View Full Version : Blogs Forum

Pages : [1] 2 3 4

  1. Hardcoded dll export address: Python approach
  2. A case of a curious LibTIFF 4.0.3 + zlib 1.2.8 memory disclosure
  3. Trojan banking 47d18761d46d8e7c4ad49cc575b0acc2bb3f49bb56a3d29fb1ec600447cb89a4
  4. Extending IDAPython in IDA 6.5: Be careful about the GIL
  5. Gathering external information and using the most suitable tool to ease your malware
  6. Solution to Warsaw Honeynet Project Workshop Conference official Crackme
  7. The xxx project - looking under the hoods of guids
  8. My new Ollydbg plugin: Sequential Dumper
  9. x64 decompiler not far away
  10. Ollydbg plugin development: Findmemory needs Listmemory?
  11. addsym windbg extension (extension to load names from ida to windbg)
  12. Internal Security Analyst
  13. Security Testing Analyst
  14. Obfuscated shellcode inside a malicious RTF document
  15. Who’s copying who, introducing SnippetDetector
  16. Hacking and patching TP-LINK TD-W8901G router
  17. Protected Processes Part 3 : Windows PKI Internals (Signing Levels, Scenarios, Root K
  18. FFmpeg and a thousand fixes
  19. Eset ChallengeME 2013 Solution
  20. This time of the year
  21. Interacting with IDA through IPC channels
  22. My simple Firefox OS KeygenME
  23. Protected: The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations
  24. Protected: The Evolution of Protected Processes : Pass-the-Hash Mitigations in Window
  25. Kon-Boot v2.3 with Windows 8.1 support
  26. KASLR Bypass Mitigations in Windows 8.1
  27. Windows System Call and CSR API tables updated
  28. UEFI exploitation, DARPA and moving on
  29. ZeroNights 2013 and NTVDM vulnerabilities
  30. DRG 10/2013 Challenge: reconstruct original .py from .pyc
  31. Dragon Research Group challenge September 2013: solution
  32. Hardcoded dll export address
  33. Windows win32k.sys menus and some “close, but no cigar” bugs
  34. KINS malware: initialization and DNA paternity test
  35. vulnerability in… WinCalc (Win7, x64)
  36. Black Hat USA 2013, Bochspwn, slides and pointers
  37. KINS malware: the Virtual Machine
  38. Approaching BlackHat US 2013 and new Dragon Sector blog
  39. winapihelp plugin for ollydbg 1.10
  40. Base64 decoder/encoder
  41. Changing the cursor shape in Windows proven difficult by NVIDIA (and AMD)
  42. Kernel double-fetch race condition exploitation on x86 – further thoughts
  43. Unusual crackme by ksydfius
  44. DexInspector
  45. Some notes on how to find out hidden callbacks
  46. Dynamic forking in action
  47. WhatsApp Backup Inspector
  48. AIVD Cyber-challenge
  49. AthCon 2013 RE Challenge
  50. Female reverse engineering challenge
  51. promix17's MazeJumps crackme
  52. Dex Inspector online
  53. CONFidence 2013 and the x86 quirks
  54. NoSuchCon’13 and crashing Windows with two instructions
  55. Vulnerability fix for bTree engine
  56. Loading your own modules from your IDAPython scripts with idaapi.require()
  57. SyScan 2013, Bochspwn paper and slides
  58. Installing PIP packages, and using them from IDA on a 64-bit machine
  59. A story of win32k!cCapString, or unicode strings gone bad.
  60. Fun facts: Windows kernel and guard pages
  61. Dbgeng based handles (PART 2 .............)
  62. Dbgeng based Handles
  63. DbgEng based Kernel Debugger
  64. DbgEng Based Debugger (PART2 Contd......)
  65. DbgEng Based Debugger (PART2)
  66. A Simple Dbgeng Based User Mode Debugger
  67. [EXPLOIT][JAVA][1.7.0_10]
  68. PDF Fuzzing Fun Continued: Status Update
  69. Reversing RunDialog (Start+Run or Winkey+R) to Add a 27th entry to RunMRU list
  70. [JS][ECMA262][FUZZING] – Some work is already done
  72. CVE-2012-2553: Windows Kernel VDM use-after-free in win32k.sys
  73. Kernel Developer – Remote or On Site
  74. Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter
  75. ZeroNights slides, Hack In The Box Magazine #9 and other news
  76. Crawling MSDN for fun and profit
  77. Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops
  78. Defeating Windows Driver Signature Enforcement #1: default drivers
  79. ATmega328 (Arduino Uno compatible) MD5 optimized assembly implementation
  80. Introducing the USB Stick of Death
  81. Fun facts: Windows kernel and Device Extension Size
  82. Nullcon 2012 CTF
  83. PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities
  84. Mitigating Return-Oriented Programing Attacks and Other Exploitation Attempts via Sec
  85. PAPER: Fast, Reliable and Runtime Protection Method Against Table Index Overflows
  86. Securing The Kernel Via Static Binary Rewriting, Program Shepherding and Partial Cont
  87. ollydbg 2.x plugin OLLY_LKD
  88. OllyDbg 2.x Plugin Writing - Creating the OLLYDBG.LIB file
  89. Recon 2012: Compiler Internals
  90. CVE-2011-2018 exploitation as a standalone paper + other news
  91. Hack in the Box Magazine #8 available now
  92. Finding Bugs in VMs with a Theorem Prover, Round 1
  93. A Bug Hunter’s Diary review
  94. My little method for bypassing EMET EAF (Export Address Table Access Filtering)
  95. The trace replayer
  96. FIY: Printable “Windows Kernel Address Protection” paper out
  97. connect two virtual machines on one physical host and use wdeb386 to debug win98 app
  98. Magus Ex Machina – a product of a 48h codejam
  99. Refreshed Windows System Call Table (NT/2000/XP/2003/Vista/2008/7/8) released
  100. ApiMapSet Hooking
  101. ApiMapSet Explained
  102. Code viewer, forms & timers
  103. Hack in the Box Magazine #7 on the wild, at last.
  104. New features in Hex-Rays Decompiler 1.6
  105. PiXiEServ out for public
  106. New Security Assertions in “Windows 8
  107. Windows 8 Syscall Interface and Export Table diffing fun
  108. Simple Dll Compiled From Commandline Unlike what google returns vc++ proj
  109. IDA Pro 6.2 beta
  110. Filters & Shortcuts
  111. How To Add TypeInfo So That Dt Commands Work Properly In Windbg
  112. New feature in IDA 6.2: The proximity browser
  113. 0-day Windows XP SP3 Denial of Service (CSRSS Crash #1)
  114. Book review: IDA Pro Book, 2nd Edition
  115. Recon 2011: Practical C++ Decompilation
  116. IDA Pro 6.2 with database snapshots support
  117. CVE-2011-1282: User-Mode NULL Pointer Dereference & co.
  118. CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability
  119. PE Import Table and custom DLL paths
  120. Control Flow Deobfuscation via Abstract Interpretation
  121. Unpacking mpress’ed PE+ DLLs with the Bochs plugin
  122. Basic blocks and instructions statistics.
  123. Some notes on how to find out hidden callbacks
  124. Protected Mode Segmentation as a powerful anti-debugging measure
  125. The HITB Magazine #6 now available!
  126. How to crash EXPLORER.EXE on all Windows versions
  127. SMEP: What is it, and how to beat it on Windows
  128. Compling PinTools with Microsoft Visual Studio (MSVC9)
  129. nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques
  130. Subtle information disclosure in WIN32K.SYS syscall return values
  131. Precompiled PySide binaries for IDA Pro
  132. Control Flow Integrity: Some interesting papers
  133. Pimp My CrackMe contest results
  134. PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding
  135. VirusTotal plugin for IDA Pro
  136. Challenging job for software developers
  137. Reading Virtual Memory
  138. Updated plug-ins, blogging moved to..
  139. Dynamic Binary Instrumentation as base for security product (full system protection)?
  141. DelMod2
  142. The dream is 'really higher up'... :P
  143. When choosers invade forms
  144. HITB E-Zine Issue 005 finally made public
  145. tracer or Writing tracer without using Windows Debug API
  146. Using nt!_MiSystemVaType to navigate dynamic kernel address space in Windows7
  147. My Search for knowledge and my explorations There and back and most often in a circle
  148. DbgView patch
  149. Windows Kernel-mode GS Cookies and 1 bit of entropy
  150. IDA & Qt: Under the hood
  151. Rebootless Windows Updates (Ksplice for Windows) and AutoDiff
  152. IDA Pro 6 licenses
  153. (Yet another) Memory dumper
  154. Reality Cracking CNN's Bias
  155. IDA Pro, Python and Qt
  156. HITB eZine Issue 004 is public!
  157. Calculating API hashes with IDA Pro
  158. Windows kernel2user transitions one more time
  159. The Old New Thing: Why you shouldn't allocate usermode memory from PsSetLoadImageNot
  160. PAPER: JIT spraying and mitigations
  161. Kernel exploitation – r0 to r3 transitions via KeUserModeCallback
  162. Recon 2010: Intro to Embedded Reverse Engineering for PC reversers
  163. PAPER: Security Mitigations for Return-Oriented Programming Attacks
  164. Dataflow-0.2.0 released. New: in memory fuzzing means
  166. IDAQ: The result of 7 months at Hex-Rays
  167. Dynamic Binary Code and Data Flow Analysis Instrumentation.
  168. Handy debugger tricks: Setting osloader options on a per-boot basis
  169. Windows CSRSS Write Up: Inter-process Communication (part 2/3)
  170. Blog customization, old PHP advisories
  171. Implementing command completion for IDAPython
  172. Kernel debugger vs user mode exceptions
  173. Windows CSRSS Write Up: Inter-process Communication (part 1/3)
  174. Attacking the Host via Remote Kernel Debugger (Virtual Machines)
  175. Running scripts from the command line with idascript
  176. Windows CSRSS Write Up: the basics (part 1/1)
  177. IDA Pro 5.7 highlights
  178. A quick insight into the Driver Signature Enforcement
  179. Extending IDC and IDAPython
  180. [WinInternals] Reverse Engineering of kdbgctrl - How are builded Kernel Triage Dumps
  181. PatchDiff2 Analysis and Decompilation
  182. CONFidence 2010 is over
  183. UI and scripting improvements
  184. The Future of Disassembling - Cloud OS
  185. ARM decompiler beta is coming
  186. Windows CSRSS cross-version API Table
  187. Kernel debugging with IDA Pro / Windbg plugin and VirtualKd
  188. Debugging the Debugger - Reversing kldbgdrv.sys and Potential Usages
  189. Book Review: The Art of Assembly Language, 2nd Edition
  190. Windows Kernel Vulnerabilities continued – details
  191. CTcpFwd – cross-platform stdin/out to socket forwarding class
  192. Windows Kernel Vulnerabilities release (Hispasec research)
  193. A Filemaker Story
  194. Environment variable editor
  195. Scriptable plugins
  196. Using custom viewers from IDAPython
  197. Preview of the new cross-platform IDA Pro GUI
  198. Compiler Optimizations for Reverse Engineers
  199. Custom data types and formats
  200. Abusing alignment code for anti-sandboxing purposes
  201. Scriptable Processor modules
  202. My first month at Hex-Rays
  203. Great News!
  204. New IDC improvement in IDA Pro 5.6
  205. RCE, A New Exciting and Strange World
  206. Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach
  207. Hex-Rays against Aurora
  208. Practical Appcall examples
  209. "Descriptor tables in kernel exploitation" - a new article
  210. Advanced Signature Writing via FuzzyHashing
  211. Introducing the Appcall feature in IDA Pro 5.6
  212. Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator
  213. PDF file loader to extract and analyse shellcode
  214. x86 Kernel Memory Space Visualization (KernelMAP v0.0.1)
  215. Code release: C-subset compiler in Objective Caml
  216. VinE's OCaml Programming Tricks: Explicit Continuation-Passing Style
  217. DNAScan Malicious Network Activity Reverse Engineering
  218. Hex-Rays Plugin Contest
  219. Win32k.SYS system call table
  220. KiTrap06(#UD)
  221. Using MATLAB and Mathcad for solving (mesh current) equations.
  222. Unexported SSDT functions finding method
  223. Elevation of Privilege DLL Patcher
  224. Hex-Rays is hiring
  225. Filter Monitor 1.0.1
  226. Hex-Rays Decompiler primer
  227. Structure Recovery as Counter-Example Guided Abstraction Refinement
  228. Controlling Windows process list, part 1
  229. Telewizor, meble, ma?y fiat
  230. SEH Graph
  231. SMB2: 351 Packets from the Trampoline released!
  232. 351 Packets from the Trampoline
  233. TraceHook v0.0.2
  234. Device Drivers Vulnerability Research, Avast a real case
  235. Finding instructions
  236. An attempt to reconstruct the call stack
  237. VMware CloudBurst - VMware Guest to Host Escape Exploit
  238. C++ Method Constness
  239. Develop your master boot record and debug it with IDA Pro and the Bochs debugger plug
  240. Code Release page
  241. Viewer for driver dispatch tables
  242. Binary-Auditing Solutions.
  243. DllMain and its uncovered possibilites
  244. Suspending processes in Windows, part 1
  245. Recent conferences’ reports
  246. Process termination issues
  247. The incoming SecDay conference
  248. Hello world!
  249. TraceHook v0.0.1 release
  250. Extending Total Commander with some minor functionality