Logo

Tools @Testlab

  • Static analysis
  • Disassemblers
  • Debuggers
  • Decompilers
  • Program editing tools
  • Analysis automation programming
  • Software forensic tools
  • Malware analysis tools
  • Binary analysis VM

Binary formats

  • Introduction
    • What?
    • Why?
    • How?
  • Anatomy of binaries
    • C compilation process
    • Symbols and stripping
    • Disassembling a binary
    • Loading and executing
      • Running a binary
      • Interpreter
  • Executable and Linkable Format (ELF)
    • Executable header
      • e_ident
      • e_type, e_machine, and e_version
      • e_entry
      • e_phoff and e_shoff
      • e_flags
      • e_ehsize
      • e_*entsize and e_*num
      • e_shstrndx
    • Section headers
      • sh_name
      • sh_type
      • sh_flags
      • sh_addr, sh_offset, and sh_size
      • sh_link
      • sh_info
      • sh_addralign
      • sh_entsize
    • Sections
      • .init and .fini
      • .text
      • .bss, .data, and .rodata
      • .plt, .got, and .got.plt
      • .rel.* and .rela.*
      • .dynamic
      • .init_array and .fini_array
      • shstrtab, .symtab, .strtab, .dynsym, and .dynstr
    • Program headers
      • p_type
      • p_flags
      • p_offset, p_vaddr, p_paddr, p_filesz, and p_memsz
      • p_align
  • Portable Executable (PE) format
    • MS-DOS header
    • PE Signature, File Header, and Optional Header
      • PE Signature
      • PE File Header
      • PE Optional Header
    • Section Header table
    • Sections
      • .edata and .idata
      • Padding

Cracking

  • Introduction
    • What?
    • Why?
    • How?
  • Assessment and static analysis
    • Origins
    • Existing information
    • Viewing the file and extracting its text strings
    • File information
    • Static analysis
  • Reverse engineering in Linux
    • Compilation
    • Identification
    • objdump
    • ltrace
    • strace
    • gdb
    • radare2
    • Getting a password
      • Static
    • Dynamic
  • Reverse engineering in Windows
  • WebAssembly (WASM)
    • Resources

RE applications @GitHub

  • macOS Reverse Engineering framework
  • Windows Reverse Engineering framework
  • Linux Reverse Engineering framework
  • Code snippets for using WASM

Malware analysis

  • Introduction
    • What?
    • Why?
    • How?
  • History of malware
  • Typical behaviours
  • Purpose of a malware attack
  • Malware signatures
  • Static and dynamic analysis
    • Static
    • Dynamic
    • Resources
  • Packers
    • Identifying packers

Malware analysis code @GitHub

  • Memory analysis
  • Virtual function reverse engineering tool
  • Analysing Anti-Reverse engineering tricks
  • PE/ELF header parser
  • Dynamic analysis for API monitoring

Root-me cracking challenges

  • Introduction
    • What?
    • Why?
    • How?
  • ELF x86 0 protection
    • Resources
  • ELF x86 basic
    • Resources
  • PE x86 0 protection
    • Resources
  • ELF C++ 0 protection
    • Resources
  • Godot 0 protection
    • Resources
  • PE x86 0 protection
    • Resources
  • ELF MIPS basic crackme
    • Resources
  • ELF x64 golang basic
    • Resources
  • ELF x86 fake instructions
    • Resources
  • ELF x86 ptrace
    • Resources
  • Godot bytecode
    • Resources
  • WASM introduction
    • Resources
  • ELF ARM basic crackme
    • Resources
  • Godot mono
    • Resources
  • PYC bytecode
    • Resources
  • ELF x86 no software breakpoints
  • ELF ARM crackme 1337
    • Resources
  • ELF x86 crackpass
  • ELF x86 exploitme
  • ELF x86 random crackme
  • GB basic Game Boy crackme
    • Resources
  • APK anti-debug

TryHackMe rooms

  • Introduction
    • What?
    • Why?
    • How?
  • Analysing malicious pdfs
    • Questions
  • Analysing malicious Microsoft Office macros
    • Questions
  • I hope you packed your bags
    • Packing/unpacking
    • Identifying packers
    • Questions
  • THM Dunkle Materie
    • Questions

More practice

  • Malware traffic analysis exercises
  • theZoo - A Live Malware Repository
  • crackmes.one
Cracking nuts & malware analysis
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

What?

Executable file format root-me challenges.

Why?

Dive into real binary formats.

How?

  • ELF x86 0 protection

  • ELF x86 basic

  • PE x86 0 protection

  • ELF C++ 0 protection

  • Godot 0 protection

  • PE DotNet 0 protection

  • ELF MIPS basic crackme

  • ELF x64 golang basic

  • ELF x86 fake instructions

  • ELF x86 ptrace

  • Godot bytecode

  • WASM introduction

  • ELF ARM basic crackme

  • Godot mono

  • PYC bytecode

  • ELF x86 no software breakpoints

  • ELF ARM crackme 1337

  • ELF x86 crackpass

  • ELF x86 exploitme

  • ELF x86 random crackme

  • GB basic Game Boy crackme

  • APK anti-debug

Previous Next
Unseen University, 2025, with a forest garden fostered by /ut7.