Hey! My friend linked me this comment. This is super dope, I used to RE more dynamically and knowing about monitor() and debug() would have helped me a lot haha.
Also the memory snapshots, I've used that to try to debug memory leaks in the past but never thought about using it to RE. Super cool that you can also get the string that way.
You can definitely get the same results a lot faster via dynamic RE for most obfuscation methods, but what attracted me to Kasada was the challenge of writing a disassembler from a static RE perspective. I also don't think dynamic RE methods are super easy to apply here once you get into the VM logic though, as I've discovered while working on part 2.
If you want to chat with me about this more my socials are linked in the post, or you can message me on discord (umasi#3301) :)
Also the memory snapshots, I've used that to try to debug memory leaks in the past but never thought about using it to RE. Super cool that you can also get the string that way.
You can definitely get the same results a lot faster via dynamic RE for most obfuscation methods, but what attracted me to Kasada was the challenge of writing a disassembler from a static RE perspective. I also don't think dynamic RE methods are super easy to apply here once you get into the VM logic though, as I've discovered while working on part 2.
If you want to chat with me about this more my socials are linked in the post, or you can message me on discord (umasi#3301) :)