Blog
Articles
Tutorials and notes with Markdown, syntax-highlighted code blocks, and LaTeX math when we need it.
Initial Static Analysis of a Suspicious svchost.exe Using Ghidra
When dealing with suspicious executables masquerading as system files, a careful static analysis phase is essential before jumping into behavioral tests. We recently looked at a rogue svchost.exe sample to demonstrate how to safely extract, import, and configure it for initial triage in Ghidra. Here’s a breakdown of the import process and the key analyzer options you need to set up for a smoother reverse engineering workflow.
Intercepting Malware Network Traffic: A Lab Walkthrough using Fiddler, iptables, and Remnux
Setting up a secure environment to observe malware network behavior is a critical skill for any reverse engineer. In this walkthrough, we examine a sample known as "GetDown," demonstrating how to use Fiddler alongside a Remnux VM to intercept, redirect, and analyze malicious HTTP requests. This hands-on approach reveals exactly what the malware is trying to download and communicate with, without exposing your host network.
Intercepting Encrypted C2 Traffic with INetSim and REMnux
Ever wonder what malware does behind the scenes when it thinks no one is watching? In this hands-on lab teardown, we analyze a self-deleting malicious payload, bypass its encrypted network traffic hurdles, and trick it into revealing its secondary download stages using REMnux and INetSim.
Reverse Engineering Malware: Catching 'brbbot' in the Act with x64dbg & CyberChef
Watch over a researcher's shoulder as we dissect the brbbot malware. Learn how to use x64dbg, Process Hacker, and CyberChef to intercept file reads, track API handles, and decode XOR-obfuscated payloads to reveal the malware's evasion tactics.
Unmasking Malware Safely: Emulation and Capability Analysis with Speakeasy & Capa
Ever wondered what a malicious payload actually does behind the scenes? In this walkthrough, we dissect a Windows executable named brbbot.exe using a safe Linux environment. By leveraging FireEye’s Speakeasy emulator and Capa, we extract hidden API calls, uncover command-and-control capabilities, and map out the malware's attack strategy—all without putting our own systems at risk.
Deconstructing the Blueprint: A Step-by-Step Guide to Dynamic Malware Analysis
Step inside the isolated sandbox. Learn how to securely configure host-only virtual environments, trick malicious code using FakeDNS, and capture runtime footprints with Process Monitor and Wireshark.
Unmasking the Malware: A Step-by-Step Guide to Reverse Engineering Malicious
Malicious Windows shortcuts are a favorite tool for attackers looking to sneak onto your system undetected. Dive deep as we dissect a live sample using Wireshark, Process Hacker, and PE Studio to reveal exactly what's hidden inside.
Building an Isolated Malware Analysis Lab: Step-by-Step Network Configuration in VMware
Want to dive into malware analysis without risking your primary machine? Discover how to properly configure an isolated, host-only network between Windows and Linux VMs to securely analyze threats and capture live traffic using Wireshark.
Beyond the Source Code: What Happens When Your C++ Hits a Reverse Engineering Tool?
Ever wonder what your simple "Hello World" looks like under a microscope? Join us as we compile a basic C++ script, pivot from compiler flags to x64dbg, and hunt for our real main function amidst system DLLs.
C++ for the Bold: Building Your First Favorite-Number App with CodeLite
Move beyond basic scripting. Learn how to set up CodeLite and write your first high-performance C++ application with this step-by-step guide to logic and syntax.
Reverse Engineering: Debugging a C++ Executable with x64dbg
Explore the step-by-step process of reverse engineering a simple C++ program. Learn how to identify the main entry point, set breakpoints, and analyze registers and memory using x64dbg.
How to Install and Configure G++ with CodeLite IDE on Windows
Learn how to set up a complete C++ development environment on Windows. This guide covers installing the G++ compiler via WinLibs, configuring environment variables, and setting up the CodeLite IDE for your first project.
The Invisible Backbone: Why C++ is Still the Standard
In an era of trendy new languages, C++ remains the foundational pillar of modern computing. Discover why mastering this complex language provides an architectural advantage that transcends industry trends.
The Ultimate Reverse Engineering & Malware Analysis Resource Stack
A curated guide to the best reverse engineering and malware analysis resources, including learning paths, tools, malware sample repositories, sandboxes, threat intelligence platforms, and hands-on practice labs for beginners and advanced analysts.