Reverse Engineering
Dynamic Analysis
Analysis of binaries and files can be done while running them!
EDB Bugger
edb-bugger is a great tool for debugging. It is also available via the command line on some distros!
Binaries
Reverse engineering challenges often have to do with examining binaries and re-creating the flag for yourself.
Binwalk
A command to look through a binary.
binwalk -e firmware.binGhidra
Use ghidra to reverse engineer all binaries.
UPX
Some binaries are packed, you can use UPX to unpack binaries. The best way to check for packing is to check for entropy. The command to run is upx -d.
Go Binaries
If the binaries are written in Go, you can use pygore or goretk.
x32/x64dbg
Some binaries require you to set breakpoints and analysis registers, the best tool is x64dbg.
Static Analysis
Analysis of executables or binaries can be done statically.
Checksec
Use checksec to determine if the file is position independent (PIE).
Ghidra
Use ghidra to reverse engineer all binaries.
XXD
The xxd command returns a hexdump of the executable.
Objdump
Objdump is a command to display object data of a file.
Detect It Easy
Use Detect It Easy to determine if something is packed and it's entry point.
CFF Explorer
Use CFF Explorer to look at executable, similar to Detect It Easy.
UPX
Some binaries are packed, you can use UPX to unpack binaries. The command to run for unpacking is upx -d.
Cobalt Strike Beacons
1768 is a great tool to analyze CS beacons that require investigation.
Java
Some challenges in CTFs require analysis of Java code.
Disassemble
Analyze java code using javap -c file.class on the command line.
Code
Some reverse engineering challenges require you to review code and see what it does.
Code Beautifier
There is an awesome code beautifier, especially with PHP herehttps://github.com/unode/firefox_decrypt
VBScript Encryption/Decryption
If there is any mention of WScript or VBScript, use the decryption tool here.
Last updated