Reverse Engineering

Posts relating to reverse engineering of one form or another.

It’s about time I got some more technical content on my blog and after presenting at the Malware and Reverse Engineering Conference in February and seeing a presentation on Tofsee, I decided to do my own analysis of Tofsee.

Continue Reading

There’s a theory that a thousand monkeys typing away at a thousand typewriters will eventually reproduce the works of Shakespeare. I got home one day to find a JavaScript downloader semi-randomly creating dynamic functions until one of them worked and downloaded some malware that I hadn’t seen before. Continue Reading

So there I was happily running mergecap in a script to merge the honeywall’s hourly pcap files together, when it aborted with an error and reported that the capture file ‘appears to be damaged or corrupt’. This problem means that I will be missing some packets in the merged capture file which will potentially hinder my analysis, so I decided to get out a hex editor and play with the capture file to see if I could see what was going on and at least recover the remaining packets from the corrupt file. Continue Reading