To start off I want to say I am a Linux person. I use it all the time for development. The command-line is amazing and very streamlined for computer-science related tasks. While I feel this way, there are those who do not and would prefer to use a Windows environment instead. So I want to show two things in this article, how to install and use radare2 for Windows, and also how to debug applications using radare2.

To get radare2 installed on Windows I went to their site and clicked on the “Download 2.3.0 for Windows” link that is at…

Linux is one of my favorite operating systems, but you seldom see malware for it, so I was pretty interested when Linux Malware was caught by my honeypot. This article will be my analysis of the sample, particularly the decryption function that was used throughout it. It’s a good example of why using your own encryption algorithm isn’t very secure.

Like with any analysis, I first toss the file into VirusTotal to see what is going on:

VirusTotal Analysis of our Malware

We can see here that only 34 out of 59 vendors identified this malware, not very surprising given that it’s a Linux binary…

So this is my analysis on the snojan malware. My goal for my articles is to write about different malware samples that I collect in my honeypot. I hate finding a sample and looking up analyses on it only to find that nobody has taken the time to really look at it, so this is my remedy for that.

I collected this sample from my Dionaea Honeypot server. If you don’t know what Dionaea Honeypot is, it is essentially a server that mimics vulnerable processes and applications in hopes of catching malware. …

This article is a continuation of my first article “Reverse Engineering Using Radare2” where I gave a basic introduction to the tool. I highly suggest starting there if you haven’t already, as it covers the very basics.

This article will demonstrate some of the other interesting features of Radare2 by walking you through how to solve a simple Capture the Flag style program. You can download this program on my gitHub (the crackme binary). If you go ahead and run this program you’ll see that it requires us to input a password.

$ ./crackme 
What's the password?

If we try…

This article assumes the reader has some basic knowledge in coding and assembly language. If not, a good resource for this would be the assembly tutorial from tutorialspoint.

Reverse Engineering is the ability to disassemble a program to see how it functions. It allows use to take apart a program or software and recreate it without knowing the source code. It’s used in things like Malware Analysis to understand what a piece of malware is doing and to create an identifier to stop it from infecting your computer again. …

Jacob Pimental

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store