allthingsida
507 posts
allthingsida
@allthingsida
All things IDA, security, reverse engineering, programming, AI and more. Friend and fan of Hex-Rays but non-official.
- In this video youtu.be/_GOAR0wKrlk, we take a simple Windows 32bits malware and reverse engineer it in IDA. We cover topics such as: - Debugging malware with Bochs - Self modifying code - Using Appcall to resolve API names hashes - Anti emulation / debugger tricks - SEH - HW
- Video walkthrough of Mandiant's #Flareon10 Yoda challenge: youtu.be/r_ZSqbkFSsc - Full CTF logic explained - Dealing with instruction shuffling and chunked functions - Dealing with obfuscated API calls - Reverse engineering and decompiling ROP chains into regular functions -
- Understanding how shellcode resolves APIs w/o using GetProcAddress() via the _PEB, _PEB_LDR_DATA, and _LDR_DATA_TABLE_ENTRY structures. Video: youtu.be/mN9LopGgkjk Code link: github.com/0xeb/allthings…
- Understanding the PE+ File Format - Part 4: Entry Points and TLS Callbacks We will learn how to locate and analyze entry points (including TLS callbacks) manually using IDA Pro, Hiew then using an IDAPython script. youtu.be/9K8WaZ53oOs
- Kicking off a new series on understanding the PE+ file format from the ground up using IDA. No PE loaders involved. This series will be educational on several fronts and should also help you learn some handy IDA tricks along the way. Let's do it! 🍿
- Here are my slides for REcon 2024 talk entitled: “A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly” github.com/0xeb/TheBigPro… Beware of your IP address being leaked when using custom GPTs.
- Do you know what that means? You can now play with all 3 IDA GPTs without being a paid customer: - chatgpt.com/g/g-QohtN580d-… - chatgpt.com/g/g-eKf2Iz4XO-… - chatgpt.com/g/g-VgbIr9TQQ-…
- Debugging with IDA: Emulating code from crash dumps - defeating VMP's obfuscated imports youtu.be/7nELoH7lf5Q
- IDA 9.0? If you're an IDA customer, you must have received this exciting announcement email today! Some highlights: - Enhanced Python API for a more Pythonic experience. - Launching library mode for scalable job execution without needing `idat`. - Expanding FLIRT signatures to
- Debugging and understanding remote threads with IDA.
- I hope that by using a practical example (the Hex-Rays CTF challenge 2023), this video can serve as a nice introduction into the Z3 Solver library.
- Ready to master debugging with IDA and WinDbg? Let's get started with the setup video. youtu.be/-nckqCwN4qE
- Here's the ask_ida/IDAPython GPT: chat.openai.com/g/g-QohtN580d-… (It should be slightly better than vanilla ChatGPT)