Dynamic Analysis
Analysis of binaries and files can be done while running them!
edb-bugger is a great tool for debugging. It is also available via the command line on some distros!
Reverse engineering challenges often have to do with examining binaries and re-creating the flag for yourself.
A command to look through a binary.
binwalk -e firmware.bin
Use ghidra to reverse engineer all binaries.
Some binaries are packed, you can use UPX to unpack binaries. The best way to check for packing is to check for entropy. The command to run is upx -d.
If the binaries are written in Go, you can use pygore or goretk.
Some binaries require you to set breakpoints and analysis registers, the best tool is x64dbg.
Static Analysis
Analysis of executables or binaries can be done statically.
Use checksec to determine if the file is position independent (PIE).
Use ghidra to reverse engineer all binaries.
The xxd command returns a hexdump of the executable.
Objdump is a command to display object data of a file.
Use Detect It Easy to determine if something is packed and it's entry point.
Use CFF Explorer to look at executable, similar to Detect It Easy.
Some binaries are packed, you can use UPX to unpack binaries. The command to run for unpacking is upx -d.
Cobalt Strike Beacons
1768 is a great tool to analyze CS beacons that require investigation.
Some challenges in CTFs require analysis of Java code.
Analyze java code using javap -c file.class on the command line.
Some reverse engineering challenges require you to review code and see what it does.
Code Beautifier
There is an awesome code beautifier, especially with PHP herehttps://github.com/unode/firefox_decrypt
VBScript Encryption/Decryption
If there is any mention of WScript or VBScript, use the decryption tool here.
Last updated