RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

The first Magic Quadrant™ for Software Supply Chain Security comes as, we feel, the demand for greater supply chain visibility explodes.

Read More about Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming
Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
Threat ResearchJuly 2, 2011

Reversing software compressions: Tale of dragons and men who slay them

Reverse engineering compressed binaries has been a necessity for more than a two decades now, and we as reverse engineers are always on a lookout for newest and fastest ways of accomplishing our goal.

FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
Reversing software compressions: Tale of dragons and men who slay them

In that spirit numerous presentations, during the last few years, have been held involving the great abundance of ways one can make a single generic solution that unpacks it all. This presentation is its exact opposite as it will focus on reverse engineering specifics for numerous commonly used software compressions.

When building a system for automated file analysis our goal is to make an optimal system that accurately identifies files and unpacks them in the blink of an eye. Such system must be able to be deployed in any environment without the risk of anything going even remotely wrong. That kind of requirements eliminate most generic unpacking solutions making us focus on what is without a doubt hardest unpacking scenario; static unpacking. Writing static unpackers is a hard task which is why it is more than often avoided by reverse engineers. However it is necessary as their performance far overtakes the difficulty of implementation.

We will focus on reverse engineering of all known and possible implementations of various transformations performed by the compression solution in an aim to show that the best way to observe the software compression is as subset of its parts. Detailed descriptions of reverse engineering procedures needed to analyze internal data structures along with ways to restore them to original PECOFF format will be provided. These techniques will be applied to both custom and traditional compression & encryption algorithms with examples that shows how to reverse engineer vital functions from assembly back to source code. In addition to this first step in reversing we will tackle the problems of data layout and import, resource, relocation and TLS table transformation and analysis. Differences between x86, x64 and .net packers and the ways to unpack them will also be covered. Solution to all of these problems will be presented from a standpoint of writing a high load static unpacker that operates in a multi-threaded environment. As an implementation platform upcoming TitanEngine3 unique design will be presented along with approach it uses to solve the problems that come with writing static unpackers.

More information here.

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:Threat Research

More Blog Posts

Device code phishing

Device code phishing bypasses password stealing

The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.

Learn More about Device code phishing bypasses password stealing
Device code phishing bypasses password stealing
Cloud security ITScape

How to defend ARM64 cloud infrastructure from ITScape

RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.

Learn More about How to defend ARM64 cloud infrastructure from ITScape
How to defend ARM64 cloud infrastructure from ITScape
Social Engineering Attacks Target One Tutorial at a Time

Phishing attacks leverage TikTok, Instagram Reels

RL has discovered two social engineering attack techniques targeting users via short-form videos. Here’s how they work.

Learn More about Phishing attacks leverage TikTok, Instagram Reels
Phishing attacks leverage TikTok, Instagram Reels
Thousands of developer projects compromised in npm hack

How 56 npm packages used binding.gyp to steal secrets

The attack is notable for its breadth, flooding npm with malicious package versions.

Learn More about How 56 npm packages used binding.gyp to steal secrets
How 56 npm packages used binding.gyp to steal secrets

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top