2 posts in archive
Reversing DirtyC0W

Everybody keeps in mind the Dirtyc0w Linux kernel bug. For those who don’t, take some time to refresh your memory here. The kernel race condition is triggered from user-space and can easily lead a random local user to write into any root owned file. In this article, we will demonstrate...
Unfolding obfuscated code with Reven (part 2)

Last time, by abstracting the runtime effect of the first virtual machine, we have reduced the challenge to a simpler but semantically equivalent program. Its control flow graph has a unique entry point as the basic block starting at 0x402048, whereas ones at 0x4023d4 and at 0x40266e are exit points...