Skip to content

Reverse Engineering

November 22, 2023
March 1, 2023

learn-to-code#ABI
learn-to-code#Assembly

Reverse Engineering - Computerphile - YouTube
Quarkslab's blog - Reverse-Engineering

Binary Analysis/Malware Analysis/Reverse Engineering

learn-to-code#Assembly

Malpedia (Fraunhofer FKIE)
rshipp/awesome-malware-analysis: A curated list of awesome malware analysis tools and resources.

"Reverse Engineering for Beginners" free book source

Reverse Engineering 101 - Reverse Engineering - 0x00sec - The Home of the Hacker

Reverse engineering visual novels 101 – Hacker Noon
Reverse engineering visual novels 101, part 2 – Hacker Noon

Level Up Your Reverse Engineering Skills – Angular In Depth
Practical application of reverse-engineering guidelines and principles

Compiler Explorer check disassembled code for various languages

Binary Exploitation Deep Dive: Return to LIBC (with Matt) - YouTube pwninit, patchelf, gdb+gef, Ghidra
Google CTF - BEGINNER Reverse Engineering w/ ANGR - YouTube
Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS - YouTube

Intel® XED
intelxed/xed: x86 encoder decoder

io12/pwninit: pwninit - automate starting binary exploit challenges

angr
angr/angr: A powerful and user-friendly binary analysis platform!

CyberChef
gchq/CyberChef: The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

OFRAK

mandiant/flare-floss: FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Vaughan Hilts - Experimentation with Reverse Engineering - Trails in the Sky (FC / SC) Extracting Sprite Data w/ Unix Tools & Kaitai Struct
Introduction · Radare2 Book

Reverse Engineering A Modern IP Camera | Hackaday
Reverse Engineering Shimano Bike Electronics | Hackaday

KOVTER Malware Analysis - Fileless Persistence in Registry - YouTube

Trail of Bits

Trail of Bits | Open Source

lifting-bits/remill: Library for lifting machine code to LLVM bitcode
lifting-bits/anvill: anvill forges beautiful LLVM bitcode out of raw machine code uses Remill
lifting-bits/mcsema: Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode 🗃️archived, uses Remill
lifting-bits/vmill 🗃️archived, uses Remill
lifting-bits/rellic: Rellic produces goto-free C output from LLVM bitcode

Magnifier: An Experiment with Interactive Decompilation | Trail of Bits Blog
trailofbits/magnifier 🗃️archived, uses Rellic

IDA

IDA Freeware

EVERYONE in Cyber Security Should Understand Reversing (its EASY) - YouTube ❗!important, C calling convention
EVERYONE in Cyber Security Should Understand Reversing (its EASY) - YouTube ❗!important, C calling convention

Ghidra

Ghidra
NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
lifting-bits/sleigh: Unofficial CMake build for Ghidra SLEIGH

Auditing system calls for command injection vulnerabilities using Ghidra's PCode - YouTube Python integration
How Ghidra changed my life - Chris Eagle - YouTube
Getting Started Reversing C++ Objects with Ghidra - YouTube
HackadayU: Reverse Engineering with Ghidra Class 1 - YouTube
Ghidra - Journey from Classified NSA Tool to Open Source - YouTube
Reversing WannaCry - YouTube

Hopper Disassembler

Hopper

Shellcode

Shellcode - Wikiwand
What is shellcode and how is it used? | TechTarget

Emulation of Malicious Shellcode With Speakeasy | Mandiant
mandiant/speakeasy: Windows kernel and user mode emulation.

Cutter

Cutter

ELF

Executable and Linkable Format - Wikiwand
Executable and Linkable Format - Wikiwand
Global Offset Table - Wikiwand

In-depth: ELF - The Extensible & Linkable Format - YouTube
No really, how does Linux run executables? - YouTube

elf: format of Executable and Linking Format (ELF) files | File Formats | Man Pages | ManKier
vdso: overview of the virtual ELF dynamic shared object | Miscellanea | Man Pages | ManKier
ld.so: dynamic linker/loader | System Administration | Man Pages | ManKier

ELF - A Common Lisp library for manipulating ELF files
eschulte/elf: Actively maintained at https://github.com/grammatech/elf

Understanding the ELF specimen | Packt Hub

readelf <binary>

objdump -d -Mintel <binary>

PE format

Portable Executable - Wikiwand

trailofbits/pe-parse: Principled, lightweight C/C++ PE parser
pe-parse/pepy at master · trailofbits/pe-parse

C Sharp

I show you how to Crack a .NET Application (3 clicks) - DEV Community
dnSpy/dnSpy: .NET debugger and assembly editor
Kani Web decompiler

icsharpcode/ILSpy: .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
Debugging a .NET assembly without the source code with Visual Studio - Meziantou's blog

ildasm.exe disasmbler

Java

fesh0r/fernflower: Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

mstrobel/procyon: Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.

Java Decompiler
Java Decompiler

Parsing Java Bytecode with Python - YouTube 2:25:53

Android

skylot/jadx: Dex to Java decompiler

ChickenHook/Anubis-pandemidestek: Anubis malware variant for turkish market - full analysis - SHA256: 231d970ea3195b3ba3e11e390b6def78a1c8eb5f0a8b7dccc0b4ec4aee9292ec
Reverse Engineering of the Anubis Malware - ”pandemistek” – intended for the Turkish market – AndroidReverse

Reverse Engineering of the Anubis Malware — Part 1 | by Elliot Alderson | Medium
Infection and removal of Android Malware that uses Accessibility services - YouTube

Wasm

What’s in that .wasm? Introducing: wasm-decompile · V8

Dynamic Analysis

x64dbg

Cheat Engine

ANY.RUN - Interactive Online Malware Sandbox
Exploring the Latest Malware Samples - YouTube

ReClass.NET

ReClassNET/ReClass.NET: More than a ReClass port to the .NET platform.

Reclass Tutorial - ReClass.NET - How To Reverse Structures - YouTube

gdb

learn-to-code#Debugging

nakst/gf: A GDB frontend for Linux.

cyrus-and/gdb-dashboard: Modular visual interface for GDB in Python

hugsy/gef: GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
GEF - GDB Enhanced Features documentation

USB Protocol

USB Reverse Engineering: A Universal Guide | Hackaday
USB Reverse Engineering: Down the rabbit hole | /dev/alias – Hack. Dev. Transcend.

Reverse engineering a USB device with Rust | Harry Gill
mygnu/rcue: Corsair H150i PRO, usb userspace driver

27c3: USB and libusb (en) - YouTube
28c3: Reverse Engineering USB Devices - YouTube
Debugging Usually Slightly Broken (USB) Devices and Drivers - Krzysztof Opasiak, Samsung - YouTube