answer with the taint

18 Feb 2021 by Louis - REVEN - REVEN Reverse Engineering Taint

In vulnerability analysis a frequent question that needs answering is: “who corrupted this data?”. Timeless Debugging and Analysis (TDnA) systems like REVEN can provide fast and accurate answers to this particular question. For example, the Memory History feature of REVEN allows to see the entire list of accesses to a...

REVEN OpenLab - Feb 18th, 2021

17 Feb 2021 by Marc - Conference - Reverse Engineering REVEN CVE

Join us on February 18th for an Open Lab where you will analyze 2 recent CVEs using REVEN Timeless Analysis and Debugging Platform. After a short introduction, you will take the driving seat (each participant gets her/his own REVEN instance) to analyze: A program crash CVE-2020-16898: Microsoft Windows TCP/IP Remote...

Detecting Buffer-Overflow vulnerabilities using REVEN

11 Feb 2021 by Quentin - REVEN - Reverse Engineering Vulnerability Detection Analysis API Taint REVEN

The REVEN Buffer-Overflow (BoF) detection capability is built on the top of the Use-after-Free (UaF) script. Therefore, it is best to read the UaF article before this one. We will explain how the UaF detection Jupyter notebook led us to develop a Buffer-Overflow detection Jupyter notebook (available on Github) and...

Finding uses of cryptographic functions and the data encrypted by an application

26 Jan 2021 by Louis - Tutorial - Use cases REVEN Reverse Engineering Analysis API Cryptography

How to find cryptography implemented by an application in a REVEN trace? Let’s explore two ways of doing so! Looking for known symbol calls REVEN provides several features related to symbol calls: The symbol search feature allows you to look throughout the entire trace to find calls to a specific...

HITBCyberWeek 2020 REVEN Lab replay

19 Jan 2021 by Mathieu - Conference - Reverse Engineering REVEN Exploit Buffer overflow CVE

In November 2020, Tetrane presented a remote technical hands-on lab at HITB CyberWeek about timeless debugging and analysis. We are sharing the recording of the lab as it’s a good opportunity to discover the dynamic approach of REVEN: the type of questions a trace can provide answers to, how to...

Announcing REVEN version 2.7

17 Dec 2020 by Louis and Marc - REVEN - REVEN Announcement Releases

Tetrane is pleased to announce the release of REVEN Enterprise and REVEN Professional 2.7. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique...

Detecting Use-After-Free vulnerabilities using REVEN

15 Dec 2020 by Louis ,Quentin and Benoit - REVEN - Reverse Engineering Vulnerability Detection Analysis API Taint REVEN

Tetrane’s Timeless Debugging and Analysis (TDnA) allows to capture a time slice of the execution of a system (CPU, Memory, Hardware Events) and provides some powerful analysis features that speed up and scale the reverse engineering process. It can be combined with various fuzzing approaches that will drive the discovery...

Profiling Windows execution with system timeless analysis

05 Nov 2020 by Louis and tdta - REVEN - Performance REVEN Profiling Use case

An unused system is not a suspended system! Discover in this article how we measured some Windows 10 background activity with timeless analysis in various configurations. The multiple applications of system-wide timeless analysis range from the obvious, like “a debugger you don’t have to restart all the time”, the less...

Buffer overflow exploitation in Quick Player 1.3 (unicode & SEH)

06 Oct 2020 by Quentin - REVEN - Reverse Engineering REVEN Exploit Buffer overflow

In this article, we will talk about the exploitation of a buffer overflow in Quick Player 1.3 leading to an arbitrary code execution, and how we fixed an already existing exploit using REVEN. We will first present the exploit, then explain why it did not work at first, and how...

Announcing REVEN version 2.6

15 Sep 2020 by Louis and Marc - REVEN - REVEN Announcement Releases

Tetrane is pleased to announce that the release of REVEN 2.6 Enterprise and Professional is available. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to...



Older Posts