View Full Version : Blogs Forum
- Hardcoded dll export address: Python approach
- A case of a curious LibTIFF 4.0.3 + zlib 1.2.8 memory disclosure
- Trojan banking 47d18761d46d8e7c4ad49cc575b0acc2bb3f49bb56a3d29fb1ec600447cb89a4
- Extending IDAPython in IDA 6.5: Be careful about the GIL
- Gathering external information and using the most suitable tool to ease your malware
- Solution to Warsaw Honeynet Project Workshop Conference official Crackme
- The xxx project - looking under the hoods of guids
- My new Ollydbg plugin: Sequential Dumper
- x64 decompiler not far away
- Ollydbg plugin development: Findmemory needs Listmemory?
- addsym windbg extension (extension to load names from ida to windbg)
- Internal Security Analyst
- Security Testing Analyst
- Obfuscated shellcode inside a malicious RTF document
- Who’s copying who, introducing SnippetDetector
- Hacking and patching TP-LINK TD-W8901G router
- Protected Processes Part 3 : Windows PKI Internals (Signing Levels, Scenarios, Root K
- FFmpeg and a thousand fixes
- Eset ChallengeME 2013 Solution
- This time of the year
- Interacting with IDA through IPC channels
- My simple Firefox OS KeygenME
- Protected: The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations
- Protected: The Evolution of Protected Processes : Pass-the-Hash Mitigations in Window
- Kon-Boot v2.3 with Windows 8.1 support
- KASLR Bypass Mitigations in Windows 8.1
- Windows System Call and CSR API tables updated
- UEFI exploitation, DARPA and moving on
- ZeroNights 2013 and NTVDM vulnerabilities
- DRG 10/2013 Challenge: reconstruct original .py from .pyc
- Dragon Research Group challenge September 2013: solution
- Hardcoded dll export address
- Windows win32k.sys menus and some “close, but no cigar” bugs
- KINS malware: initialization and DNA paternity test
- vulnerability in… WinCalc (Win7, x64)
- Black Hat USA 2013, Bochspwn, slides and pointers
- KINS malware: the Virtual Machine
- Approaching BlackHat US 2013 and new Dragon Sector blog
- winapihelp plugin for ollydbg 1.10
- Base64 decoder/encoder
- Changing the cursor shape in Windows proven difficult by NVIDIA (and AMD)
- Kernel double-fetch race condition exploitation on x86 – further thoughts
- Unusual crackme by ksydfius
- DexInspector
- Some notes on how to find out hidden callbacks
- Dynamic forking in action
- WhatsApp Backup Inspector
- AIVD Cyber-challenge
- AthCon 2013 RE Challenge
- Female reverse engineering challenge
- promix17's MazeJumps crackme
- Dex Inspector online
- CONFidence 2013 and the x86 quirks
- NoSuchCon’13 and crashing Windows with two instructions
- Vulnerability fix for bTree engine
- Loading your own modules from your IDAPython scripts with idaapi.require()
- SyScan 2013, Bochspwn paper and slides
- Installing PIP packages, and using them from IDA on a 64-bit machine
- A story of win32k!cCapString, or unicode strings gone bad.
- Fun facts: Windows kernel and guard pages
- Dbgeng based handles (PART 2 .............)
- Dbgeng based Handles
- DbgEng based Kernel Debugger
- DbgEng Based Debugger (PART2 Contd......)
- DbgEng Based Debugger (PART2)
- A Simple Dbgeng Based User Mode Debugger
- [EXPLOIT][JAVA][1.7.0_10]
- PDF Fuzzing Fun Continued: Status Update
- Reversing RunDialog (Start+Run or Winkey+R) to Add a 27th entry to RunMRU list
- [JS][ECMA262][FUZZING] – Some work is already done
- [EXPLOIT][ANDROID][SAMSUNG][EXYNOS] – WTF ?
- CVE-2012-2553: Windows Kernel VDM use-after-free in win32k.sys
- Kernel Developer – Remote or On Site
- Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter
- ZeroNights slides, Hack In The Box Magazine #9 and other news
- Crawling MSDN for fun and profit
- Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops
- Defeating Windows Driver Signature Enforcement #1: default drivers
- ATmega328 (Arduino Uno compatible) MD5 optimized assembly implementation
- Introducing the USB Stick of Death
- Fun facts: Windows kernel and Device Extension Size
- Nullcon 2012 CTF
- PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities
- Mitigating Return-Oriented Programing Attacks and Other Exploitation Attempts via Sec
- PAPER: Fast, Reliable and Runtime Protection Method Against Table Index Overflows
- Securing The Kernel Via Static Binary Rewriting, Program Shepherding and Partial Cont
- ollydbg 2.x plugin OLLY_LKD
- OllyDbg 2.x Plugin Writing - Creating the OLLYDBG.LIB file
- Recon 2012: Compiler Internals
- CVE-2011-2018 exploitation as a standalone paper + other news
- Hack in the Box Magazine #8 available now
- Finding Bugs in VMs with a Theorem Prover, Round 1
- A Bug Hunter’s Diary review
- My little method for bypassing EMET EAF (Export Address Table Access Filtering)
- The trace replayer
- FIY: Printable “Windows Kernel Address Protection” paper out
- connect two virtual machines on one physical host and use wdeb386 to debug win98 app
- Magus Ex Machina – a product of a 48h codejam
- Refreshed Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8) released
- ApiMapSet Hooking
- ApiMapSet Explained
- Code viewer, forms & timers
- Hack in the Box Magazine #7 on the wild, at last.
- New features in Hex-Rays Decompiler 1.6
- PiXiEServ out for public
- New Security Assertions in “Windows 8
- Windows 8 Syscall Interface and Export Table diffing fun
- Simple Dll Compiled From Commandline Unlike what google returns vc++ proj
- IDA Pro 6.2 beta
- Filters & Shortcuts
- How To Add TypeInfo So That Dt Commands Work Properly In Windbg
- New feature in IDA 6.2: The proximity browser
- 0-day Windows XP SP3 Denial of Service (CSRSS Crash #1)
- Book review: IDA Pro Book, 2nd Edition
- Recon 2011: Practical C++ Decompilation
- IDA Pro 6.2 with database snapshots support
- CVE-2011-1282: User-Mode NULL Pointer Dereference & co.
- CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability
- PE Import Table and custom DLL paths
- Control Flow Deobfuscation via Abstract Interpretation
- Unpacking mpress’ed PE+ DLLs with the Bochs plugin
- Basic blocks and instructions statistics.
- Some notes on how to find out hidden callbacks
- Protected Mode Segmentation as a powerful anti-debugging measure
- The HITB Magazine #6 now available!
- How to crash EXPLORER.EXE on all Windows versions
- SMEP: What is it, and how to beat it on Windows
- Compling PinTools with Microsoft Visual Studio (MSVC9)
- nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques
- Subtle information disclosure in WIN32K.SYS syscall return values
- Precompiled PySide binaries for IDA Pro
- Control Flow Integrity: Some interesting papers
- Pimp My CrackMe contest results
- PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding
- VirusTotal plugin for IDA Pro
- Challenging job for software developers
- Reading Virtual Memory
- Updated plug-ins, blogging moved to..
- Dynamic Binary Instrumentation as base for security product (full system protection)?
- BINARY REWRITING WITHOUT RELOCATION INFORMATION
- DelMod2
- The dream is 'really higher up'... :P
- When choosers invade forms
- HITB E-Zine Issue 005 finally made public
- tracer or Writing tracer without using Windows Debug API
- Using nt!_MiSystemVaType to navigate dynamic kernel address space in Windows7
- My Search for knowledge and my explorations There and back and most often in a circle
- DbgView patch
- Windows Kernel-mode GS Cookies and 1 bit of entropy
- IDA & Qt: Under the hood
- Rebootless Windows Updates (Ksplice for Windows) and AutoDiff
- IDA Pro 6 licenses
- (Yet another) Memory dumper
- Reality Cracking CNN's Bias
- IDA Pro, Python and Qt
- HITB eZine Issue 004 is public!
- Calculating API hashes with IDA Pro
- Windows kernel2user transitions one more time
- The Old New Thing: Why you shouldn't allocate usermode memory from PsSetLoadImageNot
- PAPER: JIT spraying and mitigations
- Kernel exploitation – r0 to r3 transitions via KeUserModeCallback
- Recon 2010: Intro to Embedded Reverse Engineering for PC reversers
- PAPER: Security Mitigations for Return-Oriented Programming Attacks
- Dataflow-0.2.0 released. New: in memory fuzzing means
- RELEASE: SMB2 REMOTE EXPLOIT (VISTA SP1/SP2) + HACKTRO
- IDAQ: The result of 7 months at Hex-Rays
- Dynamic Binary Code and Data Flow Analysis Instrumentation.
- Handy debugger tricks: Setting osloader options on a per-boot basis
- Windows CSRSS Write Up: Inter-process Communication (part 2/3)
- Blog customization, old PHP advisories
- Implementing command completion for IDAPython
- Kernel debugger vs user mode exceptions
- Windows CSRSS Write Up: Inter-process Communication (part 1/3)
- Attacking the Host via Remote Kernel Debugger (Virtual Machines)
- Running scripts from the command line with idascript
- Windows CSRSS Write Up: the basics (part 1/1)
- IDA Pro 5.7 highlights
- A quick insight into the Driver Signature Enforcement
- Extending IDC and IDAPython
- [WinInternals] Reverse Engineering of kdbgctrl - How are builded Kernel Triage Dumps
- PatchDiff2 Analysis and Decompilation
- CONFidence 2010 is over
- UI and scripting improvements
- The Future of Disassembling - Cloud OS
- ARM decompiler beta is coming
- Windows CSRSS cross-version API Table
- Kernel debugging with IDA Pro / Windbg plugin and VirtualKd
- Debugging the Debugger - Reversing kldbgdrv.sys and Potential Usages
- Book Review: The Art of Assembly Language, 2nd Edition
- Windows Kernel Vulnerabilities continued – details
- CTcpFwd – cross-platform stdin/out to socket forwarding class
- Windows Kernel Vulnerabilities release (Hispasec research)
- A Filemaker Story
- Environment variable editor
- Scriptable plugins
- Using custom viewers from IDAPython
- Preview of the new cross-platform IDA Pro GUI
- Compiler Optimizations for Reverse Engineers
- Custom data types and formats
- Abusing alignment code for anti-sandboxing purposes
- Scriptable Processor modules
- My first month at Hex-Rays
- Great News!
- New IDC improvement in IDA Pro 5.6
- RCE, A New Exciting and Strange World
- Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach
- Hex-Rays against Aurora
- Practical Appcall examples
- "Descriptor tables in kernel exploitation" - a new article
- Advanced Signature Writing via FuzzyHashing
- Introducing the Appcall feature in IDA Pro 5.6
- Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator
- PDF file loader to extract and analyse shellcode
- x86 Kernel Memory Space Visualization (KernelMAP v0.0.1)
- Code release: C-subset compiler in Objective Caml
- VinE's OCaml Programming Tricks: Explicit Continuation-Passing Style
- DNAScan Malicious Network Activity Reverse Engineering
- Hex-Rays Plugin Contest
- Win32k.SYS system call table
- KiTrap06(#UD)
- Using MATLAB and Mathcad for solving (mesh current) equations.
- Unexported SSDT functions finding method
- Elevation of Privilege DLL Patcher
- Hex-Rays is hiring
- Filter Monitor 1.0.1
- Hex-Rays Decompiler primer
- Structure Recovery as Counter-Example Guided Abstraction Refinement
- Controlling Windows process list, part 1
- Telewizor, meble, ma?y fiat
- SEH Graph
- SMB2: 351 Packets from the Trampoline released!
- 351 Packets from the Trampoline
- TraceHook v0.0.2
- Device Drivers Vulnerability Research, Avast a real case
- Finding instructions
- An attempt to reconstruct the call stack
- VMware CloudBurst - VMware Guest to Host Escape Exploit
- C++ Method Constness
- Develop your master boot record and debug it with IDA Pro and the Bochs debugger plug
- Code Release page
- Viewer for driver dispatch tables
- Binary-Auditing Solutions.
- DllMain and its uncovered possibilites
- Suspending processes in Windows, part 1
- Recent conferences’ reports
- Process termination issues
- The incoming SecDay conference
- Hello world!
- TraceHook v0.0.1 release
- Extending Total Commander with some minor functionality
Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.