State-of-the-art binary code analysis tools
This is a guest entry written by Holger Unterbrink from Cisco Talos. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, likely because these […]
This is a guest entry written by Elias Bachaalany. His views and opinions are his own and not those of Hex-Rays. Any questions with regards to the content of this blog post should be directed to the author. Introduction During the IDA Advanced training, I get asked a lot about how to set up the
We are thrilled to kick off an exciting new campaign – The Plugin Submission Initiative. Our Plugin Repository was developed not too long ago and has already reached a milestone with 122 plugins currently available for our users! It is a great start, but we believe there’s room for growth and improvement. The success of […]
This is a guest entry written by the Airbus CERT team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. The ComIDA plugin is focused on finding usage of COM objects inside Windows modules. When a COM […]
The Rust language is gaining popularity and nowadays even malware authors started using it, which means our users need to analyze them in IDA. The binaries produced by the Rust compiler have some peculiarities which make them difficult to analyze, such as: non-standard calling conventions non-terminated string literals unusual name mangling scheme While tackling all of them is a […]
This is a guest entry written by Robert from Interrupt Labs. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Heimdallr: Deep links into IDA Databases When reverse engineering in IDA, I find it useful to take notes on […]
This is a guest entry written by Can Bölük. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. NtRays: Reversing Windows kernel, simplified Windows kernel has changed a lot in the past few years, with the addition of Hypervisor […]
This is a guest entry written by Simon Garrelou and Sylvain Peyrefitte from the Airbus CERT Team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. Power up your debugging with time travel: the ttddbg plugin Time Travel […]
This is a guest entry written by Chris Eagle. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. The SK3wldbg Plugin When I first started analyzing obfuscated code, I quite often wished that I could simply de-obfuscate the code […]
This is a guest entry written by Mike Hunhoff, Moritz Raabe, and Willi Ballenthin from the Mandiant FLARE Team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. capa explorer: Focus Your Reverse Engineering Efforts in IDA Pro