Tetrane's BLOG

SWF file unpacking with REVEN

22 Apr 2015 - Reven - Reven Flash swf

Source: wikimedia commons Recently we took a look at a new flash player exploit used by the Angler exploit kit. The sample was obfuscated using the well known ‘packing’ technique: the dropped swf file embeds a second stage swf in the form of an encrypted blob that will be decrypted...

REVEN in your toolkit

20 Feb 2015 - Reven - Reven Axion taint

Reven provides many analysis tools but still might lack some of your favorite tool features. To address this issue we created a Python API to allow you to create and share plugins. We also developed some ourselves to make REVEN’s interaction with external tools possible. Universal debugging The Gnu debugger...

Decoding function arguments

14 Jan 2015 - Reven - Axion Reven taint

Today I will show you a feature that is pretty useful when analysing an application. We call it the “arguments decoder”, and it displays the content of a function’s arguments when its prototype is known. The latter’s definition can be either extracted from the msdn function and structures, or given...

IE crash analysis

17 Dec 2014 - Reven - Axion Reven taint Reverse Engineering use after free

Today we will analyse a crash of Internet Explorer. Reven scenario generation According to Exodus Intelligence, a vulnerability was silently fixed in MS13-055 patch along with other things. They showed on their blog how to exploit it. We generated our REVEN scenario where we give an html file to Internet...

Data painting

03 Dec 2014 - Reven - Axion Reven taint

http://www.cir.uc.edu/ In this post we’ll present Reven dynamic data tainting capabilities and see some use cases of the tool. Dynamic data tainting The so called data tainting is a well known technique used to analyse the impact of data on a program. The idea is to apply a taint to a...

Exploring text strings

21 Nov 2014 by Mathieu - Reven - Axion Reven Reverse Engineering

A program’s text strings often carry a lot of information, and are a basic although essential guide while analysing binaries. In this article we’ll see how REVEN handles and presents them. We’ll also see how one can automatically use this data to gain a better understanding a program’s behavior. The...

Following memory history with REVEN-Axion

14 Nov 2014 - Reven - Axion Reven Reverse Engineering

When working on traces of millions of instructions, one of the biggest challenges can be to detect the small portions of the code that are actually interesting. In this article, we have an application that reads from the network. We will show how to quickly find where the network frames...



Newer Posts