OALabsThe first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PROOALabs2020-05-31 | The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis....
As always check out our tools, tutorials, and more content over at openanalysis.net
#IDAPro #Botnet #MalwareAnalysisM1 Mac Malware Analysis VM Setup with Windows 11 (Free)OALabs2022-11-11 | * Chapters *
0:00 Intro 1:40 Hypervisor Overview 3:37 ARM VM Overview 6:17 Installing VMWare Fusion 22H2 6:35 Free Copy of Windows 11 ARM (beta) 7:25 Converting VHDX to VMDK 8:23 Create Windows VM 11:15 Disable Windows Defender 13:31 FLARE-VM for Windows 11 ARM
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Your VPN Sucks for Malware Analysis [ Twitch Rant ]OALabs2022-09-23 | Why are you using a VPN? What is the right VPN to use when you want to call out to a C2 while analyzing malware? Why are you running?! These questions and more will be answered!
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Career / Interview Advice for Reverse Engineers [ Twitch Clip ]OALabs2022-09-03 | We get a lot of questions from reverse engineers about career advice, interview tactics, and how to pick the right job... I figure I may as well just clip some responses and put them out there... just my thoughts, we all have different perspectives...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Vulnerable Antivirus Driver Used by Ransomware - We Reverse Engineer How!!?OALabs2022-08-05 | How was a vulnerable AV driver used to deploy ransomware? Join us as we reverse engineer this unique deployment tool!
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Malware Triage Tips: How To Stop Wasting Time in IDA On Packed Samples [ Twitch Clip ]OALabs2022-05-25 | Stop wasting time trying to reverse engineer packed samples in IDA Pro, quickly understand what you are are looking at and use the correct tools...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Emotet 64-bit Emulation and String Decryption with Dumpulator [Twitch Clip ]OALabs2022-05-09 | Using emulation to reverse engineer the new Emotet 64-bit version. Expand to see more...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----x64dbg System Breakpoint ExplainedOALabs2022-04-23 | What is the System Breakpoint in x64dbg. Why does your debugger always stop at a random place when you start debugging? Expand for more...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----How Does a Debugger Work - Debug Events ExplainedOALabs2022-04-22 | How does a windows debugger work under the hood? What are debug events and how are they used to control a target? Expand for more...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----The Thread Context - Debugging ExplainedOALabs2022-04-16 | What is the thread context and how does it help with debugging? Learn more about how threads work, and GetThreadContext, SetThreadContext, expand for more...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----What is a Breakpoint - Debugging ExplainedOALabs2022-04-09 | What is a breakpoint and how does it work under the hood of a debugger? Learn more about how both hardware and software breakpoints work, expand for more...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Control Flow Flattening Obfuscation Explained Practically [ Twitch Clip ]OALabs2022-03-26 | Twitch Clip - A practical explanation of control flow flattening obfuscation linking the concept to actual code in IDA Pro. See more on patreon.com/oalabs
Sample: 5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7bBotleggers Exposed - Analysis of The Conti Leaks MalwareOALabs2022-03-02 | Join us for analysis of the leaked Conti malware, what is BazarLoader, how is Conti operated, and what does all this mean for your security team. These are our first thoughts as the situation unfolds...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Assembly Calling Conventions For Reverse Engineers [Patreon Unlocked]OALabs2022-02-17 | A practical look at x86 calling conventions from a reverse engineering perspective. We take a look at __cdecl __stdcall __fastcall __thiscall
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Quick Tips For Learning Assembly and Reverse Engineering at The Same TimeOALabs2022-02-10 | Just a few quick tips that might help if you are trying to learn how to reverse engineer at the same time you are learning assembly...
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----How To Unpack VMProtect 3 (x64) Night Sky Ransomware With VMPDump [Patreon Unlocked]OALabs2022-02-01 | In this tutorial we unpack Night Sky Ransomware (x64) which is protected with VMProtect 3. We use VMPDump to dump and fix the imports and then re-create the virtualized entry point manually. No other functions are virtualized!
#Unpacking #VMProtect #MalwareWhy Is The PE Entry Point Not The Same As Main SEH and The _security_init_cookie [Patreon Unlocked]OALabs2022-01-18 | In this tutorial we examine why the entry point for MSVC console applications is not the same as main. We also dive into understanding the __security_init_cookie and __scrt_common_main_seh functions. Expand for more...
In this tutorial is part of our RE101 series on Patreon where we discuss basic reverse engineering concepts. The full tutorial article including links for further reading and self-study examples is here: patreon.com/posts/why-is-pe-entry-61343353 ----- OALABS DISCORD discord.gg/6h5Bh5AMDU
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Bypassing BlackMatter Anti-Debug With x64dbg [Patreon Unlocked]OALabs2022-01-06 | In this tutorial we demonstrate how to bypass the anti-debug checks in BlackMatter ransomware with x64dbg. Expand for more... ----- OALABS DISCORD discord.gg/6h5Bh5AMDU
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Setup IDA Pro Type Libraries For Windows Malware Analysis [ Patreon Unlocked ]OALabs2022-01-06 | How to setup IDA Pro type libraries for analysis of windows malware. Subscribe for more tips: patreon.com/oalabs ----- OALABS DISCORD discord.gg/6h5Bh5AMDU
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----How To Identify Dynamic Imports In Malware [ Patreon Unlocked ]OALabs2022-01-06 | How to identify dynamically resolved APIs in malware using IDA Pro and static analysis. Subscribe for more tips: patreon.com/oalabs
UNPACME - AUTOMATED MALWARE UNPACKING unpac.me/# -----Dumpulator - Using Binary Emulation To Automate Reverse EngineeringOALabs2021-12-16 | Join us with special guest mrexodia for a demonstration of dumpulator a python emulator that can emulate minidumps! Expand for more...
Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis youtube.com/watch?v=0SvX6F80qg8IDA Pro Plugins For Malware Reverse EngineeringOALabs2021-12-07 | Here are our 5 most used IDA plugins for reverse engineering malware. Expand for more...
BinDiff youtube.com/watch?v=BLBjcZe-C3IIntroduction To Binlex A Binary Trait Lexer Library and Utility - Machine Learning First Steps...OALabs2021-11-23 | Join us with special guest @c3rb3ru5d3d53c for a deep dive into Binlex, an open source tool that can extract binary traits useful for quickly building Yara rules and the first steps to building a machine learning model. Expand for more...
Music / Instrumental by Aries Beats: youtube.com/watch?v=lAVYmC8qFbE youtube.com/watch?v=3lF8Op_3YtURedTeam Tricks Exposed - Reversing Engineering Syscalls To Evade DetectionOALabs2021-11-13 | Join us with special guest RedTeam-Rob (m0rv4i ) for a deep dive into syscalls and how they are used to evade detection. Expand for more...
Music / Instrumental by Aries Beats: youtube.com/watch?v=lAVYmC8qFbE youtube.com/watch?v=3lF8Op_3YtUIdentify Unknown Malware Using Four Free Threat Intelligence ServicesOALabs2021-11-10 | If you are reverse engineering a new malware sample and can't identify it here are our four favourite free threat intel resources that might help! Expand for more...
Music / Instrumental by Aries Beats: youtube.com/watch?v=lAVYmC8qFbE youtube.com/watch?v=3lF8Op_3YtUHashDB - Malware API Hashing Obfuscation Solved Forever (Not Clickbait)OALabs2021-10-13 | Join us for the release of HashDB a free community-source solution to malware API hashing! Expand for more...
Music / Instrumental by Aries Beats: youtube.com/watch?v=lAVYmC8qFbE youtube.com/watch?v=3lF8Op_3YtULive Coding A Squirrelwaffle Malware Config ExtractorOALabs2021-09-28 | Join us as we reverse engineer Squirrelwaffle and write a config extractor for it in python. Expand for more ...
Music / Instrumental by Aries Beats: youtube.com/watch?v=lAVYmC8qFbE youtube.com/watch?v=3lF8Op_3YtURE Tools Spotlight: Binary Refinery - High Octane Malware Triage AnalysisOALabs2021-08-25 | Join us for a test drive of a new malware triage tool suite called Binary Refinery! Expand for more...
----- Chapters: 0:56 What is Binary Refinery 3:24 Installation 6:23 Getting Started With The Documentation 9:36 Tutorial Extracting PowerShell Dropper Payload 24:09 Tutorial Extracting Netwalker Config 32:50 Contributing a New Refinery Unit To The Code Base 36:33 Ghidra Training
As always check out our tools, tutorials, and more content over at openanalysis.net
#MalwareTriage #Tools #BinaryRefineryLeaked Conti Ransomware Playbook - Red Team ReactsOALabs2021-08-10 | Red Team reacts to leaked Conti hacking handbook. These techniques actually work?! How can we defend against them? Expand for more...
As always check out our tools, tutorials, and more content over at openanalysis.netPython3 Tips For Reverse EngineersOALabs2021-07-30 | Five tips to level up your reverse engineering with Python 3. Expand for more...
----- Chapters: 0:44 Tip 1. Use Jupyter Notebooks and Github 5:16 Tip 2. Remember Byte Strings Are Not Strings 8:46 Tip 3. Hex Encode Binary Data For Easy Copying Between Tools 12:02 Tip 4. Use Struct To Extract Types From Binary Data 16:28 Tip 5. Use Custom Struct Classes To Parse Binary Streams
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #Python #HowToWarzone RAT Config Extraction With Python and IDA ProOALabs2021-07-21 | Join us as we build a configuration extractor for Warzone Rat! Expand for more details....
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #Malware #WarZoneRatReverse Engineering Warzone RAT - Part 1OALabs2021-05-19 | Join us as we reverse engineer Warzone Rat! Expand for more details....
----- Chapters: 0:00 Introduction 4:25 Setting Up IDA 6:15 How to Force hex-rays to Decompile All Functions 7:42 Methodology for Identifying an Embedded Configuration File 9:16 C++ Reversing Basics 18:53 Adding a Struct in IDA 22:10 Fixing Incorrect Struct Size 26:39 Quickly Reversing Functionality 28:42 Reverse Engineering With Structs 32:04 Malware Trick Used to Locate Address in Memory 36:43 Walking a PE File Using Pointers 41:21 Creating and Importing IDC Files
----- Join us for a look under the hood at how IDA Pro optimizes their microcode (IL) to provide a clean decompiled view. We also reverse engineer a bug in calling convention identification for x86 can lead to cascading issues in the intermediate representation as it is optimized.
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #IDAPro #IntermediateRepresentationMalware Triage Analyzing PrnLoader Used To Drop EmotetOALabs2020-12-10 | Join us for a deep dive into this interesting malware that was used to drop Emotet. We will reverse engineer the loader and provide a tips and tricks for IDA Pro along the way!
Any-Run Sandbox Run of Malicious Document https://any.run/report/dc40e48d2eb0e57cd16b1792bdccc185440f632783c7bcc87c955e1d4e88fc95/580aa295-111c-4123-957a-ed6c325b0b7f
Loader Sample Free Download from Malshare fb07f875dc45e6045735513e75a83c50c78154851bd23a645d43ea853e6800ac
As always check out our tools, tutorials, and more content over at openanalysis.net
#MalwareAnalysis #IDAPro #PrnLoaderReverse Engineering COVID Tracker App for Android - Privacy AuditOALabs2020-08-24 | Join us as we reverse engineer an Android COVID tracker app to prove it is safe to use, and respects your privacy. Expand for more...
----- In my opinion this app is safe to use, but don't take my word for it, use the tools and techniques we demonstrate to test the application for yourself.
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #Android #PrivacyAuditHow To Sinkhole A BotnetOALabs2020-07-13 | This is the final part or our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we perform a final high level analysis of the malware then then use our analysis to build a sinkhole for the botnet!
As always check out our tools, tutorials, and more content over at openanalysis.net
#Botnet #MalwareAnalysis #SinkholeIRC Botnet Reverse Engineering Part 2 - Analyzing Memory Structures with x64dbg and IDA PROOALabs2020-06-14 | The second part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use x64dbg and IDA Pro to analyzed injected memory structures and further prepare the binary for analysis. Expand for more ....
As always check out our tools, tutorials, and more content over at openanalysis.net
#MemoryInjection #Botnet #MalwareAnalysisBinDiff and IDA Pro - Reverse Engineering Speed HacksOALabs2020-03-05 | Join us for some quick tips on how to use BinDiff and IDA Pro to speed up your malware triage! BinDiff is much more than just a binary diffing tool, expand for more... -----
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #IDAPro #BinDiffIDA Pro Automated String Decryption For REvil RansomwareOALabs2020-01-27 | Use IDA Pro and python to automatically decrypt the RC4 strings in REvil (Sodinokibi) ransomware. Expand description for details...
As always check out our tools, tutorials, and more content over at openanalysis.net
#MalwareAnalysis #Unpacking #AutomationIDA Pro Scripting Intro - Automate Dynamic Import Resolving for REvil RansomwareOALabs2019-12-01 | Join us for an introduction to IDA Python scripting. In this tutorial we automate resolving the dynamic imports for REvil ransomware. Expand for more...
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #IDAPro #IDAPythonIDA Pro Tutorial - Reverse Engineering Dynamic Malware ImportsOALabs2019-10-20 | A step-by-step IDA Pro tutorial on reverse engineering dynamic imports in malware. Expand for more...
As always check out our tools, tutorials, and more content over at openanalysis.net
#ReverseEngineering #IDAPro #MalwareAnalysisRemcos RAT Unpacked From VB6 With x64dbg DebuggerOALabs2019-08-23 | We rip apart a VB6 packer with a single breakpoint and x64dbg! Exposing Remcos RAT! Expand for more...