State-of-the-art binary code analysis tools
This is a guest entry written by Holger Unterbrink from Cisco Talos. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, likely because these […]
This is a guest entry written by Elias Bachaalany. His views and opinions are his own and not those of Hex-Rays. Any questions with regards to the content of this blog post should be directed to the author. Introduction During the IDA Advanced training, I get asked a lot about how to set up the
This is a guest entry written by the Airbus CERT team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. The ComIDA plugin is focused on finding usage of COM objects inside Windows modules. When a COM […]
This is a guest entry written by Robert from Interrupt Labs. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. Heimdallr: Deep links into IDA Databases When reverse engineering in IDA, I find it useful to take notes on […]
We are pleased to announce the release of IDA version 8.3! In this release, there are many new features and enhancements, including: IDA64 support for (32-bit) .idb files UX improvements IDA Teams enhancements DWARF speedup ARM64 system registers IDA Educational now includes x86/x64 decompiler, and file size limit has been lifted. IDA Home features IDA Python API improvements Golang: added support for Go […]
This is a guest entry written by Can Bölük. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. NtRays: Reversing Windows kernel, simplified Windows kernel has changed a lot in the past few years, with the addition of Hypervisor […]
This is a guest entry written by Simon Garrelou and Sylvain Peyrefitte from the Airbus CERT Team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. Power up your debugging with time travel: the ttddbg plugin Time Travel […]
This is a guest entry written by Chris Eagle. His views and opinions are his own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the author. The SK3wldbg Plugin When I first started analyzing obfuscated code, I quite often wished that I could simply de-obfuscate the code […]
This is a guest entry written by Mike Hunhoff, Moritz Raabe, and Willi Ballenthin from the Mandiant FLARE Team. Their views and opinions are their own and not those of Hex-Rays. Any technical or maintenance issues regarding the code herein should be directed to the authors. capa explorer: Focus Your Reverse Engineering Efforts in IDA Pro
The gooMBA plugin, as well as this blog post, was written by our intern Garrett Gu. You can view the plugin source on GitHub. gooMBA is maintained by Hex-Rays, and will be incorporated in the next IDA release. Hands-Free Binary Deobfuscation with gooMBA At Hex-Rays SA, we are constantly looking for ways to improve […]