Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers: https://www.gendigital.com/blog/insights/research/defeating-aurastealer-obfuscation
#deobfuscation
π¨ Ever tangled with virtual machine-based code protection? π¨
In 2020, I wrote a virtual machine deobfuscator for a crack me challenge. I've learned a lot doing that challenge and wrote a 2-part series for it:
https://malwareandstuff.com/taming-virtual-machine-based-code-protection-1/
https://malwareandstuff.com/taming-virtual-machine-based-code-protection-2/
π #ReverseEngineering #MalwareAnalysis #windows #idapro #deobfuscation
My new post about #malware #deobfuscation - https://cert.pl/en/posts/2025/04/peephole-deobfuscation/. I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib.
π£ Full write-up for "Tales for the Brave" - this year's Hard forensics challenge from Hack The Box Cyber Apocalypse CTF - Tales From Eldoria.
πΈ Code #deobfuscation
πΈ hashtag#Telegram data exfiltration
πΈ Malware behavioral analysis
π https://blog.cyberethical.me/htb-ctf-2025-forensics-tales-for-the-brave
#CyberEthical #CyberApocalypse25 #HackTheBox #forensics #EthicalHacking #blueteaming #itsec #dataexfiltration #malware
π© Oh, look! Another tool to "deobfuscate" strings from garbled binaries, because obviously your life was incomplete without it. π Google Cloud wants you to believe it's revolutionary, but really, it's just another way to make you feel guilty for not understanding #Kubernetes. π
https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries #deobfuscation #GoogleCloud #techhumor #binarytools #developerlife #HackerNews #ngated
GoStringUngarbler: Deobfuscating Strings in Garbled Binaries β https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries
#HackerNews #GoStringUngarbler #Deobfuscation #GarbledBinaries #ThreatIntelligence #Cybersecurity
ΠΠ°ΠΊ ΠΏΡΠΈΠ³ΠΎΡΠΎΠ²ΠΈΡΡ ΠΎΠ±ΡΡΡΠΊΠ°ΡΠΈΡ Π² JavaScript ΠΈ Π½Π΅ ΡΠΆΠ΅ΡΡ Π»Π°Π±Π°ΡΠ°ΡΠΎΡΠΈΡ: AST, babel, ΠΏΠ»Π°Π³ΠΈΠ½Ρ
ΠΠ΅ΡΠΎΡΡΠ½ΠΎ ΠΊΠ°ΠΆΠ΄ΡΠΉ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΡ ΠΈΠ»ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΡ, ΡΡΠ°Π»ΠΊΠΈΠ²Π°Π»ΠΈΡΡ Ρ ΠΌΡΡΠ»ΡΠΌΠΈ ΠΎ ΡΠ²ΠΎΠ΅ΠΉ ΠΊΡΡΡΠΎΡΡΠΈ ΠΈΠ»ΠΈ Ρ ΠΎΡΡ Π±Ρ ΠΊΡΡΡΠΎΡΡΠΈ ΡΠ²ΠΎΠΈΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² π. Π Π°Π·ΡΠΌΠ΅Π΅ΡΡΡ, Π² ΡΡΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ ΠΌΠΎΠΆΠ΅Ρ Π²ΠΎΠ·Π½ΠΈΠΊΠ½ΡΡΡ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΡΡΠ΅Π΅ Π½Π΅ΠΆΠ΅Π»Π°Π½ΠΈΠ΅ Π΄Π΅Π»ΠΈΡΡΡΡ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠΊΠ°ΠΌΠΈ Ρ ΡΠΈΡΠΎΠΊΠΎΠΉ Π°ΡΠ΄ΠΈΡΠΎΡΠΈΠ΅ΠΉ. ΠΠ°Π½Π½Π°Ρ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠ° ΠΌΠΈΠ½ΠΈΠΌΠΈΠ·ΠΈΡΡΠ΅ΡΡΡ ΠΏΠ΅ΡΠ΅Π½ΠΎΡΠΎΠΌ ΡΠ°ΡΡΠΈ ΠΊΠΎΠ΄Π° Π½Π° ΡΠ΅ΡΠ²Π΅Ρ (Π΅ΡΠ»ΠΈ ΡΠ΅ΡΡ ΠΈΠ΄ΡΡ ΠΎ ΠΊΠ»ΠΈΠ΅Π½Ρ-ΡΠ΅ΡΠ²Π΅ΡΠ½ΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡΡ ). ΠΠ΄Π½Π°ΠΊΠΎ, ΡΠ°ΠΊΠΎΠΉ ΠΏΠΎΠ΄Ρ ΠΎΠ΄ Π½Π΅ Π²ΡΠ΅Π³Π΄Π° ΠΏΡΠΈΠΌΠ΅Π½ΠΈΠΌ, ΠΈ ΠΏΠΎΡΠΎΠΉ ΠΎΠ±ΡΡΠΎΡΡΠ΅Π»ΡΡΡΠ²Π° Π²ΡΠ½ΡΠΆΠ΄Π°ΡΡ Π½Π°Ρ ΠΎΡΡΠ°Π²Π»ΡΡΡ ΡΡΠ²ΡΡΠ²ΠΈΡΠ΅Π»ΡΠ½ΡΠ΅ ΡΡΠ°ΡΡΠΊΠΈ ΠΊΠΎΠ΄Π° ΠΏΡΡΠΌΠΎ Π½Π° Π²ΠΈΠ΄Ρ. Π ΡΡΠΎΠΉ ΡΡΠ°ΡΡΠ΅ ΠΌΡ ΠΏΠΎΠ·Π½Π°ΠΊΠΎΠΌΠΈΠΌΡΡ, ΠΊΠ°ΠΊ ΠΌΠΈΠ½ΠΈΠΌΡΠΌ, Ρ ΠΊΡΡΡΡΠΌ ΡΠ»ΠΎΠ²ΠΎΠΌ, Π° ΠΏΠΎ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ Ρ ΡΠ°ΠΊΠΎΠΉ ΡΠ΅Ρ Π½ΠΈΠΊΠΎΠΉ ΠΊΠ°ΠΊ ΠΎΠ±ΡΡΡΠΊΠ°ΡΠΈΡ Π² ΠΊΠΎΠ½ΡΠ΅ΠΊΡΡΠ΅ ΡΠ·ΡΠΊΠ° JavaScript. Π Π΅Π°Π»ΠΈΠ·ΡΠ΅ΠΌ ΠΌΠ΅Ρ Π°Π½ΠΈΠ·ΠΌΡ Π΄Π»Ρ ΡΠΊΡΡΡΠΈΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΠΈ ΡΡΠ»ΠΎΠΆΠ½Π΅Π½ΠΈΡ ΠΎΠ±ΡΠ°ΡΠ½ΠΎΠΉ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠΊΠΈ ΠΊΠΎΠ΄Π°. ΠΠΎΠΏΡΡΠ½ΠΎ, ΠΌΡ ΠΏΠΎΡΠΌΠΎΡΡΠΈΠΌ ΡΡΠΎ ΡΠ°ΠΊΠΎΠ΅ AST, ΠΈ ΠΏΡΠΈΠ²Π΅Π΄ΡΠΌ ΠΈΠ½ΡΡΡΡΠΌΠ΅Π½ΡΡ, Ρ ΠΏΠΎΠΌΠΎΡΡΡ ΠΊΠΎΡΠΎΡΡΡ ΠΌΠΎΠΆΠ½ΠΎ Π²Π·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΎΠ²Π°ΡΡ Ρ Π½ΠΈΠΌ Π΄Π»Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΎΠ±ΡΡΡΠΊΠ°ΡΠΈΠΈ.
https://habr.com/ru/articles/870152/
#javascript #reverseengineering #obfuscation #ast #babel #deobfuscation
LLVM-powered deobfuscation of virtualized binaries
https://blog.thalium.re/posts/llvm-powered-devirtualization/
Just wrapped up the JavaScript Deobfuscation module on HTB Academy, and it was an exciting deep dive into reverse engineering and tackling obfuscated code! π§©
https://academy.hackthebox.com/achievement/922218/41
#hackthebox #htbacademy #cybersecurity #bugbounty #deobfuscation #javascript
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files): https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/
Play along with this epic 4 hour #virtualization-based #deobfuscation workshop using @radareorg by @mr_phrazer https://www.youtube.com/watch?v=b6udPT79itk #reversing
Evading JavaScript Anti-Debugging Techniques
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Let Arnau Gamez (@arnaugamez) from @furalabs teach you how to become a master (de)obfuscator, with his #infosec #training on Modern #Binary #Deobfuscation! Get your ticket now!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Let Arnau Gamez (@arnaugamez) from @furalabs teach you how to become a master (de)obfuscator, with his #infosec #training on Modern #Binary #Deobfuscation! Get your ticket now!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Let Arnau Gamez teach you how to become a master (de)obfuscator, with his #infosec #training on Modern #Binary #Deobfuscation! Get your ticket now!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Let Arnau Gamez teach you how to become a master (de)obfuscator, with his #infosec #training on Modern #Binary #Deobfuscation! Get your ticket now!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
π Happy Sunday! Here is some #SundayLearning inspiration for you - check out the workshop βHands-on #Binary #Deobfuscation - From Symbolic Execution to Program Synthesisβ, by our instructor Arnau GΓ mez i Montolio (@arnaugamez) from @furalabs.
π₯ https://vimeo.com/723157684
Did you like the workshop? Then check out Arnau's training "An Analytical Approach to Modern Binary Deobfuscation". Early bird tickets are still available!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
Looking into just trying to deobfuscate the older NAC stuff for generating the iMessage validation data...
Looks like it might be possible? As far as I can tell, it's just MBA + Control Flow Obfuscation.
I don't totally understand simplifying MBA, but it looks like it can be done with certain tools, and after that undoing the CFO should be easy-er?
#ReverseEngineering #MixedBooleanArithmetic #FairPlay #ControlFlowObfuscation #ControlFlow #deobfuscation #obfuscation #BinaryNinja #BinaryObfuscation
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Let @arnaugamez from @furalabs teach you how to become a master (de)obfuscator, with his #infosec #training on Modern #Binary #Deobfuscation! Get your early bird ticket now!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
πΆβπ« Tired of obfuscated code slowing down your reverse engineering efforts? Become a master (de)obfuscator by joining @arnaugamez 's #infosec #training on Modern #Binary #Deobfuscation!
ποΈ https://ringzer0.training/trainings/an-analytical-approach-to-modern-binary-deobfuscation.html
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst