#Cyber_Detective

Introduction In this post, I will try to solve oracle level 3 challenge from chapter 5 of practical binary analysis book using Rair which is a Reverse Engineering Framework that's under development. Briefly, Its rewrite of radare2 but in rust to become more memory safe and more stable along with superior features that are under development. Today, I will just use Rair hex-editor feature for patching the ELF Binary file to solve our challenge. Installation in Linux 1. Install Rust. 2. Add Rust to your system PATH manually. 3. Use cargo Rust’s build system and package manager to download Rair. Level-3 Analysis At the start, I execute the lvl3 binary and kinda get an error that file has an invalid format.   Also, when I tried to check the file format of lvl3 using file utility command I still get an error. Now we know something wrong is going on with format and we need to dig deeper by checking ELF headers to know what causes this error with t...

Introduction In my first post, I will analyze the dropper of Shamoon 3.0 malware which is windows service executable that differs from a normal executable structure and execution method. So by analyzing dropper of Shamoon 3.0, we can understand: 1) windows service structure. 2) how to analyze & debug windows service.    So let us understand what's windows service and how it structured before jumping to Analysis. Windows service program a program that executed by Service Control Manager (SCM) and conforms to its rules. it runs in the background with no GUI interface as it doesn't need a user to interact with it. It can be started automatically at system boot. Windows Service Structure The Window Service Structure program consists of three important functions as seen in windows service structure Figure: 1. Main entry point function  the main function of the windows service program, its goal to inform the...