The lab starter trace is great to start working with REVEN! It's a full system execution with a simple executable crashing. A guide is provided to discover REVEN features through a simple crash...
The CVE-2020-16898 "Bad neighbour" allows remotely crashing a Windows 10 System. Follow the guided exercise (select Python API -> cve-2020-16898.ipynb) to discover how you can approach such a...
CVE-2021-3156 ("Baron Samedit") is a heap buffer-overflow in the sudo library that could lead to privilege escalation. It was recorded on a Fedora 27 VM using an exploit written in Python.
The CVE-2020-17087 may allow local privilege escalation on a Windows 10 system. Through the proposed two traces of the proof of concept, crash and patched, apply what you have learned with...
Perform a step-by-step analysis of an exploit for Chrome's CVE-2020-15999: Heap buffer overflow in Freetype allowing a remote attacker to potentially exploit heap corruption via a crafted HTML...
Through this tutorial you will get an introduction to REVEN, and go through most of its features, including backward data tainting. You will see how to use them to analyze an exploit (whether user...
We will have a look at the proof of concept for CVE-2018-8653. We will not focus on the vulnerability itself. Instead we will show how REVEN can help analyze the memory management mechanisms that...
Formbook is a 32-bit form-grabber and stealer malware. You will learn how to analyze customly encrypted network communications in REVEN, on a real world scenario featuring an execution trace of a...
This demo is only about the taint and its usage through the API! A simple chat in Rust. This demo consists in using the taint engine to track data across 2 clients and a server, thanks to REVEN's...
This scenario is a 50 seconds record of the Uroburos dropper, executed from the desktop on a Windows 7 x64 SP1. This trace is currently provided without tutorial as a way to experiment by yourself...
BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol, which allows remote code execution. With the help of the blog post and tutorial,...
Explore the last stages of an OVMF UEFI firmware handing off to the Windows 10 RS5 boot loader and kernel. You will get a glimpse of the information you can obtain with REVEN - where the earliest...
CVE-2019-1347 is a vulnerability disclosed in October 2019 by Mateusz @j00ru Jurczyk in the Windows relocation mechanism when parsing a PE file. The demo focuses on the beginning of the article...