Benoit

  • Total activity 24
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 13

Activity overview

Latest activity by Benoit
  • Benoit created an article,

    What is the maximum duration of a record of a scenario?

    As far as the duration of a scenario is concerned, the most limiting factor will be disk space. If you work on one trace at a time and follow the recommended specs, you can record anywhere between ...

  • Benoit created an article,

    Can I compare the traces of two scenarios?

    REVEN does not provide such a functionality out of the box for now. Still, you can build your own trace comparison using the Analysis API. It requires: finding the region of interest (symbol, proc...

  • Benoit created an article,

    Running stop.sh leads to `Error in subprocess, aborting`

    Affected releases: REVEN Professional starting from 2.4.0 REVEN Enterprise starting from 2.0.0 Full example of the error: $ ./stop.sh Traceback (most recent call last): File "/home/reven/rev...

  • Benoit created an article,

    Running start.sh leads to `Error : Cannot retrieve resources version compatible with the current reven `

    Affected releases: REVEN Professional starting from 2.4.0 REVEN Enterprise starting from 2.0.0 This error generally happens when a dependency is missing. The cause is that either install.sh was ...

  • Benoit created an article,

    What is the purpose of "Tag0" and "Tag1" in the taint widget?

    Tag0 and Tag1 in the taint widget indicate which data should be marked. Having 2 tags allow you to mark differently some pieces of data, for example: Tag0: rax Tag1: [0x123456; 8], rbx This w...

  • Benoit created an article,

    Can I inspect REVEN memory using Volatility?

    Yes, you can. A Volatility plugin can be found here. The plugin allows to use Volatility commands on any transition of a REVEN trace. In the Uroburos malware study, Volatility is used to dump bina...

  • Benoit created an article,

    Can I use WinDbg with REVEN?

    Yes, it will be possible to easily use the WinDbg power on any transition of a Windows REVEN trace. This feature is currently in development. An alpha version is available with the Enterprise Edit...

  • Benoit created an article,

    Can I analyze network activity in REVEN with Wireshark?

    Yes, you can. REVEN is shipped with a Python API that allows to easily write scripts that analyze a REVEN trace and aggregate networking data. As an example, you can find here a script that dumps ...

  • Benoit created an article,

    How can I check the integrity of my REVEN package?

    If you have just downloaded a REVEN 2.x package and want to check its integrity, please find below the checksum for all the 2.x packages. SHA1: 4778d9049532606072930b7c94665da360f12a9a reven-2.0.0...

  • Benoit created an article,

    How long does it take to replay a scenario?

    Replaying a scenario in REVEN (i.e. generating the scenario’s resources) is a process mixing high IO and CPU usage. Estimating how long it will take highly depends on your hardware and what the VM ...