http://fatihsensoy.com/Recent content in Home on blog@fatihsnsyHugo -- gohugo.ioenSat, 03 Feb 2024 00:00:00 +0000http://fatihsensoy.com/posts/how-hard-could-arm-reversing-be/Sat, 03 Feb 2024 00:00:00 +0000http://fatihsensoy.com/posts/how-hard-could-arm-reversing-be/When I encountered the challenge, I first examined the ELF header and decided to proceed by inspecting the ELF file headers. I observed that the binary was written for the ARM architecture, and since I didn’t have an ARM machine at my disposal, I set up the necessary environment using the QEMU ARM emulator. Additionally, I installed older shared libraries like libssl1.0.0 on my Linux machine for the potential dynamic analysis phase.http://fatihsensoy.com/posts/crack-me-javascript-captains-treasure/Mon, 29 Jan 2024 00:00:00 +0000http://fatihsensoy.com/posts/crack-me-javascript-captains-treasure/In this post, I’ll trying to explain JavaScript reversing basics and approaches with simple crack-me challenge in order to realize inner-workings of typical JS challenge. Challenge This challenge came to me as private email from a company, so I don’t think to release whole challenge to public for the rights of company. So let’s start to digging deep! When I first entered the page, I noticed the long loading time and realized that JS code was running in the background.http://fatihsensoy.com/posts/reversing-cpp-0x01/Thu, 02 Nov 2023 00:00:00 +0000http://fatihsensoy.com/posts/reversing-cpp-0x01/After a short break, we continue with the second article of our series in which we try to make the internal structures of C++ more clear to “Reverse Engineers”. Thank you for your nice comments on the first article, it was nice and motivating to hear from you that such a series is needed. In this article, I will explain the RTTI (Run-Time Type Information) structure, which is one of the biggest features that C++ compilers (actually supported not only in C++ but also in several other languages) offer to the RE community, the advantages it offers us and how we can take advantage of it.http://fatihsensoy.com/posts/reversing-cpp-0x00/Mon, 03 Apr 2023 00:00:00 +0000http://fatihsensoy.com/posts/reversing-cpp-0x00/The more functional and developable a product is, the more complex it is. This complexity made it difficult to create “quality” applications in the software development world where functional programming was previously used effectively. Instead of functional programming, the object-oriented programming paradigm, which was introduced with a higher level approach, was introduced and enabled developers to reveal large projects more clearly by writing code that can be associated with real life.http://fatihsensoy.com/posts/dga-domain-turtle/Thu, 25 Feb 2021 00:00:00 +0000http://fatihsensoy.com/posts/dga-domain-turtle/Domain generation algorithm is a most popular techniques last times by used common malwares. This technique was used by Conficker, Murofet, BankPatch and more malwares. I will explain you how domain generation algorithm work from technical perspective in this blog post. What is the Domain Generation Algorithm (DGA) Domain generation algorithm is liberation way for the malware authors. Before to DGA, malware required connect to command and control server for receive and send own commands.http://fatihsensoy.com/posts/peb-traversal-technique/Wed, 25 Nov 2020 00:00:00 +0000http://fatihsensoy.com/posts/peb-traversal-technique/The battle between threat actors and malware analysts is becoming more and more critical with new techniques, tools and know-how emerging. Threat actors are coming up with different techniques to avoid analysts and security products. In this technical article, I will show you the details of PEB Traversal, an increasingly popular technique, and its implementation with a small example. What is PEB? PEB, which stands for Process Environment Block, is a data structure in the Windows operating system.http://fatihsensoy.com/posts/dlinjector-fast-dll-injection-tool/Fri, 30 Oct 2020 00:00:00 +0000http://fatihsensoy.com/posts/dlinjector-fast-dll-injection-tool/While analyzing malware, I come across different “Process Injection” techniques, the most obvious of which is undoubtedly DLL injection. Of course, we should not marginalize injection methods as only malicious applications use them. In addition to security solutions such as anti-virus, EDR, many applications can also use Process injection methods. While realizing the projects that came to my mind and in order to move more easily on the target process, I was frequently using DLL injection method, which is one of the Process injection techniques.http://fatihsensoy.com/posts/tls-callback-antidebugging/Wed, 26 Aug 2020 00:00:00 +0000http://fatihsensoy.com/posts/tls-callback-antidebugging/Even though malicious applications are offense-oriented, they often demonstrate defensive capabilities in order to sustain their offensive behavior longer and more effectively. In this cat-and-mouse game, one of the biggest goals of malicious actors is to try to prevent their malware from being analyzed as much as possible. Together with you, we will examine and realize a technique that we often hear about, which is outdated but can be considered the beginning of the cat-and-mouse game.http://fatihsensoy.com/posts/behind-the-curtain-0x00/Sun, 10 May 2020 00:00:00 +0000http://fatihsensoy.com/posts/behind-the-curtain-0x00/Greetings friends… Malware analysis reports appear every day, every week and every month. In the content of the reports, we often see statements such as “Technical analysis revealed an obfuscated IP address” or “Decryption revealed a malicious URL”. Well, you did decryption and found the obfuscated URL, but how did you do it? Based on this problem, I realized that there is not much content on how to do decryption in the market.http://fatihsensoy.com/posts/process-injection-techniques/Thu, 30 Apr 2020 00:00:00 +0000http://fatihsensoy.com/posts/process-injection-techniques/Have you ever noticed that a legitimate system application exhibits unusual behavior such as excessive consumption of system resources and unusual network activity? I answer questions such as “Is svchost.exe a virus?”, which we often encounter in forums, with the most technical details from a different side of the business. In this article, which is a tutorial, I explained Process Injection Techniques as detailed and descriptive as possible. What is Process Injection?http://fatihsensoy.com/posts/practical-wireshark-filters/Wed, 25 Mar 2020 00:00:00 +0000http://fatihsensoy.com/posts/practical-wireshark-filters/We all know Wireshark, the popular and best packet analysis tool in its field, used by malware analysts to detect errors in C&C servers, Network and System Administrators. Some of us examine 100,000 packets one by one, while some of us make direct pinpointing with the legendary feature called FILTER. Of course, we did not write this article for the first option 🙂 I have compiled 20 Wireshark Filters for you to find what you are looking for while doing network packet analysis.http://fatihsensoy.com/posts/radare2-there-is-no-reversing-without-it/Tue, 04 Feb 2020 00:00:00 +0000http://fatihsensoy.com/posts/radare2-there-is-no-reversing-without-it/Greetings to everyone, friends. In this technical article, I will give you a short but useful introduction of Radare2, which you have heard of frequently, and which you can keep as a note in your hand. What is Radare2? Radare2 is both a disassembler and a debugger. We can define it as a tool that is 2-3 times more capable than IDA and Ollydbg combined. If you define yourself as a Reverse Engineer, it is a tool that I think you should know even at a basic level.http://fatihsensoy.com/pages/about/Mon, 01 Jan 0001 00:00:00 +0000http://fatihsensoy.com/pages/about/Greetings, I am Fatih! I’m a Security Researcher focused on Reverse Engineering and its sub-disciplines. I have a curious, problem-solving personality and I love to do technical research, improve myself and share what I know in the field of Computer Science, Cybersecurity, Programming and Reverse Engineering. Areas I am interested in Reverse Engineering Low/Medium Programming Malware Analysis Windows Internals Source Code Analysis Software Security Binary Exploitation Studies Red Team & Blue Team Studies Advanced Technical Training You can access the links below to have more information about me or to contact me.