Reverse engineering with radare2
Some notes on reverse engineering on various architectures, mostly using free software such as the radare2 framework, gdb, frida, x64dbg among others
Wanna show your support to these materials? Follow me on twitter at @artikblue and let me knowIf I see interest I'll post more :)Reversing basic C code (x86)
- Reversing x32/x64 with radare2 - 1 (intro)
- Reversing x32/x64 with radare2 - 2 (conditionals)
- Reversing x32/x64 with radare2 - 3 (funcs, cases and loops)
- Reversing x32/x64 with radare2 - 4 - I (arrays and strings)
- Reversing x32/x64 with radare2 - 4 - II (more strings)
- Reversing x32/x64 with radare2 - 5 (var types and casting)
- Reversing x32/x64 with radare2 - 6 (multi dimensional arrays and structs)
- Reversing x32/x64 with radare2 - 7 (struct arrays, r2pm and patching)
- Reversing x32/x64 with radare2 - 8 - I (files: read, write, seek and some heaps)
- Reversing x32/x64 with radare2 - 8 - II (crackmes)
- Reversing x32/x64 with radare2 - 9 (pointers and dynamic memory)
- Reversing x32/x64 with radare2 - 10 (more pointers and dynamic structs)
- Reversing x32/x64 with radare2 - 11 (linked lists, enums, bitwise operations and r2pipe)
- Reversing x32/x64 with radare2 - 12 (defines, unions and bitmaps)
Advanced topics on reversing C code (Windows and Unix)
- Reverse engineering x64 binaries with Radare2 - 13 (linux systems programming: theory, syscalls, files and ESIL)
- Reverse engineering x64 binaries with Radare2 - 14 (the windows api: theory, helloworld and files)
- Reverse engineering x64 binaries with Radare2 - 15 - I (unix sockets fundamentals)
- Reverse engineering x64 binaries with Radare2 - 15 - II (more sockets, http emulation, radasm, ragg and shellcode)
- Reverse engineering x64 binaries with Radare2 - 16 (winsock, udp C&C and file exfiltration through DNS)
- Reverse engineering x64 binaries with Radare2 - 17 (More Winsock, Bind and reverse shells)
- Reverse engineering x64 binaries with Radare2 - 18 (unix encrypted bind shells over TLS)
- Reverse engineering x64 binaries with Radare2 - 19 (Exploiting basic Buffer Overflows)
- Reverse engineering x64 binaries with Radare2 - 20 (Bypassing DEP with simple ROP Chains)
- Reverse engineering x64 binaries with Radare2 - 21 (Enabling code execution on stack)
- Reverse engineering x64 binaries with Radare2 - 22 (Defeating stack canaries)
- Reverse engineering x64 binaries with Radare2 - 23 (Dealing with aslr)
Malware analysis
- Malware analysis with IDA/Radare2 - C# Malware (Ziraat)
- Malware analysis with IDA/Radare2 - Analyzing maldocs (Emotet Dropper)
- Malware analysis with IDA/Radare2 - Basic unpacking (Dridex)
- Malware analysis with IDA/Radare2 - Multiple unpacking (Ramnit)
- Malware analysis with IDA/Radare2 - From unpacking to config extraction (IceID)
- Malware analysis with IDA/Radare2 - DLL injection, the fundamentals
- Malware analysis with IDA/Radare2 - PE injection, the fundamentals