Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-25Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20220125:exhaustively:bbe8a55, author = {Rolf Rolles}, title = {{An Exhaustively Analyzed IDB for ComLook}}, date = {2022-01-25}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2022/1/25/an-exhaustively-analyzed-idb-for-comlook}, language = {English}, urldate = {2022-01-28} } An Exhaustively Analyzed IDB for ComLook
ComLook
2021-06-01Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20210601:hexrays:d1f9216, author = {Rolf Rolles}, title = {{Hex-Rays, GetProcAddress, and Malware Analysis}}, date = {2021-06-01}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2021/6/1/hex-rays-getprocaddress-and-malware-analysis}, language = {English}, urldate = {2021-06-09} } Hex-Rays, GetProcAddress, and Malware Analysis
2021-03-02Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20210302:exhaustivelyanalyzed:ea1e91f, author = {Rolf Rolles}, title = {{An Exhaustively-Analyzed IDB for FlawedGrace}}, date = {2021-03-02}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2021/3/2/an-exhaustively-analyzed-idb-for-flawedgrace}, language = {English}, urldate = {2021-03-04} } An Exhaustively-Analyzed IDB for FlawedGrace
FlawedGrace
2020-09-01Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20200901:exhaustivelyanalyzed:0a5410d, author = {Rolf Rolles}, title = {{An Exhaustively-Analyzed IDB for ComRAT v4}}, date = {2020-09-01}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2020/8/31/an-exhaustively-analyzed-idb-for-comrat-v4}, language = {English}, urldate = {2020-09-01} } An Exhaustively-Analyzed IDB for ComRAT v4
Agent.BTZ
2019-01-14Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20190114:quick:42a2552, author = {Rolf Rolles}, title = {{A Quick Solution to an Ugly Reverse Engineering Problem}}, date = {2019-01-14}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2019/1/14/a-quick-solution-to-an-ugly-reverse-engineering-problem}, language = {English}, urldate = {2020-01-13} } A Quick Solution to an Ugly Reverse Engineering Problem
FlawedGrace
2018-09-19Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180919:hexrays:1afcc0c, author = {Rolf Rolles}, title = {{Hex-Rays Microcode API vs. Obfuscating Compiler}}, date = {2018-09-19}, organization = {Möbius Strip Reverse Engineering}, url = {http://www.hexblog.com/?p=1248}, language = {English}, urldate = {2019-10-28} } Hex-Rays Microcode API vs. Obfuscating Compiler
Ghost RAT
2018-09-02Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180902:weekend:2f137ab, author = {Rolf Rolles}, title = {{Weekend Project: A Custom IDA Loader Module For The Hidden Bee Malware Family}}, date = {2018-09-02}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/9/2/weekend-project-a-custom-ida-loader-module-for-the-hidden-bee-malware-family}, language = {English}, urldate = {2022-02-01} } Weekend Project: A Custom IDA Loader Module For The Hidden Bee Malware Family
Hidden Bee
2018-02-21Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180221:finspy:bc28bff, author = {Rolf Rolles}, title = {{FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #4: Second Attempt At Devirtualization}}, date = {2018-02-21}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/2/21/devirtualizing-finspy-phase-4-second-attempt-at-devirtualization}, language = {English}, urldate = {2022-02-04} } FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #4: Second Attempt At Devirtualization
FinFisher RAT
2018-02-21Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180221:finspy:2fb22e0, author = {Rolf Rolles}, title = {{FinSpy VM Unpacking Tutorial Part 3: Devirtualization}}, date = {2018-02-21}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization}, language = {English}, urldate = {2022-02-01} } FinSpy VM Unpacking Tutorial Part 3: Devirtualization
FinFisher RAT
2018-02-21Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180221:finspy:52ff2fd, author = {Rolf Rolles}, title = {{FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #2: First Attempt At Devirtualization}}, date = {2018-02-21}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/2/21/devirtualizing-finspy-phase-2-first-attempt-at-devirtualization}, language = {English}, urldate = {2022-02-04} } FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #2: First Attempt At Devirtualization
FinFisher RAT
2018-02-21Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180221:finspy:1af9ae6, author = {Rolf Rolles}, title = {{FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #3: Fixing The Function-Related Issues}}, date = {2018-02-21}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/2/21/devirtualizing-finspy-phase-3-fixing-the-function-related-issues}, language = {English}, urldate = {2022-02-04} } FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #3: Fixing The Function-Related Issues
FinFisher RAT
2018-02-21GitHub (RolfRolles)Rolf Rolles
@online{rolles:20180221:finspyvm:446202c, author = {Rolf Rolles}, title = {{FinSpyVM (Static Unpacker for FinSpyVM)}}, date = {2018-02-21}, organization = {GitHub (RolfRolles)}, url = {https://github.com/RolfRolles/FinSpyVM}, language = {English}, urldate = {2022-02-02} } FinSpyVM (Static Unpacker for FinSpyVM)
FinFisher RAT
2018-02-21Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180221:finspy:21e33d3, author = {Rolf Rolles}, title = {{FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #1: Deobfuscating FinSpy VM Bytecode Programs}}, date = {2018-02-21}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2018/2/21/wsbjxrs1jjw7qi4trk9t3qy6hr7dye}, language = {English}, urldate = {2022-02-04} } FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #1: Deobfuscating FinSpy VM Bytecode Programs
FinFisher RAT
2018-01-23Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20180123:walkthrough:afbbb08, author = {Rolf Rolles}, title = {{A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM: Part One, x86 Deobfuscation}}, date = {2018-01-23}, organization = {Möbius Strip Reverse Engineering}, url = {http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation}, language = {English}, urldate = {2020-01-08} } A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM: Part One, x86 Deobfuscation
FinFisher RAT