Ransomware is always evolving, and Cactus is no exception. When I came across this sample, I knew it was worth a closer look. It’s built to obfuscate, encrypt, and evade, but like any malware, it leaves behind clues. In this series, I’ll walk you through the process of analyzing Cactus ransomware, starting with static analysis. […]

In this series, we are examining how to reverse engineer malware to understand how it works and possibly re-purposing it. Hackers and espionage agencies such as the CIA and NSA, regularly re-purpose malware for other purpose. Previously, we looked at the basics of IDA Pro, the most widely used disassembler in our industry. In this […]

Welcome back, my aspiring cyber warriors! There are a number of excellent tools available to use in the field of reverse engineering (see Reverse Engineering, Part 3: Getting Started with IDA Pro and Part 5: Getting Started with OllyDbg ), but now we have an excellent new option known as Ghidra. Ghidra was developed by […]

Welcome back, my aspiring malware analysts! In previous tutorials here, I have demonstrated the power of such reversing and disassembly tools as Ollydbg, IDAPro and Ghidra. In this tutorial I’d like to share and demonstrate a few simpler tools that you are certain to want to have in your malware analysis toolbox. Each of these […]

Welcome back, my aspiring cyber warriors! Reverse engineering is one of the most highly sought and most valuable cybersecurity/infosec skills. Few people have developed their skill levels to be proficient in this highly sought after skill. Ghidra is a relatively new and free reverse engineering tool from the US spy agency, NSA. In this tutorial, […]

In my introductory article in this new series, I attempted to lay out the merits of why you should study Reverse Engineering Malware. I’m hoping that you found that argument compelling enough that you have come back and are ready to dedicate yourself to this exciting discipline. I’m sure your hard work and dedication will […]

Welcome back, my aspiring cyber warriors! Reverse engineering malware is among the highest-level skill sets in our discipline and it’s salaries reflect elevated position in the cyber security ecosystem. It requires years of diligent study to become proficient and this is good place to start. If you have not yet done so, go back and […]

Most of the work we will be doing in reverse engineering will be with assembler language. This simple and sometimes tedious language can reveal a plethora of information on the source code. When we can’t see or recover the source code of the malware or other software, we can use tools such as dis-assemblers and […]

Welcome back, my aspiring malware analysts! In my introductory tutorials on reverse engineering malware (Part 1-5) we introduced many new concepts. Now its time to put some of those concepts to work and begin analyzing some sample malware! In Part 1 of this series, I pointed out that there are two primary ways of analyzing […]