Tetrane's BLOG

Profiling Windows execution with system timeless analysis

05 Nov 2020 by Louis and tdta - REVEN - Performance REVEN Profiling Use case

An unused system is not a suspended system! Discover in this article how we measured some Windows 10 background activity with timeless analysis in various configurations. The multiple applications of system-wide timeless analysis range from the obvious, like “a debugger you don’t have to restart all the time”, the less...

Buffer overflow exploitation in Quick Player 1.3 (unicode & SEH)

06 Oct 2020 by Quentin - REVEN - Reverse Engineering REVEN Exploit Buffer overflow

In this article, we will talk about the exploitation of a buffer overflow in Quick Player 1.3 leading to an arbitrary code execution, and how we fixed an already existing exploit using REVEN. We will first present the exploit, then explain why it did not work at first, and how...

Announcing REVEN version 2.6

15 Sep 2020 by Louis and Marc - Reven - Reven Announcement Releases

Tetrane is pleased to announce that the release of REVEN 2.6 Enterprise and Professional is available. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to...

Interactive write-ups with REVEN and Jupyter

09 Sep 2020 by Louis - Tutorial - Reverse Engineering Analysis API Reven

OK, so you just recorded this nice trace of the latest malware-of-the-week, great! You went around the timeline in Axion, did some symbol search, it all looks very promising. Time to dive into the depths of the analysis… What was the name of that function again? The one that’s probably...

Timeless Full-System analysis with REVEN and WinDbg

03 Sep 2020 by Louis - Tutorial - Reverse Engineering Reven WinDbg

REVEN 2.5 introduced a new integration between REVEN and Microsoft WinDbg. This integration brings WinDbg and REVEN closer together, allowing you to access a REVEN trace as if it were a live VM and benefit from REVEN’s full-system timeless analysis and full-fledged scripting API, together with WinDbg’s familiar debugger interface....

Getting ready for analysis with REVEN (3/3): Finalizing the Workflow

30 Jul 2020 by Louis - Tutorial - Workflow API Scenario recording

This video article is part of a series on virtual machine configuration for use with REVEN: Importing a VM Lightening the VM for more efficient scenario recording Finalizing the configuration workflow (this article) Today’s video contains the last, but not least steps required in the configuration of a VM for...

Getting ready for analysis with REVEN (2/3): Lightening of the VM

28 Jul 2020 by Louis - Tutorial - Workflow API Scenario recording

This video article is part of a series on virtual machine configuration for use with REVEN: Importing a VM Lightening the VM for more efficient scenario recording (this article) Finalizing the configuration workflow Today’s video is about an unsuspected, yet very important step in the VM configuration process: VM lightening...

Getting ready for analysis with REVEN (1/3): Importing a new VM

23 Jul 2020 by Louis - Tutorial - Workflow API Scenario recording

Among all RE tasks, setting up the environment is a tedious, but necessary step. With the recent release of REVEN 2.5, getting up to start with your first scenario is now easier than ever! This series of video articles will guide you through the process of configuring a virtual machine...

Tracing network data back to encryption

16 Jul 2020 by Mathieu - Reven - Reverse Engineering Malware Analysis Analysis API Taint Reven

In this video, we demonstrate how REVEN makes it possible to connect data sent through the network with the code that generated it beforehand. In our case, this reveals a decryption routine in a malware. The first step is to reconstruct a usable PCAP file from the trace to explore...

Announcing REVEN version 2.5

25 Jun 2020 by Marc - Reven - Reven Announcement Releases

Tetrane is happy to announce the release of REVEN 2.5 Enterprise and Professional. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis...



Older Posts