Available demos

The lab starter trace is great to start working with REVEN! It's a full system execution with a simple executable crashing. A guide is provided to discover REVEN features through a simple crash analysis (select Python API -> lab-start.ipynb). The video presents the solution.

The CVE-2020-16898 "Bad neighbour" allows remotely crashing a Windows 10 System. Follow the guided exercise (select Python API -> cve-2020-16898.ipynb) to discover how you can approach such a trace with REVEN, and extract information from both the crash and the patched code by comparing the two traces.

CVE-2021-3156 ("Baron Samedit") is a heap buffer-overflow in the sudo library that could lead to privilege escalation. It was recorded on a Fedora 27 VM using an exploit written in Python.

The CVE-2020-17087 may allow local privilege escalation on a Windows 10 system. Through the proposed two traces of the proof of concept, crash and patched, apply what you have learned with CVE-2020-16898 to a different CVE and see what you can find.

Perform a step-by-step analysis of an exploit for Chrome's CVE-2020-15999: Heap buffer overflow in Freetype allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Guided by the blog article, discover how REVEN's features such as Symbol call Search, Memory History and backward Taint help to quickly get to the root cause.

Through this tutorial you will get an introduction to REVEN, and go through most of its features, including backward data tainting. You will see how to use them to analyze an exploit (whether user or kernel mode) - here crafted MKV files leveraging CVE-2018-11529, an ACE in the VLC player.

We will have a look at the proof of concept for CVE-2018-8653. We will not focus on the vulnerability itself. Instead we will show how REVEN can help analyze the memory management mechanisms that lead to the object replacement.

Formbook is a 32-bit form-grabber and stealer malware. You will learn how to analyze customly encrypted network communications in REVEN, on a real world scenario featuring an execution trace of a Formbook malware.

This demo is only about the taint and its usage through the API! A simple chat in Rust. This demo consists in using the taint engine to track data across 2 clients and a server, thanks to REVEN's ability to take into account windows kernel including network activity. It will be exactly the same for any IPC mechanism (named pipe, shared memory, etc.).

This scenario is a 50 seconds record of the Uroburos dropper, executed from the desktop on a Windows 7 x64 SP1. This trace is currently provided without tutorial as a way to experiment by yourself and have a closer look of the findings of the Uroburos blog article.

BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol, which allows remote code execution. With the help of the blog post and tutorial, discover how REVEN can be used to analyze the crash, the root cause and the logical error itself.

Explore the last stages of an OVMF UEFI firmware handing off to the Windows 10 RS5 boot loader and kernel. You will get a glimpse of the information you can obtain with REVEN - where the earliest disk writes are, where the GDT is setup, or what arguments are passed when starting the kernel.

CVE-2019-1347 is a vulnerability disclosed in October 2019 by Mateusz @j00ru Jurczyk in the Windows relocation mechanism when parsing a PE file. The demo focuses on the beginning of the article and shows how REVEN helps going from the crash to some involved bytes in the PoC file.