Analyzing Dark Crystal RAT, a C# Backdoor

The FireEye Mandiant Threat Intelligence Team helps protect our customers by tracking cyber attackers and the malware they use. The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C variant of Dark Crystal RAT DCRat that the...

Speaking at security events

I don't claim to be an amazing speaker; I'm still in awe of great infosec speakers such as Mikko Hypponen, Charlie Miller, Mudge and many others. However, I do keep being invited back to speak at events, so I guess I'm doing something right. Sometimes it's a minor slot at a big event, but the...

Part two: Reverse engineering and patching with Ghidra

In the first installment of our three-part blog series we learned how to root the Flashforge Finder 3D printer and acquire its firmware. In this post, we will delve into reverse engineering and patching the software using the new open source NSA tool Ghidra, which rivals its expensive competitors...

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

Turning an OBD-II reader into a USB / NFC attack tool

One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, track...

ABD - Course Materials For Advanced Binary Deobfuscation

Advanced Binary Deobfuscation This repository contains the course materials of Advanced Binary Deobfuscation at the Global Cybersecurity Camp GCC Tokyo in 2020. Course Abstract Reverse engineering is not easy, especially if a binary code is obfuscated. Once obfuscation performed, the binary would...

[SECURITY] Fedora 31 Update: cutter-re-1.10.1-3.fc31

Cutter is a Qt and C++ GUI for radare2. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...

[SECURITY] Fedora 31 Update: radare2-4.2.1-2.fc31

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 30 Update: radare2-4.2.1-2.fc30

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 30 Update: cutter-re-1.10.1-3.fc30

Cutter is a Qt and C++ GUI for radare2. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...

Fedora: Security Advisory for cutter-re (FEDORA-2020-acd8cdb08d)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

format test

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

picoCTF-2019-writeups

The repository is a collection of write-ups for the picoCTF 2019 challenge. The write-ups cover various challenges, including general skills, web exploitation, and reverse engineering. The challenges involve solving problems such as decoding messages, exploiting vulnerabilities, and reversing...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

Reverse Engineering Tesla Hardware

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

CVE-2017-18642

Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy BLE, leading to sniffing, reverse engineering, and replay attacks...

CVE-2017-18642

Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy BLE, leading to sniffing, reverse engineering, and replay attacks...