13 posts in tag Demo

Automated analysis of crashes or malware, and integration with fuzzers

06 May 2020 by Mathieu - Tutorial Automation - Demo Automation Workflow API Analysis API Scenario recording

Analyzing a crash within a fuzzing process or not, capturing and analyzing malware activities, those tasks can now be fully automated with REVEN. It’s also easy to plug it into your tool chain or customize it. This demo presents the entire automated workflow: starting a VM. loading and launching the...

REVEN DEMO - Comparing the dynamic execution on 2 systems (3/3)

23 Apr 2020 by Mathieu - Tutorial - Demo Reven

This video continues the analysis of CVE-2019-1347. It demonstrates how to compare 2 executions, on a vulnerable system vs non-vulnerable system to extract valuable information about the vulnerability. The first video demonstrated how to move quickly from a system crash to the input file responsible and the WinDbg Integration. The...

REVEN DEMO - Taint and IDA Integration (2/3)

21 Apr 2020 by Mathieu - Tutorial - Demo Reven

This video continues the analysis of CVE-2019-1347. This part of the demo uses data flow tainting forward. It also shows the IDA integration to get both the static & the dynamic view of the application under analysis. The first video demonstrated how to move quickly from a system crash to...

REVEN DEMO - From a crash to the input file and WinDbg Integration (1/3)

15 Apr 2020 by Mathieu - Tutorial - Demo Reven

In this video, we show how to quickly move from a system crash to the input file at its origin. It demonstrates the usage of REVEN features like the data flow tainting and the integration with WinDbg. This demo is related to the CVE-2019-1347 (“When a mouse over a file...

REVEN Tainting and APIs for automation

07 Apr 2020 by Louis - Tutorial Automation - Demo Reven API

This demo focuses on 2 areas: The REVEN data flow tainting feature that makes it easy to follow data across processes using IPC or local network communications The REVEN Python API to automate analysis tasks, used here for data tainting. The example is based on the application Tokio chat with...

Recording a Crash with REVEN Project Manager

24 Mar 2020 by Mathieu - Tutorial - Demo Reven Scenario recording

In this video, we will have a look at the Project Manager UI, which is the tool REVEN provides to enable users to manage virtual machines and scenarios. As far as scenarios are concerned, the Project Manager allows to record scenarios and generate data resources for the RE analysis. We...

Analyzing CVE-2018-8653 with REVEN: Use-after-Free in Internet Explorer Scripting Engine

10 Mar 2020 by Luc - Technical - Use After Free UaF Reverse Engineering Garbage Collector Memory Management CVE Demo Reven

In this post we will have a look at the proof of concept for CVE-2018-8653 that comes from a very interesting blog post from Philippe Laulheret et al. at MacAfee Labs. To summarize, the vulnerability exploits various seemingly innocent behaviors in Internet Explorer’s scripting engine (jscript.dll) to trigger a use-after-free...

Analysis of CVE-2019-0708, a.k.a. BlueKeep, with REVEN: Another point of view

22 Jan 2020 by Luc - Technical - Use-after-free UaF Reverse Engineering Garbage Collector Memory Management CVE Demo Reven

Bluekeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol, which allows remote code execution. At least one analysis already describes precisely this vulnerability with a specific approach. This blog post aims to demonstrate how REVEN can be used to analyze the crash, the root cause...

Analyzing an Out-of-Bounds read in a TTF font file

17 Dec 2019 by Luc - Technical - OOB Read Overflow Reverse Engineering CVE Demo REVEN

In this post we will analyze some specific points from the proof of concept for CVE-2019-1244, that has been found by Mateusz @j00ru Jurczyk. This vulnerability is a user-mode out-of-bounds read in Microsoft DirectWrite function dwrite.dll!sfac_GetSbitBitmap while processing a TTF font file. Our starting point is a first recording of...

Analysis of the Uroburos malware with REVEN

12 Jun 2019 by Luc and Mathieu - Technical - Reverse Engineering Malware Analysis Windows Kernel Demo Reven

In this post, we present how Timeless Analysis can be used to analyze a few mechanisms of a Uroburos recent version. We use REVEN and its integration with Volatility and IDA to detect indicators of compromise, analyze the dropping mechanisms and circumvent tricks the malware uses to hide itself. The...

Windows boot from UEFI to kernel

20 May 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Windows boot UEFI Demo Reven

Getting full visibility into the Windows 10 OS’ boot mechanisms is challenging. REVEN opens up a new world of possibilities with its timeless analysis technology! We used REVEN to record the Windows OS’ boot process, all the way from before the UEFI firmware transfers control to the boot process, to...

Full visibility of a Windows Kernel Bug with Timeless Analysis (CVE-2018-8410)

26 Mar 2019 by Mathieu - Technical - Reverse Engineering Windows Kernel Scripts CVE Demo Reven

One of the situations where REVEN (aka Tetrane) really shines is digging into undocumented kernel mechanisms, especially in cases where WinDBG abstracts information away from the user. In the following video, we will analyze a reference counting bug in the Windows Kernel (CVE-2018-8410 published by Google Project Zero) and try...

Analysis of VLC Exploit Arbitrary Code Execution (CVE-2018-11529)

06 Mar 2019 by Mathieu - Technical - Reverse Engineering CVE Demo Reven

This is the analysis of VLC Exploit Arbitrary Code Execution (CVE-2018-11529) done REVEN v2. It leverages our timeless analysis technology and several key features: Data Tainting Memory History Backtrace etc.