My focus for 2024 🚀
• TotalRecall 5-year YARA search
• STREAMs on-demand intel
• Expanded file support, docs, scripts, etc.
• Organize everything into topics!
• More RE 101 content 💖
• Special project...
If you want to…
Coming soon...
🤖
#OALabs
VM Installer for Malware Analysis 🤖
We have been working hard to put together a Boxstarter script like FLARE-VM to setup a Windows 7 (x86) VM with all the tools you need to follow our tutorials!
Should be released by Monday stay tuned ...
🤖 VM Installer for Malware Analysis 🤖
Released! Boxstarter script to setup a FREE Windows 7 VM with all the tools you need to follow our tutorials!
Step-by-step install guide
📺 Tutorial video 📺
#OpenAnalysisLive
#OALabs
📺 New Tutorial Video 📺
Reverse engineering C++ malware with IDA Pro: classes, constructors, structs, and more! A first in our series moving beyond malware triage and onto full
#ReverseEngineering
.
#OpenAnalysisLive
#MalwareAnalysis
⚡️Malware Analysis - Quick TIP⚡️
How to unpack process injection with x64dbg one breakpoint!
If you enjoyed this check out our other reverse engineering tutorials on YouTube 😃
#OpenAnalysisLive
#ReverseEngineering
#Malware
Just found this awesome talk from 2017...
“Everything You Ever Wanted to Know About DLLs”
Highly recommend for folks who are getting started with reverse engineering.
🤜🤛
@JamesMcNellis
🥳 HashDB is live!
HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin!
⚙️API
🧩IDA Plugin
👾 Add Custom Algorithms
Be gentle - it’s in beta 🙏
🎬 New tutorial video 🎬
Unpacking Gootkit malware (stage 1) with IDA and x64dbg!
A little bit of everything in this one... IDAPython scripting, dynamic IAT, memory dumping, debugging, etc.
#OpenAnalysisLive
#malware
#unpacking
I've mentioned this before but it's worth repeating...
If you want to learn how to reverse engineer structs in
#IDAPro
I highly recommend these two tutorials from .
@moveax41h
Best way to level up your
#reverseengineering
🤓🤓🤓🤓
🙃 Well it finally happened … I infected myself with malware…
Join us for some live
#DFIR
as we hunt down the persistence mechanism and clean up my host…
#OALABS
📺 New Tutorial Video 📺
In this tutorial we cover a malware reverse engineering fundamental - how to identify and decrypt RC4! 🔐
#OpenAnalysisLive
#ReverseEngineering
⚡️Malware Debugging - Quick TIP⚡️
Level up your malware debugging by disabling ASLR in your analysis VM! We show you how, and why this makes x64dbg and IDA work together so well 💪
#OpenAnalysisLive
#Debugging
With the recent conversation about easy affordable access to training, just wanted to post a reminder to check out our
#ReverseEngineering
channel...
We do tutorials, take requests, and answer your questions!
Please RT for everyone learning to RE <3
🎬 New tutorial video 🎬
Analyzing Adwind / JRAT Java Malware!
Decompiling Java, deobfuscation, API hooking, config extraction, automation with Python, we cover it all!
#OpenAnalysisLive
#malware
#adwind
#jrat
🔓 How To Crack Ransomware
Join us live this Sunday (Feb 5) at 1300EST with special guest
@fwosar
Ransomware reverse engineering fundamentals, common crypto flaws, examples, and maybe even a chat about ESXiArgs 😉
#OALABS
Awesome
#MazeRansomware
automated deobfuscation work from
@shamrockhoax
!
Obfuscation libraries in malware seem to be the future so it’s great to see tools like this!
📺 New Tutorial Video 📺
Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg
We take a second look at
#Gootkit
#malware
and their new anti-analysis tricks... we also cover unpacking PE-overwrite packers.
#OpenAnalysisLive
For those who have been asking…
How do I stay safe while handling malware 😅
🔓We just unlocked this
#OALABS
tutorial for everyone…
** no it’s not another VM setup tutorial, feel free to share with anyone getting started with malware analysis ❤️
🎬 New tutorial video 🎬
Unpacking Princess Locker and Fixing Corrupted PE Header
(with help from our 🦔 friends)
Process dumping with x64dbg and rebuilding the PE header, the fundamentals of unpacking!
#OpenAnalysisLive
#MalwareAnalysisForHedgehogs
📺 New Tutorial Video 📺
Join us as we reverse engineer
#WarzoneRAT
🐀🔍
Lots of IDA tips in this one and we include the IDC so you can follow along at home ✅
#malware
#OALabs
😲Leaked Conti Hacking Manual😲
👋 Join us LIVE tomorrow 12EST
Special guest
@m0rv4i
will walk us through the
#conti
#ransomware
affiliate training manual from a
#RedTeam
perspective
We just released a 7-part
#tutorial
series on
#OALABS
💖
#Patreon
✨ Debugging Fundamentals for Reverse Engineers ✨
Learn how a
#debugger
works by building one yourself! 🤘
- debug events
- threads
- the context
- dlls
- memory
- breakpoints
📺 New Tutorial Video 📺
Unpacking and Extracting The TrickBot Config!
We use x64dbg to unpack
#TrickBot
from a multi-stage packer with both process injection and self injection. Then we use a Python script to extract the config!
#OpenAnalysisLive
📺 New Tutorial Video 📺
It's been a while but we're back! And we are talking about "FUD" packers... how do they work from the malware developer's perspective, and how to unpack them!
#OpenAnalysisLive
#OALabs
#ReverseEngineering
🎬 New/Old Tutorial Video 🎬
Unpacking VB6 Packers With IDA Pro and API Hooks!
We've been too busy to create a new video but we found this classic tutorial in our archives. Join us for this blast from the past 😸
#OpenAnalysisLive
#unpacking
#malware
On a related note … I made (another) simple IDA plugin for copying disassembly as hex encoded bytes. Nice for binary searching, and building Yara rules : )
#IDAPython
#ReverseEngineering
#Tools
Last week we took a look at
#TheUndeclaredWar
on stream… it wasn’t pretty 😂
#base64
Check us out on Twitch, Thursdays and Sundays 1300EST… we do actual reverse engineering
#OALABS
🚀🚀 Quick
#OALABS
Tutorial
It’s hard enough to learn how to
#ReverseEngineer
… it’s even harder if you are learning
#assembly
at the same time!
💖Here are two tips that can help by enabling asm instruction hints in
#IDA
and
#x64dbg
🚀 Quick Tips For Unpacking 🚀
Made a quick video tutorial covering how to unpack this sample with a few breakpoints and OllyDbg. We are huge fans of ID-Ransomware, keep up the good work Michael!
#malware
#QuickTips
#OpenAnalysisLive
Anyone have a recent unpacked version of
#Hermes
2.1 (.HRM extension)
#Ransomware
? Currently struggling to unpack one, Scylla keeps dumping ntdll.dll lol. Sample: fbeb92ac0acf03216f8430687734d2f72f57a85c994f0f0ea01e65c26e37d92d
I don’t get too excited about CTFs but this 3.5h livestream of Ryan solving this problem is one of the coolest things I’ve seen in a while!!
Real-time reverse engineering, no edits! Fascinating! 👀👀🤓
📺 New Tutorial Video 📺
We are back! Join us while we
#ReverseEngineer
#PrnLoader
!
❌❌❌👇
This is one of the weirdest loaders I have ever seen... they use a pr0n video to decrypt an
#emotet
payload! 😳
We teamed up with
@fwosar
to analyze
#ESXiARGS
#ransomware
which has been tearing across vulnerable VMWare servers on the internet!
We reverse engineer both the deploy script and the elf binary… with some banter along the way 😸
#OALABS
😬 Cringe Malware Contest 😬
Send us the worst malware you have ever RE and win a year of Nitro 🚀
🏆 Full contest details on the
#OALABS
discord…
📺 Tune in LIVE this Sunday at 1300EST to vote on submissions…
The little Easter eggs (pun intended) in
#x64dbg
always make me chuckle 😄
Also, a good time to remind everyone that x64dbg is developed by one person in their free time 💖
If you use it professionally, support free software
📢 Quick Tip Tutorial Video 📢
Have you noticed x64dbg is crashing when you try to analyze recent malware samples?? We explain why, how we worked around it, and their fix in the new release of the debugger!
#malware
#x64dbg
#OpenAnalysisLive
📺 New Tutorial 📺
We have just unlocked an
#OALABS
Patreon tutorial for everyone…
🚀 Unpacking (
#VMProtect
3) Night Sky Ransomware x64
We use
#VMPDump
to fix the imports and a simple trick to recover the virtualized OEP 😇
🎬 Clip
#OALABS
From our recent “N00bs Night” stream where we cover basic analysis techniques:
Extracting shellcode from a multi-stage PowerShell loader with CyberChef 👨🍳
📺 New Tutorial Video 📺
Join us with special guest
@mrexodia
for a demo of
#Dumpulator
a binary
#emulator
!
🙌 Easy to use
#Python
, emulation in 5 lines of code
⚙️ Complete Win32/64 env for emulation (minidump)
👾 One-click
#malware
config extraction
🎬 New Tutorial Video 🎬
Unpacking Themida 2.x 64bit ... without actually unpacking : )
If a packed sample does process injection we can dump it instead of unpacking!
#OpenAnalysisLive
#malware
#unpacking