YARA rules, a cybersecurity innovation introduced by VirusTotal in 2013, have emerged as an indispensable tool for classifying malware based on textual or binary patterns. These rules drive a significant portion of the detections seen within security products, hence the importance of understanding their utility and function.
Main Text Tutorial -> Learning Yara Rules for Malware Analy...
2023-06-28 17:04:21 +0000 UTC
View Post
Software Development: SEH and Antidebug
Structured Exception Handling (SEH) and Antidebug mechanisms are vital in software development for ensuring code stability and protection from unauthorized manipulations. Using register flags and exploiting SEH allows detection of debuggers, an action made simpler with C/C++ combined with inline assembly.
Read the full article here: 2023-06-27 18:49:04 +0000 UTC
View Post
DESOLATE
K382A-9CD53-0AMT5
Niche - a genetics survival game
R4LKV-J4XZ2-5T7Y2
2023-06-23 20:47:29 +0000 UTC
View Post
This unique strategy can be utilized for a vast majority of 3D games, making it a universal trick in your gaming toolbox. If you're keen on exploring the depths of this game hacking technique, dive into this introductory tutorial.
Prepping Up
Prior to plunging into the core of this guide, ensure that you have Sekiro loaded as a saved game and that Chea...
2023-06-21 18:24:24 +0000 UTC
View Post
Unreal Engine's UKismetStringLibrary offers an array of functions for manipulating FString objects. FString is an internal data type used to store wide-char characters as arrays. Unlike C++ strings, FString length encompasses the null terminator, effectively increasing the string length by one. This functionality is particularly relevant in reverse engineering. An example FString "Hello" has a size of 6 (5 characters + 1 null terminator), leading to a total allocated byte count of 12.
<...
2023-06-18 18:49:42 +0000 UTC
View Post
Tropico 5 Steam Key GLOBAL
RQJY0-K3PQN-CKGG5
Hacknet Steam Key GLOBAL
JNX70-L800D-CHMGY
2023-06-16 22:13:32 +0000 UTC
View Post
💻 How to Reverse Go Binaries
👾 Increasingly popular for malware
💾 GoLang vs C binaries: size matters
🔍 Detect GoLang via string inspection
🔧 Stripped binaries? Recover info with scripts
💡 GoLang scripts for IDA Pro and Ghidra
In the realm of GoLang reverse engineering, one needs to navigate the challenges that come with the size of Go bin...
2023-06-14 21:19:22 +0000 UTC
View Post
💻 How To Bypass Debug Flag Detection
🔍 Continuing our Anti-Debug Series
⚙️ PEB->NtGlobalFlag
🏗️ PEB->BeingDebugged
📡 GetProcessHeap->Flags
😎 Overwrite the flags to bypass
Debug Flags, integral components of Windows Internals structures, are crucial tools for both developers and hackers due to their si...
2023-06-13 18:04:20 +0000 UTC
View Post
Baldur's Gate II: Enhanced Edition
L8FR3-6WJRR-RZNJH
Crazy guy
Z6VPQ-5W43X-C42J4
2023-06-12 03:12:31 +0000 UTC
View Post
🎮 Spawning objects in Unreal Engine 4
🔎 UGameplayStatics: Key for object spawn.
📚 Dive into Unreal Engine BFL utilities.
🛠️ GameplayStatics: a modder's best friend.
📘 BlueprintFunctionLibrary: a must-read.
🕹️ UGameplayStatics: Your object spawner.
⚙️ UFunctions: SpawnObject, OpenLevel, etc....
2023-06-09 18:53:22 +0000 UTC
View Post
The article provides a comprehensive guide on modifying environment variables in Windows using C++ and the Windows API. It introduces readers to the concept of the Windows Registry and its structure, including Keys, SubKeys, and Values. The article then delves into specific Windows API functions that interact with the Registry: RegCreateKey, RegSetValueEx, and Reg...
2023-06-08 19:49:02 +0000 UTC
View Post
🎮 Return address spoofing: changing game dynamics
🕹️ Alters program control flow, disrupts intended behavior
💻 Execution mechanism overwritten via exploits like buffer overflow
🔒 Not an easy game: modern OS and software employ safeguards
🛡️ Techniques like ASLR, non-executable stack add complexity
🎯 In game hacking though, things...
2023-06-07 17:53:32 +0000 UTC
View Post
This article will teach you about what Window environment variables are, how are environment variables on Windows stored, what are the Windows API functions that help you manipulate the environment variables, How to use these Windows API functions and more.
The Windows API is extremely useful and powerful. It helps us manipulate multiple things on Windows witho...
2023-06-06 22:29:14 +0000 UTC
View Post
To find interesting malware I sometimes scroll through the public reports of the Triage sandbox website where different users will execute their malware. I stumbled across the malware for this video as it had a high score but no family detected which means that the employees at Triage have not written a detection for the malware meaning that it hasn't been covered yet which is qui...
2023-06-04 17:58:14 +0000 UTC
View Post
Prison Architect
5GDJ0-L6GQB-Q6QCY
Hacknet
90RZP-HVYZJ-N5KHG
Nuclear Fighter
WY2H7-ZLQJ4-ZEQRH
2023-06-04 17:42:57 +0000 UTC
View Post
Welcome to our comprehensive walkthrough on creating a super speed hack for the mountainous world of Sekiro! We'll be delving deep into the mechanics of manipulating distances and velocities to achieve an exhilarating speed boost. Using Cheat Engine, you can adjust your character's movement speed to swiftly navigate through the game. By correctly identifying the relevant memory addresses, you can effectively control the Cheat Engine movement speed parameters for your game character
Bef...
2023-05-31 17:33:47 +0000 UTC
View Post
Homefront
L2DNE-N6YZ4-TJIFK
Tales of Berseria
HV84P-W5MDB-V0LTY
2023-05-29 20:05:09 +0000 UTC
View Post
IMGUI Menu Tutorial
Welcome to this comprehensive imgui tutorial focusing on C++ IMGUI menus. The primary target audience here are reverse engineers like us, who develop imgui cheat menus. Our mission today is to discuss several essential aspects, including images, fonts, icons, styling, separators, animated borders, and text.
- How to Add Images
Starti...
2023-05-21 15:23:06 +0000 UTC
View Post
Road Redemption
2I44W-L4XQN-ZEGTQ
Red points
YLRMN-768CP-LIEDM
2023-05-20 19:25:40 +0000 UTC
View Post
Cheat Engine's Ultimap is a powerful tool that can help you understand more about a game's internal operations, particularly when it comes to the execution flow of the game's code. This is a valuable resource when you're reverse engineering games, as it can give you insight into how the game works at a much more fundamental level than just observing its external beha...
2023-05-17 20:02:42 +0000 UTC
View Post
Command and control web panels are an incredibly important part of malware and malware analysis. These web panels are where the threat actors will take control of their victims and task their malware. Commonly these web panels are written in PHP but over the years have been changing into different languages. They are usually hosted on port 443 or 80 on a webserver where the gate for the malware will also lay along with with the command and control panel. Because these web panels are a great w...
2023-05-14 15:22:02 +0000 UTC
View Post
Metro 2033 Redux
2I44W-L4XQN-ZEGTQ
Bouncing traveler
WP805-PBTYZ-K94IE
2023-05-14 02:55:58 +0000 UTC
View Post
Unreal Engine Blueprint Function Library, or BFL, is a set of UClasses mostly comprised of static functions that provide utility functionality that is not bound to any particular gameplay object. In this tutorial we present a simple introduction to BFL and how we can use them to exponentially improve our reverse engineering experience.
🎮 Unreal Engine'...
2023-05-12 20:24:35 +0000 UTC
View Post
Welcome to the world of virtual memory, a key concept in computer science that allows your operating system to create the illusion of having more memory than physically available. Let's embark on this journey to understand what exactly virtual memory is, how it works, and its significance.
Welcome to virtual memory: OS's illusion of limitless RAM. Understan...
2023-05-11 18:43:12 +0000 UTC
View Post
Scratching your head over how to snag the Direct3D9 Device Pointer? Typically, when the goal is to render in DirectX 9 via our cheat, our eyes are set on tracking down a pointer leading to the DirectX device. Having that D3D9 device pointer in our possession, we can set a hook on EndScene and kickstart the rendering capabilities. In this write-up, we'll dive into a nifty trick to grab hold of this pointer without the need to dig through memory - the trusty Dummy Device Method.
W...
2023-05-10 19:40:29 +0000 UTC
View Post
Fallout 3
D9CDL-KJJDB-PP5BC
Station 99
XLT7X-ICDK6-9JQKM
2023-05-09 22:28:16 +0000 UTC
View Post
Have you ever wondered why a program does not start when you run it in a debugger? In this article we'll look briefly at the Windows heap, low fragmentation heap policy, and how we can apply this to an anti-debug technique called LFH antidebug. Additionally, we will see how you can bypass this trick in order to prevent this detection.
Low Fragmentaktion Heap AntiDebug...
2023-05-09 21:45:15 +0000 UTC
View Post
In the previous articles you've learned how to write code in Java, and how to call native code from your Java applications. In this article we're going to put all of the pieces together and write a fully functional external hack in Java! We're going to start by implementing basic external hack scaffolding, and finish with a simple Assault Cube demonstration you can download, read, and modify.
Writing a 2023-05-08 20:32:50 +0000 UTC
View Post
In this walkthrough, we will analyze a North Korean malware campaign targeting individuals in South Korea. This coverage was inspired by a blog recently released by Checkpoint Research they outline many of these different lures which then drops the ROKRAT...
2023-05-07 16:37:15 +0000 UTC
View Post