Newsroom

Combat reverse engineering
Blog | September 6, 2010

Combat reverse engineering

Reverse engineering is the only weapon of choice when it comes to malware unpacking and analysis. It gives us an inside look into the malware creations and enables us to understand their ins and outs. One such malicious sample was sent to us today for analysis. The file in question is an update for a rogue anti-virus solution and it uses an interesting encryption and packing options to hide its presence from legitimate security software solutions. For our today's blog we demonstrate the actions needed to remove the protections utilized by malicious software in order to get to the core malware functionality. Until next week...

Read More
Mist in the morning
News | August 17, 2010

Mist in the morning

TitanMist, the newest project from ReversingLabs, was presented at this year's BlackHat USA. Being our youngest product, it got the most attention. As a sign of our high hopes for this project, we've dedicated ourselves to creating a detailed roadmap for it, a roadmap based on your desires, your expectations, and best of all: your contributions. Below are the milestones for the project's future:

Read More
BlackHat USA Recap
Blog | August 12, 2010

BlackHat USA Recap

BlackHat, one of the world's biggest security conferences, was held in Las Vegas two weeks ago. Among the BlackHat conferences this year, Las Vegas was by far the biggest event - bringing thousands of security researchers to the heart of the Sin City. Bigger then ever before, BlackHat featured eleven tracks with an impressive number of high quality talks and trainings. We were there, and we were more than proud to present our newest file analysis tool, TitanMist, to the World.

Read More
Introducing TitanMist
Blog | July 30, 2010

Introducing TitanMist

Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch all tool that will become your first line of defense. The project also goes beyond pure tool development. It builds a forum to share information and reverse engineering experience built around the biggest online and collaborative knowledge base about software packers.

Read More
ReversingLabs Summer Challenge
Blog | July 14, 2010

ReversingLabs Summer Challenge

Looks cool? Want one? All you have to do is solve this challenge and tell us what is the password we seek. Sounds easy? Its not... Mail us with your solution at: blog(at)reversinglabs(dot)com; Challenge is now closed! Thanks to everyone who participated. Click read more for the solution...

Read More
REcon recap
Blog | July 14, 2010

REcon recap

We had a great time during this year's REcon Conference last week. Now it is the time to sort out our impressions. First of all, thanks to all that attended our TitanEngine training and during the course of 3 days learned how to make unpackers with our engine. We covered coding of both static and dynamic unpackers and showed how to deal with the complex protection options that reverse engineers come across on a daily basis.

Read More
TitanEngine and LUA SDK
Blog | July 4, 2010

TitanEngine and LUA SDK

As we said in the blog dedicated to our latest TitanEngine release we are continuously working on expanding our SDK to support as much programming languages as possible. That is why the next major version update for TitanEngine will feature a support for LUA scripting language. This is it from ReversingLabs for this year. Enjoy the holidays!

Read More
Everything in one go
Blog | July 4, 2010

Everything in one go

When talking about new concepts, its always best to demonstrate them on something everyone is familiar with. In our case that's of-course UPX with which we are fairly familiar. It almost feels like we write one UPX unpacker each week, doesn't it?

Read More
Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format
Blog | July 2, 2010

Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format

One constant challenge of modern security will always be the difference between published and implemented specifications. Evolving projects, by their very nature, open up a host of exploit areas and implementation ambiguities that cannot be fixed. As such, complex documentation such as that for PECOFF or PDF are goldmines of possibilities.In this talk we will disclose our recent findings about never before seen PE or Portable executable format malformations.

Read More
Your First Step to Reversing Nirvana
Blog | June 24, 2010

Your First Step to Reversing Nirvana

Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch-all tool that will become your first line of defense. The project goes beyond pure tool development. It builds a forum to share information and reverse-engineering experience built around the biggest online and collaborative knowledge base regarding software packers.

Read More
Reverse engineering self defense
Blog | June 23, 2010

Reverse engineering self defense

If you remember not so long ago we wrote about minor inconveniences we encountered while working with OllyDBG. Today we return to that subject with challenges we face when reversing modern software protectors. One such protection is SafeEngine or NoobyProtect, which uses a simple portable executable malformation in order to crash OllyDBG.

Read More
Unpacking by hooking?
Blog | June 13, 2010

Unpacking by hooking?

Lets try something totally crazy. Lets try dynamic unpacking without total unpacking control, without breakpoints, without any kind of debugging whatsoever. Lets merge our unpacking process with the packer itself, binding them into one unique work-flow that collects information while the packer is executing. It's similar to what we do with debugging - just without the debugger. How do we do this? Can we for that matter?

Read More
CARO Workshop Recap
Blog | June 3, 2010

CARO Workshop Recap

We had a great time during this year's CARO Workshop Conference held in Helsinki last week. Now it is the time to sort out our impressions. First of all, thanks to all that have made it to our talk and asked us many intriguing questions. Slides for our talk are available here. The picture you see above is from the brilliant keynote held by Dr. Alan Solomon. We absolutely enjoyed the keynote and Dr. Solomon's remark regarding the perfect antivirus represented by his three batch files.

Read More
CARO Workshop Conference 2010
Presentation | June 2, 2010

CARO Workshop Conference 2010

Our talk was focused on improving the file analysis metrics and on unpacking technology performance testing, comparing different solutions. During the talk we have presented a new idea for unpacking optimization.

Read More
Sophos decodeme at AusCERT
Blog | May 23, 2010

Sophos decodeme at AusCERT

Being the huge file analysis geeks (you must be shocked by this, we know) that we are, we couldn't help solving the more than interesting #decodeme challenge from Sophos at this years AusCert. The challenge itself was printed on a T-Shirt and the puzzle looked exactly like this:

Read More

Pages