Author Archives: hasherezade

About hasherezade

Programmer and researcher, interested in InfoSec.

Flare-On 12 – Task 8

Posted on November 25, 2025 by hasherezade

In this mini-series I describe the solutions of my favorite tasks from this year’s Flare-On competition. To those of you who are not familiar, Flare-On is a marathon of reverse engineering. This year it ran for 4 weeks, and consisted … Continue reading →

Posted in CrackMe, CTF, FlareOn | Tagged ExeToDLL, FlareOn, FlareOn12, TinyTracer | 1 Comment

Flare-On 12 – Task 9

Posted on November 20, 2025 by hasherezade

Posted in CrackMe, CTF, FlareOn | Tagged FlareOn, FlareOn12 | 2 Comments

Tutorial: unpacking executables with TinyTracer + PE-sieve

Posted on March 22, 2025 by hasherezade

Covers: automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims In this short blog I would like to demonstrate you how to unpack an executable with PE-sieve and Tiny Tracer. As an example, let’s use the … Continue reading →

Posted in Malware, Tools, Tutorial | Tagged HollowsHunter, PE-bear, PE-sieve, TinyTracer | Leave a comment

Process Hollowing on Windows 11 24H2

Posted on January 27, 2025 by hasherezade

Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is used in variety of PE loaders, PoCs, and offensive … Continue reading →

Posted in Malware, Programming, Techniques | Tagged processhollowing, processinjection, Programming, runpe | 4 Comments

Flare-On 11 – Task 7

Posted on December 9, 2024 by hasherezade

Flare-On is an annual CTF challenged by the Mandiant Flare Team. This writeup details approaches to decrypting TCP traffic captured in a PCAP, linked to an AOT-compiled .NET binary. It discusses analyzing the binary, generating FLIRT signatures, and performing cryptanalysis to recover private keys used in Elliptic Curve Cryptography for traffic decryption. Continue reading →

Posted in CrackMe, cryptography, CTF | Tagged cryptography, CTF, FlareOn, FlareOn11 | 1 Comment

Flare-On 11 – Task 5

Posted on December 8, 2024 by hasherezade

Flare-On is an annual CTF run by Mandiant Flare Team. In this series of writeups I present solutions to some of my favorite tasks from this year. All the sourcecodes are available on my Github, in dedicated repository: flareon2024. The … Continue reading →

Posted in CrackMe, CTF | Tagged FlareOn11, linux | 1 Comment

Flare-On 11 – Task 9

Posted on October 29, 2024 by hasherezade

Posted in CrackMe, CTF, FlareOn | Tagged FlareOn, FlareOn11 | 2 Comments

Flare-On 11 – Task 10

Posted on October 27, 2024 by hasherezade

Posted in CrackMe, Tutorial | Tagged FlareOn, FlareOn11 | Leave a comment

Magniber ransomware analysis: Tiny Tracer in action

Posted on March 30, 2023 by hasherezade

Intro Magniber is a ransomware that was initially targeting South Korea. My first report on this malware was written for Malwarebytes in 2017 (here). Since then, the ransomware was completely rewritten, and turned into a much more complex beast. The … Continue reading →

Posted in Malware, Tutorial | Tagged ransomware, TinyTracer | 3 Comments

Flare-On 9 – Task 8

Posted on November 12, 2022 by hasherezade

For those of you who don’t know, Flare-On is an annual “reverse engineering marathon” organized by Mandiant (formerly by FireEye). It runs for 6 weeks, and contains usually 10-12 tasks of increasing difficulty. This year I completed as 103 (solves … Continue reading →

Posted in CrackMe | Tagged FlareOn, FlareOn9 | 3 Comments