5 posts in tag Demo

Analyzing an Out-of-Bounds read in a TTF font file

17 Dec 2019 by Luc - Technical - OOB Read Overflow Reverse Engineering CVE Demo REVEN

In this post we will analyze some specific points from the proof of concept for CVE-2019-1244, that has been found by Mateusz @j00ru Jurczyk. This vulnerability is a user-mode out-of-bounds read in Microsoft DirectWrite function dwrite.dll!sfac_GetSbitBitmap while processing a TTF font file. Our starting point is a first recording of...

Analysis of the Uroburos malware with REVEN

12 Jun 2019 by Luc and Mathieu - Technical - Reverse Engineering Malware Analysis Windows Kernel Demo Reven

In this post, we present how Timeless Analysis can be used to analyze a few mechanisms of a Uroburos recent version. We use REVEN and its integration with Volatility and IDA to detect indicators of compromise, analyze the dropping mechanisms and circumvent tricks the malware uses to hide itself. The...

Windows boot from UEFI to kernel

20 May 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Windows boot UEFI Demo Reven

Getting full visibility into the Windows 10 OS’ boot mechanisms is challenging. REVEN opens up a new world of possibilities with its timeless analysis technology! We used REVEN to record the Windows OS’ boot process, all the way from before the UEFI firmware transfers control to the boot process, to...

Full visibility of a Windows Kernel Bug with Timeless Analysis (CVE-2018-8410)

26 Mar 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Scripts CVE Demo Reven

One of the situations where REVEN (aka Tetrane) really shines is digging into undocumented kernel mechanisms, especially in cases where WinDBG abstracts information away from the user. In the following video, we will analyze a reference counting bug in the Windows Kernel (CVE-2018-8410 published by Google Project Zero) and try...

Analysis of VLC Exploit Arbitrary Code Execution (CVE-2018-11529)

06 Mar 2019 by Mathieu - Technical - Reverse Engineering CVE Demo Reven

This is the analysis of VLC Exploit Arbitrary Code Execution (CVE-2018-11529) done REVEN v2. It leverages our timeless analysis technology and several key features: Data Tainting Memory History Backtrace etc.