Static and dynamic analysis writeups for HackTheBox and TryHackMe RE challenges.
Covers ELF binaries, PE malware, crackmes, and anti-debug bypass techniques.
| Tool | Role |
|---|---|
| Ghidra | Decompilation, cross-reference analysis, function graphing |
| radare2 | Disassembly, scripted analysis, binary patching |
| x64dbg | Dynamic analysis on Windows PE, breakpoint-based bypass |
| dnSpy64 | .NET assembly decompilation and runtime patching |
| gdb | ELF runtime debugging, register inspection |
Each writeup follows the same structure:
- Triage —
file,strings,checksec, entropy check - Static Analysis — Ghidra/radare2 disassembly, identify key functions, control flow
- Dynamic Analysis — Run under debugger, trace syscalls/library calls, set breakpoints
- Findings — Document the vulnerability, bypass, or flag logic
- Solution — Minimal reproducible steps (script or manual)
Screenshots and annotated disassembly included in each writeup.
ELF reversing PE analysis malware static analysis
Ghidra radare2 x64dbg patching .NET decompilation gdb
All challenges are from legal CTF platforms (HackTheBox, TryHackMe).
Research conducted for educational and skill-development purposes.