CyberveilleShaared links2022-09-20T00:01:35+02:00Cyberveillehttps://cyberveille.decio.ch/https://cyberveille.decio.ch/ShaarliUnflattening ConfuserEx .NET Code in IDAhttps://cyberveille.decio.ch/shaare/8AE_SQ2022-09-20T00:01:22+02:002022-09-20T00:01:35+02:00
we’re studying the ConfuserEx1 obfuscation mechanism of a Ginzo .NET sample. This class of obfuscator is known as code flatteners. We describe how it can dealt with it using a Python script within IDA Pro2, a famous reverse-engineering tool.