Newsroom

Working around checksums
Blog | May 18, 2010

Working around checksums

We are going to start today's blog with a short apology about the TitanEngine 2.0.3 availability during last week. Issue was that during certain amount of time during last week the old TitanEngine 2.0.2 was distributed instead of the fresh new version. This happened mainly because we were moving our hosting to a new server and mixed-up the TitanEngine packages. We apologize for any inconvenience this might have caused and urge the users to update to current engine version. With that out of the way we can focus on the task at hand.

Read More
Back to the basics
Blog | May 11, 2010

Back to the basics

Its been a really long time since we made an unpacker for... well anything. Sure we did a format converter and some archive format unpacker but our last PE unpacker was (checks the blog) in February. So, lets get back to the basics and create a dynamic unpacker for PackMan. We already have an unpacker for PackMan? Its in the TitanEngine package already, you say? Well we do, but what's stopping us from having a little fun with unpacker optimizations?

Read More
TitanEngine 2.0.3
Blog | May 3, 2010

TitanEngine 2.0.3

After few months of intense work and code polishing we are proud to present the next major update for the TitanEngine project. Latest update we labeled as TitanEngine 2.0.3. Even though the version incrementation is small the number of changes and the pure size of the code is vast. That is why we dedicate today's blog for listing all additions and changes done to the engine. So, what is new?

Read More
ReversingLabs at CARO Workshop
Blog | April 29, 2010

ReversingLabs at CARO Workshop

FILE ANALYSIS AND UNPACKING IN THE AGE OF 40M NEW SAMPLES PER YEAR With daily unique malware counts exceeding 100,000 pressure is exerted at sample analysis and automated unpacking systems. Known 400+ packer families and custom packers can be mixed together in layers and in parallel. Today's system has to be able to handle all known format schemas statically and dynamically while anticipating increases in complexity.

Read More
File analysis and unpacking in the age of 40M new samples per year
Blog | April 28, 2010

File analysis and unpacking in the age of 40M new samples per year

With daily unique malware counts exceeding 100,000 pressure is exerted at sample analysis and automated unpacking systems. Known 400+ packer families and custom packers can be mixed together in layers and in parallel. Today's system has to be able to handle all known format schemas statically and dynamically while anticipating increases in complexity.

Read More
BlackHat Europe presentation videos online
Blog | April 28, 2010

BlackHat Europe presentation videos online

As you remember few weeks ago ReversingLabs presented its NyxEngine to the World on BlackHat Europe security conference. Today the conference has published the presentation videos which can be found here, and here is a direct link to our talk video recording. Enjoy...

Read More
Its just bits and bytes…
Blog | April 26, 2010

Its just bits and bytes…

Two weeks ago we introduced our NyxEngine to the World and we got nothing but positive comments and responses about it. That is why for today's blog we have decided make it do something its not primarily designed to do. With that in mind we decided to create a simple program based on the NyxEngine which does archive conversion from one file type to another.

Read More
BlackHat Europe Recap
Blog | April 19, 2010

BlackHat Europe Recap

We had a great time during this year's BlackHat Europe Conference last week. Now it is the time to sort out our impressions. First of all, thanks to all that have made it to our talk and have been asking us in hallways about the new engine that we were working on. In a packed full room we have discussed archive steganography and the impacts such and other malformed files have on security products.

Read More
Introducing NyxEngine
Blog | April 12, 2010

Introducing NyxEngine

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. When it comes to digital steganography no stone should be left unturned in the search for viable hidden data. Although digital steganography is commonly used to hide data inside multimedia files, a similar approach can be used to hide data in archives as well.

Read More
Unpacking archives with TitanEngine
Blog | April 5, 2010

Unpacking archives with TitanEngine

TitanEngine is primarily envisioned as a portable executable file format unpacker and handling framework. However due to its static unpacking functions it can be used to unpack other file format types such as installers and archives. That is why today we are showing the utilization of the new static unpacking functions that will be available with the next update. We are discussing the upcoming features which is something we generally like to avoid but it is for a good reason.

Read More
Hiding in the Familar
White Paper | April 3, 2010

Hiding in the Familar

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Nyx also searches for viable hidden data that was intentionally cloaked from sight using steganographic principles.

Read More
TitanEngine training course at BlackHat
Blog | March 29, 2010

TitanEngine training course at BlackHat

In addition to TitanEngine course in Montreal on Recon there is another course that will be teaching you how to use the TitanEngine. So, if you are in Vegas for BlackHat you might want to check out Advanced Malware Deobfuscation training by Jason Geffner & Scott Lambert. Here is the course description:

Read More
Automatic broken file fixing with Nexus
Blog | March 29, 2010

Automatic broken file fixing with Nexus

In the last couple of years we have seen a drastic increase in numbers of malicious sample we see a day. These numbers are quickly closing to 40M samples a year mark that we expect to see hit this year. That is why the sheer volume of data we are bombarded with each day raises an important question, where is the relevant data in this sea of information? And even is all data we have relevant?

Read More
TitanEngine training course at ReCon
Blog | March 4, 2010

TitanEngine training course at ReCon

CODING UNPACKERS FOR FUN AND PROFIT: TITANENGINE TRAINING BY TOMISLAV PERICIN AND NICOLAS BRULEZ Learn how to analyze, unpack and code unpackers for software packers and protectors. Attendees will receive hands-on experience working with the ReversingLabs TitanEngine framework, designed for unpacker creation. Instructors: Tomislav Pericin and Nicolas Brulez Dates: 6-8 July 2010 Availability: 10 Seats

Read More
Ask a developer Monday
Blog | March 1, 2010

Ask a developer Monday

This is the second "Ask a developer Monday," in which we answer the most common question we've received recently. The current No. 1 question is: "Why is the entry point after unpacking located in the section named UPX0?"

Read More
Unpacking layered protections
Blog | February 23, 2010

Unpacking layered protections

Today we finish our AlexProtector unpacker. We started creating it last week with file format analysis. We initially intended to create a dynamic unpacker for this protection, but since it is just as "easy" to create a static one, we went for that option. We are a day late with our blog as a result, and we are glad we are, since we noticed some bugs in the Importer module that we have since resolved. But we did more then just bug fixing - we made some tweaks to the existing functions, improving import elimination protection support.

Read More
TitanEngine simplification project
Blog | February 18, 2010

TitanEngine simplification project

With over 385 functions, TitanEngine is surely overwhelming at first sight. To help you get over this initial barrier we have included many sample applications with the TitanEngine SDK. However that still involves learning the use of 20 - 30 functions and the general layout we envisioned for our dynamic unpackers. And even this can be a lot for someone who wants to perform simple tasks such as creating an unpacker for FSG packer.

Read More
Analyzing layered protections
Blog | February 15, 2010

Analyzing layered protections

There is hardly a software protection nowadays that has only a single layer of code containing the whole stub code. Even some software packers such as PeCompact implement multiple layers in the process of software decompression. It is common for these additional layers to do the most interesting protection operations, such as memory decompression, import table processing and entry point protection and redirection.

Read More
TitanEngine and Python SDK
Blog | February 8, 2010

TitanEngine and Python SDK

As we said in the blog dedicated to our latest TitanEngine release we are continuously working on expanding our SDK to support as much programming languages as possible. That is why the next major version update for TitanEngine will feature a support for Python scripting language. We are looking forward to seeing multiple unpacking scripts appearing with the next TitanEngine major release. Until next week...

Read More

Pages