Alexander DunkelJan 20

Just performed binary surgery on my own 13-year-old #cartography software [1] to keep it alive for students.

Modern servers were rejecting the app's old security protocols. I used #dnSpy [2] to inject a TLS 1.2 enforcement directly into the ClipGeo.exe and re-routed the hardcoded map calls to a working provider.

Never edited dll's before.. A great lesson in software preservation and dependencies!

[1]: https://github.com/Sieboldianus/ClipGeo
[2]: https://dnspy.org/

HabrNov 4

Три неудачных патча и одно озарение: реверсим клиентскую аутентификацию на HTB

Название: Bypass Категория: Reversing Сложность: Easy Ссылка: https://app.hackthebox.com/challenges/Bypass Разбираю задачу Bypass с Hack The Box. Путь от трех неудачных патчей в IDA Pro до элегантного решения с помощью dnSpy. Показываю, как выбор правильного инструмента решает всё.

https://habr.com/ru/articles/963086/

#hacking #hackthebox #реверсинжиниринг #htb #writeup #bypass #ida_pro #net #c# #dnspy

Hack The Box

Muminpappa 🇪🇺🇺🇦Aug 17, 2024
TIL: #dnSpyEx https://github.com/dnSpyEx is the continuation of the #dnSpy project, a #dotnet #debugger and #assembly editor. #til
dnSpyEx

Continuation of the dnSpy project. dnSpyEx has 9 repositories available. Follow their code on GitHub.

GitHub
lemmingMay 8, 2024

TIL: There is an unofficial, maintained, fork of #dnSpy: #dnSpyEx

https://github.com/dnSpyEx/dnSpy

GitHub - dnSpyEx/dnSpy: Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

Unofficial revival of the well known .NET debugger and assembly editor, dnSpy - dnSpyEx/dnSpy

GitHub
HabrMay 5, 2024

Реверс и анализ Keyzetsu Clipper

Недавно я увидел новость о появлении на GitHub фальшивых репозиториев, которые обманом заставляют жертв скачивать вредонос, угрожающий безопасности их криптоактивов. Вредонос называется Keyzetsu Clipper, и в тот момент мне очень захотелось узнать, как работают настоящие вирусы. До этого у меня только был опыт учатсия в разных CTF. И тут я понял, что пришло время испытать свои силы на реальном примере. В данной статье я провел полный анализ и реверс Keyzetsu Clipper, начиная от распаковки и расшифровки до анализа функций персистенца, коммуникации и замены кошельков.

https://habr.com/ru/articles/812435/

#IDA #dnSpy #reverseengineering #Python

Реверс и анализ Keyzetsu Clipper

Недавно я увидел новость о появлении на GitHub фальшивых репозиториев, которые обманом заставляют жертв скачивать вредонос, угрожающий безопасности их криптоактивов. Вредонос...

Хабр
      0xD Dec 9, 2023
Day 8 done #adventofcyber2023 #adventofcyber #malwareanalysis #dnspy #tryhackme
WashiSep 23, 2023

Earlier this month I found a way to consistently pop calculators in #dnSpy by opening a file and clicking some nodes in its browser.

Today I release a write-up on how this can be done:

👉 https://blog.washi.dev/posts/popping-calcs-in-dnspy/

Update dnSpy if you haven't already!

#dotnet #reversing #bug

A problem with .NET Self-Contained Apps and how to pop calculators in dnSpy

Programming languages that operate on a virtual machine often promise safety guards against many unsafe operations. However, virtual machines can have pretty serious bugs. In this post, we explore one interesting limitation of self-contained applications in .NET, and see how we can exploit it to pop calculators from our trusty decompiler dnSpy:

Washi
polaryseJul 5, 2023
It's been a minute, but here is my write up on WannaSmile ransomware. A nicely deobfuscated sample. I'll be updating this post soon with a decryptor written in python. https://polaryse.github.io/posts/wannasmile/
#reverseengineering #ransomware #malware #eCrime #YARA #dnSpy
You make me WannaSmile

Analysis of ‘WannaSmile’ ransomware using dnSpy to pull apart and understand the behaviour and crypto functions used by this binary to encrypt machines.

Malware Analysis: Or How I Learned To Love Frustration
WashiJan 8, 2023

Time for another blog post!

This time we are tackling .NET debuggers and make them display garbage data with the help of proxy objects and debugger display attributes.

Full post: https://washi.dev/blog/posts/debugger-proxy-objects/
PoC Implementation: https://github.com/Washi1337/ProxyObjects

#dotnet #obfuscation #reversing #asmresolver #cil #dnspy #decompiler #debugger #poc

Confusing .NET Debuggers: Proxy Objects

.NET decompilers and debuggers have become very good at helping reverse engineers figure out the inner workings of a program. However, they also make a lot of assumptions that can be used against them. In this post, we will explore a method that can be used to trick the debugger into hiding a lot of important information during a debugging session.

Washi