#Reverse-Engineering

9 posts

Reconstructing the Puzzle: Automating Malware String and IAT Recovery
April 19, 2026 ·6 min read
Recently, I’ve been working on a malware sample that arrived with almost no static strings and a completely empty Import Table—a clear sign that it’s been obfuscated. String Deobfuscation Looking around the …
#malware-analysis#reverse-engineering#deobfuscation#ida#flare-emu
Lại Thêm Một Vụ Mất Tiền Do Lừa Đảo Tải App Dịch Vụ Công
February 1, 2026 ·6 min read
Gần đây, khi lướt Facebook, tôi thấy có bài cảnh báo về việc kẻ gian dụ nạn nhân cài ứng dụng chứa mã độc để chiếm đoạt tiền trong tài khoản ngân hàng. Chi tiết tại bài viết trên Facebook. Thủ đoạn này không mới nhưng …
#malware-analysis#reverse-engineering#android#phishing
Analyzing a Cobalt Strike Payload: DLL Hijacking, Alcatraz Obfuscation, and Reflective Loading
December 20, 2025 ·10 min read
This analysis covers a multi-stage attack chain designed for stealth and persistence: starting with a PDF-themed phishing lure that uses DLL sideloading via a legitimate Logitech binary, it employs Alcatraz obfuscation …
#malware-analysis#reverse-engineering#deobfuscation#dll-hijacking#ida
ACS 2025: A Busan Victory with KMA.LightBlue
November 25, 2025 ·26 min read
The new season of ASEAN Cyber Shield (ACS) has arrived, and once again, I was selected to represent our university at ACS 2025 in Busan, Korea. This time, I competed with team KMA.LightBlue. As the final installment of …
#ctf#writeup#reverse-engineering#acs
Devirtualizing Tigress Challenge 0 with Triton
July 28, 2025 ·10 min read
Virtualization Obfuscation Virtualization obfuscation is designed to make static analysis boring, noisy, and slow. Instead of compiling logic directly into normal machine code, an obfuscator translates it into bytecode …
#reverse-engineering#deobfuscation#symbolic-execution#tutorial#triton#python
Analyzing a Payload: Sandbox Evasion, EDR Hook Bypassing, and API Recovery
May 13, 2025 ·6 min read
Currently, I am analyzing a malware payload that employs various techniques to evade detection and hinder analysis. 1. Initial Assessment The initial file is unusually large, weighing in at approximately 91MB. Upon …
#malware-analysis#reverse-engineering#sandbox-evasion#edr-bypass#ida
How to Convert EXEs to DLLs: PE Internals and Practical Steps
January 20, 2025 ·7 min read
If you’ve worked with Windows applications, you’re likely familiar with EXE (executable) and DLL (dynamic link library) files. While these file types serve different purposes, they share a common underlying structure …
#reverse-engineering#windows#pe-format#tutorial#cpp
Low-Level Interception: A Guide to Windows NT API Hooking
January 9, 2025 ·4 min read
The Windows NT API is the lowest level of user-mode interaction with the operating system. While most developers use the Win32 API (CreateFile, ReadFile), these functions are ultimately wrappers around the underlying NT …
#reverse-engineering#windows#hooking#nt-api#tutorial#cpp
ACS 2024: A Silver Journey in Ha Long with KMA.Qrange
November 25, 2024 ·18 min read
Recently, my team and I were chosen by our university to represent them as KMA.Qrange at the ASEAN Cyber Shield (ACS) 2024 in Ha Long. We finished in 2nd place in the Student Division. The competition, organized by the …
#ctf#writeup#reverse-engineering#acs