PDA

View Full Version : Blogs Forum


Pages : [1] 2 3 4

  1. FIY: Printable “Windows Kernel Address Protection” paper out
  2. connect two virtual machines on one physical host and use wdeb386 to debug win98 app
  3. Magus Ex Machina – a product of a 48h codejam
  4. Refreshed Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8) released
  5. ApiMapSet Hooking
  6. ApiMapSet Explained
  7. Code viewer, forms & timers
  8. Hack in the Box Magazine #7 on the wild, at last.
  9. New features in Hex-Rays Decompiler 1.6
  10. PiXiEServ out for public
  11. New Security Assertions in “Windows 8
  12. Windows 8 Syscall Interface and Export Table diffing fun
  13. Simple Dll Compiled From Commandline Unlike what google returns vc++ proj
  14. IDA Pro 6.2 beta
  15. Filters & Shortcuts
  16. How To Add TypeInfo So That Dt Commands Work Properly In Windbg
  17. New feature in IDA 6.2: The proximity browser
  18. 0-day Windows XP SP3 Denial of Service (CSRSS Crash #1)
  19. Book review: IDA Pro Book, 2nd Edition
  20. Recon 2011: Practical C++ Decompilation
  21. IDA Pro 6.2 with database snapshots support
  22. CVE-2011-1282: User-Mode NULL Pointer Dereference & co.
  23. PE Import Table and custom DLL paths
  24. CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability
  25. Control Flow Deobfuscation via Abstract Interpretation
  26. Unpacking mpress’ed PE+ DLLs with the Bochs plugin
  27. Basic blocks and instructions statistics.
  28. Some notes on how to find out hidden callbacks
  29. Protected Mode Segmentation as a powerful anti-debugging measure
  30. The HITB Magazine #6 now available!
  31. How to crash EXPLORER.EXE on all Windows versions
  32. SMEP: What is it, and how to beat it on Windows
  33. Compling PinTools with Microsoft Visual Studio (MSVC9)
  34. nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques
  35. Subtle information disclosure in WIN32K.SYS syscall return values
  36. Precompiled PySide binaries for IDA Pro
  37. Control Flow Integrity: Some interesting papers
  38. Pimp My CrackMe contest results
  39. PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding
  40. VirusTotal plugin for IDA Pro
  41. Challenging job for software developers
  42. Reading Virtual Memory
  43. Updated plug-ins, blogging moved to..
  44. Dynamic Binary Instrumentation as base for security product (full system protection)?
  45. BINARY REWRITING WITHOUT RELOCATION INFORMATION
  46. DelMod2
  47. The dream is 'really higher up'... :P
  48. When choosers invade forms
  49. HITB E-Zine Issue 005 finally made public
  50. tracer or Writing tracer without using Windows Debug API
  51. Using nt!_MiSystemVaType to navigate dynamic kernel address space in Windows7
  52. My Search for knowledge and my explorations There and back and most often in a circle
  53. DbgView patch
  54. Windows Kernel-mode GS Cookies and 1 bit of entropy
  55. IDA & Qt: Under the hood
  56. Rebootless Windows Updates (Ksplice for Windows) and AutoDiff
  57. IDA Pro 6 licenses
  58. (Yet another) Memory dumper
  59. Reality Cracking CNN's Bias
  60. IDA Pro, Python and Qt
  61. HITB eZine Issue 004 is public!
  62. Calculating API hashes with IDA Pro
  63. Windows kernel2user transitions one more time
  64. The Old New Thing: Why you shouldn't allocate usermode memory from PsSetLoadImageNot
  65. PAPER: JIT spraying and mitigations
  66. Kernel exploitation – r0 to r3 transitions via KeUserModeCallback
  67. Recon 2010: Intro to Embedded Reverse Engineering for PC reversers
  68. PAPER: Security Mitigations for Return-Oriented Programming Attacks
  69. Dataflow-0.2.0 released. New: in memory fuzzing means
  70. RELEASE: SMB2 REMOTE EXPLOIT (VISTA SP1/SP2) + HACKTRO
  71. IDAQ: The result of 7 months at Hex-Rays
  72. Dynamic Binary Code and Data Flow Analysis Instrumentation.
  73. Handy debugger tricks: Setting osloader options on a per-boot basis
  74. Windows CSRSS Write Up: Inter-process Communication (part 2/3)
  75. Blog customization, old PHP advisories
  76. Implementing command completion for IDAPython
  77. Kernel debugger vs user mode exceptions
  78. Windows CSRSS Write Up: Inter-process Communication (part 1/3)
  79. Attacking the Host via Remote Kernel Debugger (Virtual Machines)
  80. Running scripts from the command line with idascript
  81. Windows CSRSS Write Up: the basics (part 1/1)
  82. IDA Pro 5.7 highlights
  83. A quick insight into the Driver Signature Enforcement
  84. Extending IDC and IDAPython
  85. [WinInternals] Reverse Engineering of kdbgctrl - How are builded Kernel Triage Dumps
  86. PatchDiff2 Analysis and Decompilation
  87. CONFidence 2010 is over
  88. UI and scripting improvements
  89. The Future of Disassembling - Cloud OS
  90. ARM decompiler beta is coming
  91. Windows CSRSS cross-version API Table
  92. Kernel debugging with IDA Pro / Windbg plugin and VirtualKd
  93. Book Review: The Art of Assembly Language, 2nd Edition
  94. Debugging the Debugger - Reversing kldbgdrv.sys and Potential Usages
  95. Windows Kernel Vulnerabilities continued – details
  96. CTcpFwd – cross-platform stdin/out to socket forwarding class
  97. Windows Kernel Vulnerabilities release (Hispasec research)
  98. A Filemaker Story
  99. Environment variable editor
  100. Scriptable plugins
  101. Using custom viewers from IDAPython
  102. Preview of the new cross-platform IDA Pro GUI
  103. Compiler Optimizations for Reverse Engineers
  104. Custom data types and formats
  105. Abusing alignment code for anti-sandboxing purposes
  106. Scriptable Processor modules
  107. My first month at Hex-Rays
  108. Great News!
  109. New IDC improvement in IDA Pro 5.6
  110. RCE, A New Exciting and Strange World
  111. Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach
  112. Hex-Rays against Aurora
  113. Practical Appcall examples
  114. "Descriptor tables in kernel exploitation" - a new article
  115. Advanced Signature Writing via FuzzyHashing
  116. Introducing the Appcall feature in IDA Pro 5.6
  117. Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator
  118. PDF file loader to extract and analyse shellcode
  119. x86 Kernel Memory Space Visualization (KernelMAP v0.0.1)
  120. Code release: C-subset compiler in Objective Caml
  121. VinE's OCaml Programming Tricks: Explicit Continuation-Passing Style
  122. DNAScan Malicious Network Activity Reverse Engineering
  123. Hex-Rays Plugin Contest
  124. Win32k.SYS system call table
  125. KiTrap06(#UD)
  126. Using MATLAB and Mathcad for solving (mesh current) equations.
  127. Unexported SSDT functions finding method
  128. Elevation of Privilege DLL Patcher
  129. Hex-Rays is hiring
  130. Filter Monitor 1.0.1
  131. Hex-Rays Decompiler primer
  132. Structure Recovery as Counter-Example Guided Abstraction Refinement
  133. Controlling Windows process list, part 1
  134. Telewizor, meble, ma?y fiat
  135. SEH Graph
  136. SMB2: 351 Packets from the Trampoline released!
  137. 351 Packets from the Trampoline
  138. TraceHook v0.0.2
  139. Device Drivers Vulnerability Research, Avast a real case
  140. Finding instructions
  141. An attempt to reconstruct the call stack
  142. VMware CloudBurst - VMware Guest to Host Escape Exploit
  143. C++ Method Constness
  144. Develop your master boot record and debug it with IDA Pro and the Bochs debugger plug
  145. Code Release page
  146. Viewer for driver dispatch tables
  147. Binary-Auditing Solutions.
  148. Process termination issues
  149. DllMain and its uncovered possibilites
  150. Recent conferences’ reports
  151. The incoming SecDay conference
  152. Suspending processes in Windows, part 1
  153. TraceHook v0.0.1 release
  154. Hello world!
  155. Extending Total Commander with some minor functionality
  156. "Client" Unit Tests(some fun ones..)Indirect RtlCreateUserThread hooking..
  157. Several Common Ways That Viruses Spread
  158. VMware ring3 detection (RF handling)
  159. Javascript for IDA Pro
  160. Sorry its taking so long on the next release of source..
  161. Casts are bad
  162. (In My fucked up way Of thinking...)
  163. # faked Adobe PDF.SWF exploit on milw0rm
  164. # weakness of PAGE_GUARD or new Windows bug (XP/Vista 32/64 SP1)
  165. placing a "hotpatch" where it doesnt belong..
  166. why Opcode0x90's "dll Injection shield" fails against RtlCreateUserThead
  167. Pwnie Awards Nominees!!!
  168. Bypassing Csrss's hold on Terminating Win32Threads..
  169. Aslan (4514N) - Binary Code Integrator - Okaeri
  170. Incoming...
  171. If I had a nickel for every time I had a nickel, I'd have TWO NICKELS
  172. Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)
  173. Kon-Boot for USB and some news
  174. Generic unpacking paper revision
  175. PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs
  176. PAPER: Evading network-level emulation
  177. Blah
  178. SpiderPig and The Childs.
  179. SpiderPig Memory Tracer
  180. Presenting Kon-Boot v1.0
  181. Some graphs
  182. # IDA-Pro steals RIP ? introduction in relative addressing
  183. User-mode debugger with SoftICE UI
  184. # MS DirectShow MPEG2 (msvidctl.dll) worm was fired out!
  185. # IDA-Pro//BOCHSDBG plug-in bug: lack of 16bit support
  186. CallOutRecaptureRoutine and the changes it made
  187. # Xcon2009: passive non-resident root-kits
  188. VMprotect VM_logic (in v1.8 demo)
  189. # die Vista, die or why DEADDEEF is alive?
  190. A snippet of time.. ;) uneditted ..
  191. # IDA-Pro 5.5 has been updated, fixed ? Bochs plug-in unaligned PE bug
  192. # San-Francisco - A Dream Came True
  193. Native Blocks Pre-Alpha
  194. Server Handle Table Funtions.
  195. Ideas and concepts: behind the Sin32 Subsystem
  196. Bare Bone Client
  197. Ruby for Pentesters - The Dark Side I: Ragweed
  198. Server Thread Recycling (Beginings..)
  199. Current QuickLPC Server Implementation
  200. Current QuickLPC Client
  201. Function call graph plugin sample
  202. My first blog post.(plans for my blog)
  203. IDA Pro 5.5 and Hex-Rays 1.1 have been released!
  204. psusp
  205. Windows 7 RC syscalls
  206. # a bomb from McAfee (a nasty one)
  207. IDA Pro 5.5 goes alpha
  208. VMprotect VM_logic (in v1.8 demo)
  209. Matasano PFI (as seen on TV!)
  210. Using CreatePipe to detect and thwart Emulating Sandboxes and AV emulators
  211. EventPair Reversing, EventPairHandle as Anti-Dbg Trick
  212. Decompiling floating point
  213. IDA v5.4 demo
  214. RtlQueryProcessHeapInformation as Anti-Dbg Trick
  215. RtlQueryProcessDebugInformation as Anti-Dbg Trick
  216. Found what is that "long mode segmentation"
  217. Updated "Class Informer" plug-in
  218. Debugger tricks: Find all probable CONTEXT records in a crash dump
  219. Anti-Emulation Tricks
  220. InfoSec Institute's RE Course
  221. Examining kernel stacks on Vista/Srv08 using kdbgctrl -td
  222. VC++ asm intrinsics
  223. Ruby for Pen-Testers: Announcing Ruby Black Bag
  224. Netsons killed my Website
  225. DirecSound Capture With Deviare
  226. Understanding the kernel address space on 32-bit Windows Vista
  227. Recovering a process from a hung debugger
  228. Advanced Windows Kernel Debugging with VMWare and IDA's GDB debugger
  229. # I’m on my way to South Africa
  230. # self-replicated processes
  231. # JL/JGE Intel CPU bug as anti-reversing trick
  232. # Olly Plug-ins and MS VC
  233. # Olly loads Olly to bypass anti-attach tricks /* Clerk? trick */
  234. # anti-attach: BaseThreadStartThunk => NO_ACCESS
  235. # zombie slam
  236. # Process Explorer - bloody hell of indefinite waiting bugs
  237. # NtRequestWaitReplyPort abuses IDA-Pro
  238. # PRNG based on REP STOS
  239. # attach to me? if you can (part II)
  240. # self-overwritten REP STOS/MOVS, IDA-Pro 5.4 and Ko
  241. # try to attach to me? if you can!
  242. The IDA Pro book
  243. Mr. Bachaalany joins Hex-Rays
  244. Bochs Emulator and IDA?
  245. IDA Pro has 9 debugger modules
  246. IDA and MIPS
  247. BITS used as a covert channel
  248. Bochs plugin goes alpha
  249. Blackhat USA 2008
  250. Apple's variant of ptrace()