Learning IDA Hex Rays Python API to Analyze Sliver Obfuscation (Stream - 21-06-2024)

In this stream we focused on learning the IDA Hex Rays Python API to capture information needed to deobfuscate Sliver payloads that are obfuscated using Garble (https://github.com/burrowers/garble) Training: https://training.invokere.com/course/... Notes: https://github.com/Invoke-RE/stream-n... Merch: https://shop.invokere.com Twitch:   / invokereversing   Twitter:   / invokereversing   Mastodon: https://infosec.exchange/@invokerever... 0:00 Introduction 3:49 GoReSym, IDACode and Obfuscation Overview 14:00 IDAPython to Detect XOR Obfuscation 21:24 Exploring Hex Rays Microcode API 33:56 CTree Expression Visitor 52:30 CTree Instruction Visitor 1:09:30 HRDevHelper for Visualizing Hex Rays Objects 1:13:49 Identifying For Loop 1:32:17 Capturing Variables in For Loop 1:47:07 Capturing Integers from Variable Names 1:58:36 Fingerprinting Obfuscation Algorithm 2:04:49 Reimplementing Obfuscation Algorithm

Join Today
Fake PuTTY Installer Malware Analysis with IDA Pro
▶︎

Fake PuTTY Installer Malware Analysis with IDA Pro

The Story of C++: The World's Most Consequential Programming Language | The Official Story
▶︎

The Story of C++: The World's Most Consequential Programming Language | The Official Story

Wayland, service workers, and more — [ Om Devlog June 2026 ]
▶︎

Wayland, service workers, and more — [ Om Devlog June 2026 ]

Can a Beginner Develop a Kernel? [Part 1]
▶︎

Can a Beginner Develop a Kernel? [Part 1]

Understanding File Descriptors in Unix/Linux
▶︎

Understanding File Descriptors in Unix/Linux

S13 E15: Iran, FIFA & UK Elections: 6/14/26: Last Week Tonight with John Oliver
▶︎

S13 E15: Iran, FIFA & UK Elections: 6/14/26: Last Week Tonight with John Oliver

If Prime Numbers Become Increasingly Rare, Then Why Do They Keep Showing Up In Pairs?
▶︎

If Prime Numbers Become Increasingly Rare, Then Why Do They Keep Showing Up In Pairs?

EEVblog 1752 - Texas Instruments SCREWED UP the NE5532!
▶︎

EEVblog 1752 - Texas Instruments SCREWED UP the NE5532!

Co-Creator of Haskell: Why Learn Functional Programming, Useless vs Useful Languages | Simon Jones
▶︎

Co-Creator of Haskell: Why Learn Functional Programming, Useless vs Useful Languages | Simon Jones

Android 17 sucks. So I put Linux on a phone.
▶︎

Android 17 sucks. So I put Linux on a phone.

How Huawei Just Built an Impossible Chip
▶︎

How Huawei Just Built an Impossible Chip

How To Code In Python | Python Tutorial For Beginners | Python Basics | Learn Python | Intellipaat
▶︎

How To Code In Python | Python Tutorial For Beginners | Python Basics | Learn Python | Intellipaat

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

The hidden logic behind #, @, & and §
▶︎

The hidden logic behind #, @, & and §

Web Scraping Using Python For Beginners and File Handling in Python | Python Web Scraping
▶︎

Web Scraping Using Python For Beginners and File Handling in Python | Python Web Scraping

Floxif File Infector with Control Flow Obfuscation Analysis (Stream - 06/01/2026)
▶︎

Floxif File Infector with Control Flow Obfuscation Analysis (Stream - 06/01/2026)

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Casey Muratori – The Big OOPs: Anatomy of a Thirty-five-year Mistake – BSC 2025
▶︎

Casey Muratori – The Big OOPs: Anatomy of a Thirty-five-year Mistake – BSC 2025

I Gave ChatGPT a Body
▶︎

I Gave ChatGPT a Body

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup