Tetrane's BLOG
REVEN DEMO - From a crash to the input file and WinDbg Integration (1/3)
In this video, we show how to quickly move from a system crash to the input file at its origin. It demonstrates the usage of REVEN features like the data flow tainting and the integration with WinDbg. This demo is related to the CVE-2019-1347 (“When a mouse over a file...
REVEN Tainting and APIs for automation
This demo focuses on 2 areas: The REVEN data flow tainting feature that makes it easy to follow data across processes using IPC or local network communications The REVEN Python API to automate analysis tasks, used here for data tainting. The example is based on the application Tokio chat with...
Recording a Crash with REVEN Project Manager
In this video, we will have a look at the Project Manager UI, which is the tool REVEN provides to enable users to manage virtual machines and scenarios. As far as scenarios are concerned, the Project Manager allows to record scenarios and generate data resources for the RE analysis. We...
Analyzing CVE-2018-8653 with REVEN: Use-after-Free in Internet Explorer Scripting Engine
10 Mar 2020
by
Luc
-
Technical
-
Use After Free
UaF
Reverse Engineering
Garbage Collector
Memory Management
CVE
Demo
REVEN
In this post we will have a look at the proof of concept for CVE-2018-8653 that comes from a very interesting blog post from Philippe Laulheret et al. at MacAfee Labs. To summarize, the vulnerability exploits various seemingly innocent behaviors in Internet Explorer’s scripting engine (jscript.dll) to trigger a use-after-free...
Tetrane launches REVEN Professional Edition
Tetrane launches REVEN Professional Edition! You were many to request and wait for a lighter, more accessible, more affordable version of REVEN. Here it is! REVEN Professional Edition democratizes full-system timeless analysis for vulnerability and malware analysis. Now, it is directly available for purchase on TETRANE website REVEN Professional Edition...
Analysis of CVE-2019-0708, a.k.a. BlueKeep, with REVEN: Another point of view
22 Jan 2020
by
Luc
-
Technical
-
Use After Free
UaF
Reverse Engineering
Garbage Collector
Memory Management
CVE
Demo
REVEN
Bluekeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol, which allows remote code execution. At least one analysis already describes precisely this vulnerability with a specific approach. This blog post aims to demonstrate how REVEN can be used to analyze the crash, the root cause...
Analyzing an Out-of-Bounds read in a TTF font file
In this post we will analyze some specific points from the proof of concept for CVE-2019-1244, that has been found by Mateusz @j00ru Jurczyk. This vulnerability is a user-mode out-of-bounds read in Microsoft DirectWrite function dwrite.dll!sfac_GetSbitBitmap while processing a TTF font file. Our starting point is a first recording of...
REVEN 2.3: 32-bit symbols, Current Process Information, and more
Tetrane is happy to announce the recent release of REVEN 2.3. REVEN is an automated Reverse Engineering Platform designed to go x10 faster & x10 deeper using Timeless Analysis. Technically, REVEN captures a time slice of a full system execution (CPU, Memory, Hardware events) to provide unique analysis features that...
Who's calling? Finding out which process made a system call
The version 2.2 of REVEN saw the addition of the Analysis Python API, that lets you automate the analysis of a scenario using scripts. The API sparkled the interest of our users and gave them inspiration to handle many use cases by scripting. One of these use cases is going...
CVE-2019-1347: When a mouse over a file is enough to crash your system
CVE-2019-1347 is a vulnerability disclosed in october 2019 by Mateusz @j00ru Jurczyk in the Windows relocation mechanism when parsing a PE file. By simply placing your mouse cursor over the Proof of Concept file, a Blue Screen Of Death is triggered. We thought the original description could be positively completed...
Newer Posts Older Posts
