TitanEngine and LUA SDK
Blog | July 4, 2010

TitanEngine and LUA SDK

As we said in the blog dedicated to our latest TitanEngine release we are continuously working on expanding our SDK to support as much programming languages as possible. That is why the next major version update for TitanEngine will feature a support for LUA scripting language. This is it from ReversingLabs for this year. Enjoy the holidays!

Read More
Everything in one go
Blog | July 4, 2010

Everything in one go

When talking about new concepts, its always best to demonstrate them on something everyone is familiar with. In our case that's of-course UPX with which we are fairly familiar. It almost feels like we write one UPX unpacker each week, doesn't it?

Read More
Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format
Blog | July 2, 2010

Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format

One constant challenge of modern security will always be the difference between published and implemented specifications. Evolving projects, by their very nature, open up a host of exploit areas and implementation ambiguities that cannot be fixed. As such, complex documentation such as that for PECOFF or PDF are goldmines of possibilities.In this talk we will disclose our recent findings about never before seen PE or Portable executable format malformations.

Read More
Your First Step to Reversing Nirvana
Blog | June 24, 2010

Your First Step to Reversing Nirvana

Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged and open source catch-all tool that will become your first line of defense. The project goes beyond pure tool development. It builds a forum to share information and reverse-engineering experience built around the biggest online and collaborative knowledge base regarding software packers.

Read More
Reverse engineering self defense
Blog | June 23, 2010

Reverse engineering self defense

If you remember not so long ago we wrote about minor inconveniences we encountered while working with OllyDBG. Today we return to that subject with challenges we face when reversing modern software protectors. One such protection is SafeEngine or NoobyProtect, which uses a simple portable executable malformation in order to crash OllyDBG.

Read More
Unpacking by hooking?
Blog | June 13, 2010

Unpacking by hooking?

Lets try something totally crazy. Lets try dynamic unpacking without total unpacking control, without breakpoints, without any kind of debugging whatsoever. Lets merge our unpacking process with the packer itself, binding them into one unique work-flow that collects information while the packer is executing. It's similar to what we do with debugging - just without the debugger. How do we do this? Can we for that matter?

Read More
CARO Workshop Recap
Blog | June 3, 2010

CARO Workshop Recap

We had a great time during this year's CARO Workshop Conference held in Helsinki last week. Now it is the time to sort out our impressions. First of all, thanks to all that have made it to our talk and asked us many intriguing questions. Slides for our talk are available here. The picture you see above is from the brilliant keynote held by Dr. Alan Solomon. We absolutely enjoyed the keynote and Dr. Solomon's remark regarding the perfect antivirus represented by his three batch files.

Read More
CARO Workshop Conference 2010
Presentation | June 2, 2010

CARO Workshop Conference 2010

Our talk was focused on improving the file analysis metrics and on unpacking technology performance testing, comparing different solutions. During the talk we have presented a new idea for unpacking optimization.

Read More
Sophos decodeme at AusCERT
Blog | May 23, 2010

Sophos decodeme at AusCERT

Being the huge file analysis geeks (you must be shocked by this, we know) that we are, we couldn't help solving the more than interesting #decodeme challenge from Sophos at this years AusCert. The challenge itself was printed on a T-Shirt and the puzzle looked exactly like this:

Read More
Working around checksums
Blog | May 18, 2010

Working around checksums

We are going to start today's blog with a short apology about the TitanEngine 2.0.3 availability during last week. Issue was that during certain amount of time during last week the old TitanEngine 2.0.2 was distributed instead of the fresh new version. This happened mainly because we were moving our hosting to a new server and mixed-up the TitanEngine packages. We apologize for any inconvenience this might have caused and urge the users to update to current engine version. With that out of the way we can focus on the task at hand.

Read More
Back to the basics
Blog | May 11, 2010

Back to the basics

Its been a really long time since we made an unpacker for... well anything. Sure we did a format converter and some archive format unpacker but our last PE unpacker was (checks the blog) in February. So, lets get back to the basics and create a dynamic unpacker for PackMan. We already have an unpacker for PackMan? Its in the TitanEngine package already, you say? Well we do, but what's stopping us from having a little fun with unpacker optimizations?

Read More
TitanEngine 2.0.3
Blog | May 3, 2010

TitanEngine 2.0.3

After few months of intense work and code polishing we are proud to present the next major update for the TitanEngine project. Latest update we labeled as TitanEngine 2.0.3. Even though the version incrementation is small the number of changes and the pure size of the code is vast. That is why we dedicate today's blog for listing all additions and changes done to the engine. So, what is new?

Read More
ReversingLabs at CARO Workshop
Blog | April 29, 2010

ReversingLabs at CARO Workshop

FILE ANALYSIS AND UNPACKING IN THE AGE OF 40M NEW SAMPLES PER YEAR With daily unique malware counts exceeding 100,000 pressure is exerted at sample analysis and automated unpacking systems. Known 400+ packer families and custom packers can be mixed together in layers and in parallel. Today's system has to be able to handle all known format schemas statically and dynamically while anticipating increases in complexity.

Read More
BlackHat Europe presentation videos online
Blog | April 28, 2010

BlackHat Europe presentation videos online

As you remember few weeks ago ReversingLabs presented its NyxEngine to the World on BlackHat Europe security conference. Today the conference has published the presentation videos which can be found here, and here is a direct link to our talk video recording. Enjoy...

Read More
File analysis and unpacking in the age of 40M new samples per year
Blog | April 28, 2010

File analysis and unpacking in the age of 40M new samples per year

With daily unique malware counts exceeding 100,000 pressure is exerted at sample analysis and automated unpacking systems. Known 400+ packer families and custom packers can be mixed together in layers and in parallel. Today's system has to be able to handle all known format schemas statically and dynamically while anticipating increases in complexity.

Read More
Its just bits and bytes…
Blog | April 26, 2010

Its just bits and bytes…

Two weeks ago we introduced our NyxEngine to the World and we got nothing but positive comments and responses about it. That is why for today's blog we have decided make it do something its not primarily designed to do. With that in mind we decided to create a simple program based on the NyxEngine which does archive conversion from one file type to another.

Read More
BlackHat Europe Recap
Blog | April 19, 2010

BlackHat Europe Recap

We had a great time during this year's BlackHat Europe Conference last week. Now it is the time to sort out our impressions. First of all, thanks to all that have made it to our talk and have been asking us in hallways about the new engine that we were working on. In a packed full room we have discussed archive steganography and the impacts such and other malformed files have on security products.

Read More
Introducing NyxEngine
Blog | April 12, 2010

Introducing NyxEngine

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. When it comes to digital steganography no stone should be left unturned in the search for viable hidden data. Although digital steganography is commonly used to hide data inside multimedia files, a similar approach can be used to hide data in archives as well.

Read More
Unpacking archives with TitanEngine
Blog | April 5, 2010

Unpacking archives with TitanEngine

TitanEngine is primarily envisioned as a portable executable file format unpacker and handling framework. However due to its static unpacking functions it can be used to unpack other file format types such as installers and archives. That is why today we are showing the utilization of the new static unpacking functions that will be available with the next update. We are discussing the upcoming features which is something we generally like to avoid but it is for a good reason.

Read More

Pages