├── README.md ├── exercises ├── aes-pe-loader.md ├── badnews-scripting-v1.md ├── badnews-scripting-v2.md ├── dipper-into-flawed-downloader.md ├── downrage-scripting.md ├── downrage.md ├── filewiper.md ├── flawed-downloader.md ├── hamweq.md ├── maze-packer.md ├── ned-dn-loader.md ├── netwalker.md ├── phorpiex.md ├── revil-api-hashing.md ├── revil-string-deobfuscation.md ├── zlob-scripting.md └── zlob.md ├── ghIDA-MainWindow.kbxml ├── ghIDA.kbxml ├── lecture-notes ├── algorithm-identification.md ├── algorithm-identification.png ├── algorithm-table.md ├── reversing-class.md └── secret-solutions.md ├── scripts ├── java │ ├── Amadey.java │ ├── ClearThisShit.java │ ├── DownRageStrings.java │ ├── FunctionsWithCallCount.java │ ├── GoogleSelection.java │ ├── HamweqStrings.java │ ├── KpotStealerStrings.java │ ├── ListCallsWithXrefs.java │ ├── MalREGhidraScript.java │ ├── NetWalkerAPIHashes.java │ ├── NopAllCalls.java │ ├── NopThisShit.java │ ├── RC4.java │ ├── REvilAPIHashLabeller.java │ ├── SedUpLoaderStringDecryption.java │ ├── ShamoonStringDeobfuscation.java │ ├── SodinokibiREvilStrings.java │ ├── StackStringEmulator.java │ ├── TofseeStringDecryption.java │ ├── UnSprint.java │ ├── YaraScan.java │ ├── ZLoaderStrings.java │ └── x64DbgLabeler.java ├── python │ ├── Sofacy.py │ ├── api_hashing_revil.py │ ├── aplib.py │ ├── get_pe_build_time.py │ ├── get_pe_exports.json │ ├── get_pe_exports.py │ ├── unpack_dipper_payload.py │ └── unpack_dipper_shellcode.py └── solutions │ ├── BadnewsStackStrings.java │ ├── DownRageAllStrings.java │ ├── DownRageDeobfuscateString.java │ ├── HamweqPatchMemory.java │ ├── ListFunctionsWithXRefCount.java │ └── NopThisShit.java └── yara └── algos.yara /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/README.md -------------------------------------------------------------------------------- /exercises/aes-pe-loader.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/aes-pe-loader.md -------------------------------------------------------------------------------- /exercises/badnews-scripting-v1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/badnews-scripting-v1.md -------------------------------------------------------------------------------- /exercises/badnews-scripting-v2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/badnews-scripting-v2.md -------------------------------------------------------------------------------- /exercises/dipper-into-flawed-downloader.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/dipper-into-flawed-downloader.md -------------------------------------------------------------------------------- /exercises/downrage-scripting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/downrage-scripting.md -------------------------------------------------------------------------------- /exercises/downrage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/downrage.md -------------------------------------------------------------------------------- /exercises/filewiper.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/filewiper.md -------------------------------------------------------------------------------- /exercises/flawed-downloader.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/flawed-downloader.md -------------------------------------------------------------------------------- /exercises/hamweq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/hamweq.md -------------------------------------------------------------------------------- /exercises/maze-packer.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/maze-packer.md -------------------------------------------------------------------------------- /exercises/ned-dn-loader.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/ned-dn-loader.md -------------------------------------------------------------------------------- /exercises/netwalker.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/netwalker.md -------------------------------------------------------------------------------- /exercises/phorpiex.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/phorpiex.md -------------------------------------------------------------------------------- /exercises/revil-api-hashing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/revil-api-hashing.md -------------------------------------------------------------------------------- /exercises/revil-string-deobfuscation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/revil-string-deobfuscation.md -------------------------------------------------------------------------------- /exercises/zlob-scripting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/zlob-scripting.md -------------------------------------------------------------------------------- /exercises/zlob.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/exercises/zlob.md -------------------------------------------------------------------------------- /ghIDA-MainWindow.kbxml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/ghIDA-MainWindow.kbxml -------------------------------------------------------------------------------- /ghIDA.kbxml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/ghIDA.kbxml -------------------------------------------------------------------------------- /lecture-notes/algorithm-identification.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/lecture-notes/algorithm-identification.md -------------------------------------------------------------------------------- /lecture-notes/algorithm-identification.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/lecture-notes/algorithm-identification.png -------------------------------------------------------------------------------- /lecture-notes/algorithm-table.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/lecture-notes/algorithm-table.md -------------------------------------------------------------------------------- /lecture-notes/reversing-class.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/lecture-notes/reversing-class.md -------------------------------------------------------------------------------- /lecture-notes/secret-solutions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/lecture-notes/secret-solutions.md -------------------------------------------------------------------------------- /scripts/java/Amadey.java: -------------------------------------------------------------------------------- 1 | import ghidra.program.model.listing.Function; 2 | -------------------------------------------------------------------------------- /scripts/java/ClearThisShit.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/ClearThisShit.java -------------------------------------------------------------------------------- /scripts/java/DownRageStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/DownRageStrings.java -------------------------------------------------------------------------------- /scripts/java/FunctionsWithCallCount.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/FunctionsWithCallCount.java -------------------------------------------------------------------------------- /scripts/java/GoogleSelection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/GoogleSelection.java -------------------------------------------------------------------------------- /scripts/java/HamweqStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/HamweqStrings.java -------------------------------------------------------------------------------- /scripts/java/KpotStealerStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/KpotStealerStrings.java -------------------------------------------------------------------------------- /scripts/java/ListCallsWithXrefs.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/ListCallsWithXrefs.java -------------------------------------------------------------------------------- /scripts/java/MalREGhidraScript.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/MalREGhidraScript.java -------------------------------------------------------------------------------- /scripts/java/NetWalkerAPIHashes.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/NetWalkerAPIHashes.java -------------------------------------------------------------------------------- /scripts/java/NopAllCalls.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/NopAllCalls.java -------------------------------------------------------------------------------- /scripts/java/NopThisShit.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/NopThisShit.java -------------------------------------------------------------------------------- /scripts/java/RC4.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/RC4.java -------------------------------------------------------------------------------- /scripts/java/REvilAPIHashLabeller.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/REvilAPIHashLabeller.java -------------------------------------------------------------------------------- /scripts/java/SedUpLoaderStringDecryption.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/SedUpLoaderStringDecryption.java -------------------------------------------------------------------------------- /scripts/java/ShamoonStringDeobfuscation.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/ShamoonStringDeobfuscation.java -------------------------------------------------------------------------------- /scripts/java/SodinokibiREvilStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/SodinokibiREvilStrings.java -------------------------------------------------------------------------------- /scripts/java/StackStringEmulator.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/StackStringEmulator.java -------------------------------------------------------------------------------- /scripts/java/TofseeStringDecryption.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/TofseeStringDecryption.java -------------------------------------------------------------------------------- /scripts/java/UnSprint.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/UnSprint.java -------------------------------------------------------------------------------- /scripts/java/YaraScan.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/YaraScan.java -------------------------------------------------------------------------------- /scripts/java/ZLoaderStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/ZLoaderStrings.java -------------------------------------------------------------------------------- /scripts/java/x64DbgLabeler.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/java/x64DbgLabeler.java -------------------------------------------------------------------------------- /scripts/python/Sofacy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/Sofacy.py -------------------------------------------------------------------------------- /scripts/python/api_hashing_revil.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/api_hashing_revil.py -------------------------------------------------------------------------------- /scripts/python/aplib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/aplib.py -------------------------------------------------------------------------------- /scripts/python/get_pe_build_time.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/get_pe_build_time.py -------------------------------------------------------------------------------- /scripts/python/get_pe_exports.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/get_pe_exports.json -------------------------------------------------------------------------------- /scripts/python/get_pe_exports.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/get_pe_exports.py -------------------------------------------------------------------------------- /scripts/python/unpack_dipper_payload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/unpack_dipper_payload.py -------------------------------------------------------------------------------- /scripts/python/unpack_dipper_shellcode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/python/unpack_dipper_shellcode.py -------------------------------------------------------------------------------- /scripts/solutions/BadnewsStackStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/BadnewsStackStrings.java -------------------------------------------------------------------------------- /scripts/solutions/DownRageAllStrings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/DownRageAllStrings.java -------------------------------------------------------------------------------- /scripts/solutions/DownRageDeobfuscateString.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/DownRageDeobfuscateString.java -------------------------------------------------------------------------------- /scripts/solutions/HamweqPatchMemory.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/HamweqPatchMemory.java -------------------------------------------------------------------------------- /scripts/solutions/ListFunctionsWithXRefCount.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/ListFunctionsWithXRefCount.java -------------------------------------------------------------------------------- /scripts/solutions/NopThisShit.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/scripts/solutions/NopThisShit.java -------------------------------------------------------------------------------- /yara/algos.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nullteilerfrei/reversing-class/HEAD/yara/algos.yara --------------------------------------------------------------------------------