Malware and Reversing (15)

With mona v3, debugger automation took a major leap forward. Now, with the new tellme / ai command, mona can collect crash context, heap information, registers, call stacks, disassembly, memory mappings, PoC files, heapdynamics logs, and more — and turn all of it into structured AI-ready analysis requests. Whether you want fully automated API-driven workflows with OpenAI or Anthropic, or prefer manually reviewing and submitting requests yourself, tellme brings modern AI-assisted crash triage and debugger automation directly into WinDBG and WinDBGX. This article dives deep into how it works, how to customize it, and how to build repeatable, reusable AI-assisted exploit analysis workflows on modern Windows targets. Read more

The original Corelan exploit writing tutorials helped a generation of security researchers understand how memory corruption really works. Today, we continue that journey with a second video in the series — revisiting Exploit Writing Tutorial Part 2 using a modern Windows 11 x64 lab environment, WinDBG, and mona.py. In this video, we dive into jump code, execution flow redirection, and custom jump techniques that remain essential knowledge for understanding stack-based exploitation and exploit reliability. Read more

Long overdue… but today it finally happened. We’re proud to announce the release of mona v3. This new version brings Python 2 and Python 3 compatibility (Python 3 recommended), support for both 32-bit and 64-bit targets, full integration with WinDBG and WinDBGX, continued compatibility with Immunity Debugger, and the use of the pykd-ext bootstrapper. It also includes a substantial refactor and modernization of the codebase, making it faster, leaner, and better prepared for the future. This post covers what changed, key improvements, important prerequisites, installation and migration guidance, and the current list of supported commands. Continue reading to learn all the details and discover how to get mona v3 up and running in your environment. Download links, setup instructions, and the GitHub repository are provided further down in this post. Read more

Stop just using WinDBG—start bending it to your will. Discover powerful automation, event-driven breakpoints, MASM & C++ expression evaluator, scripting, and PyKD techniques to level up your exploit development and crash analysis. Read more

Table of Contents

• Introduction
• Why WinDBG?
  • Symbols?
• Installing WinDBG Classic and WinDBGX
  • Why do we need both?
  • Scripted/automated installation
  • Manual Installation
    • Classic WinDBG
    • WinDBGX
  • Microsoft Symbol Server
  • Verify if both versions work
• Connecting to a process
  • Open executable vs Read more

Introduction

Last weekend I had some time so I wanted to have a look at a reversing challenge which you can find here:

https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity

Reverse Engineering 101 Contest Steps

1. Get the exe to be hacked
2. Break it open and Read more

In this post, we'll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme. Put simple, the program creates a key for your username, and compares it to the one you enter. The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password. Read more

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located. Read more

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line. I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT. Read more

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge... Read more