Newsroom

BlackHat USA Recap
Blog | August 12, 2010

BlackHat USA Recap

BlackHat, one of the world's biggest security conferences, was held in Las Vegas two weeks ago. Among the BlackHat conferences this year, Las Vegas was by far the biggest event - bringing thousands of security researchers to the heart of the Sin City. Bigger then ever before, BlackHat featured eleven tracks with an impressive number of high quality talks and trainings. We were there, and we were more than proud to present our newest file analysis tool, TitanMist, to the World.

Read More
Introducing TitanMist
Blog | July 30, 2010

Introducing TitanMist

Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense. The project also goes beyond pure tool development. It builds a forum to share information and reverse engineering experience built around the biggest online and collaborative knowledge base about software packers.

Read More
ReversingLabs Summer Challenge
Blog | July 14, 2010

ReversingLabs Summer Challenge

Looks cool? Want one? All you have to do is solve this challenge and tell us what is the password we seek. Sounds easy? Its not... Mail us with your solution at: blog(at)reversinglabs(dot)com; Challenge is now closed! Thanks to everyone who participated. Click read more for the solution...

Read More
REcon recap
Blog | July 14, 2010

REcon recap

We had a great time during this year's REcon Conference last week. Now it is the time to sort out our impressions. First of all, thanks to all that attended our TitanEngine training and during the course of 3 days learned how to make unpackers with our engine. We covered coding of both static and dynamic unpackers and showed how to deal with the complex protection options that reverse engineers come across on a daily basis.

Read More
Everything in one go
Blog | July 4, 2010

Everything in one go

When talking about new concepts, its always best to demonstrate them on something everyone is familiar with. In our case that's of-course UPX with which we are fairly familiar. It almost feels like we write one UPX unpacker each week, doesn't it?

Read More
TitanEngine and LUA SDK
Blog | July 4, 2010

TitanEngine and LUA SDK

As we said in the blog dedicated to our latest TitanEngine release we are continuously working on expanding our SDK to support as much programming languages as possible. That is why the next major version update for TitanEngine will feature a support for LUA scripting language. This is it from ReversingLabs for this year. Enjoy the holidays!

Read More
Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format
Blog | July 2, 2010

Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format

One constant challenge of modern security will always be the difference between published and implemented specifications. Evolving projects, by their very nature, open up a host of exploit areas and implementation ambiguities that cannot be fixed. As such, complex documentation such as that for PECOFF or PDF are goldmines of possibilities.In this talk we will disclose our recent findings about never before seen PE or Portable executable format malformations.

Read More
Your First Step to Reversing Nirvana
Blog | June 24, 2010

Your First Step to Reversing Nirvana

Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch-all tool that will become your first line of defense. The project goes beyond pure tool development. It builds a forum to share information and reverse-engineering experience built around the biggest online and collaborative knowledge base regarding software packers.

Read More
Reverse engineering self defense
Blog | June 23, 2010

Reverse engineering self defense

If you remember not so long ago we wrote about minor inconveniences we encountered while working with OllyDBG. Today we return to that subject with challenges we face when reversing modern software protectors. One such protection is SafeEngine or NoobyProtect, which uses a simple portable executable malformation in order to crash OllyDBG.

Read More
Unpacking by hooking?
Blog | June 13, 2010

Unpacking by hooking?

Lets try something totally crazy. Lets try dynamic unpacking without total unpacking control, without breakpoints, without any kind of debugging whatsoever. Lets merge our unpacking process with the packer itself, binding them into one unique work-flow that collects information while the packer is executing. It's similar to what we do with debugging - just without the debugger. How do we do this? Can we for that matter?

Read More
CARO Workshop Recap
Blog | June 3, 2010

CARO Workshop Recap

We had a great time during this year's CARO Workshop Conference held in Helsinki last week. Now it is the time to sort out our impressions. First of all, thanks to all that have made it to our talk and asked us many intriguing questions. Slides for our talk are available here. The picture you see above is from the brilliant keynote held by Dr. Alan Solomon. We absolutely enjoyed the keynote and Dr. Solomon's remark regarding the perfect antivirus represented by his three batch files.

Read More
CARO Workshop Conference 2010
Presentation | June 2, 2010

CARO Workshop Conference 2010

Our talk was focused on improving the file analysis metrics and on unpacking technology performance testing, comparing different solutions. During the talk we have presented a new idea for unpacking optimization.

Read More
Sophos decodeme at AusCERT
Blog | May 23, 2010

Sophos decodeme at AusCERT

Being the huge file analysis geeks (you must be shocked by this, we know) that we are, we couldn't help solving the more than interesting #decodeme challenge from Sophos at this years AusCert. The challenge itself was printed on a T-Shirt and the puzzle looked exactly like this:

Read More
Working around checksums
Blog | May 18, 2010

Working around checksums

We are going to start today's blog with a short apology about the TitanEngine 2.0.3 availability during last week. Issue was that during certain amount of time during last week the old TitanEngine 2.0.2 was distributed instead of the fresh new version. This happened mainly because we were moving our hosting to a new server and mixed-up the TitanEngine packages. We apologize for any inconvenience this might have caused and urge the users to update to current engine version. With that out of the way we can focus on the task at hand.

Read More
Back to the basics
Blog | May 11, 2010

Back to the basics

Its been a really long time since we made an unpacker for... well anything. Sure we did a format converter and some archive format unpacker but our last PE unpacker was (checks the blog) in February. So, lets get back to the basics and create a dynamic unpacker for PackMan. We already have an unpacker for PackMan? Its in the TitanEngine package already, you say? Well we do, but what's stopping us from having a little fun with unpacker optimizations?

Read More
TitanEngine 2.0.3
Blog | May 3, 2010

TitanEngine 2.0.3

After few months of intense work and code polishing we are proud to present the next major update for the TitanEngine project. Latest update we labeled as TitanEngine 2.0.3. Even though the version incrementation is small the number of changes and the pure size of the code is vast. That is why we dedicate today's blog for listing all additions and changes done to the engine. So, what is new?

Read More

Pages