View Full Version : Blogs Forum
- "Client" Unit Tests(some fun ones..)Indirect RtlCreateUserThread hooking.. (11 replies)
- Several Common Ways That Viruses Spread (2 replies)
- VMware ring3 detection (RF handling) (13 replies)
- Javascript for IDA Pro (1 replies)
- Sorry its taking so long on the next release of source.. (1 replies)
- Casts are bad (0 replies)
- (In My fucked up way Of thinking...) (2 replies)
- # faked Adobe PDF.SWF exploit on milw0rm (0 replies)
- # weakness of PAGE_GUARD or new Windows bug (XP/Vista 32/64 SP1) (1 replies)
- placing a "hotpatch" where it doesnt belong.. (0 replies)
- why Opcode0x90's "dll Injection shield" fails against RtlCreateUserThead (8 replies)
- Pwnie Awards Nominees!!! (1 replies)
- Bypassing Csrss's hold on Terminating Win32Threads.. (0 replies)
- Aslan (4514N) - Binary Code Integrator - Okaeri (8 replies)
- Generic unpacking paper revision (0 replies)
- Some graphs (0 replies)
- PAPER: Evading network-level emulation (0 replies)
- Blah (0 replies)
- Kon-Boot for USB and some news (0 replies)
- Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case) (0 replies)
- If I had a nickel for every time I had a nickel, I'd have TWO NICKELS (0 replies)
- Incoming... (0 replies)
- Presenting Kon-Boot v1.0 (1 replies)
- SpiderPig Memory Tracer (0 replies)
- SpiderPig and The Childs. (0 replies)
- PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs (0 replies)
- # IDA-Pro steals RIP ? introduction in relative addressing (0 replies)
- User-mode debugger with SoftICE UI (10 replies)
- # MS DirectShow MPEG2 (msvidctl.dll) worm was fired out! (0 replies)
- # IDA-Pro//BOCHSDBG plug-in bug: lack of 16bit support (0 replies)
- CallOutRecaptureRoutine and the changes it made (1 replies)
- # Xcon2009: passive non-resident root-kits (3 replies)
- VMprotect VM_logic (in v1.8 demo) (0 replies)
- # die Vista, die or why DEADDEEF is alive? (0 replies)
- A snippet of time.. ;) uneditted .. (0 replies)
- # IDA-Pro 5.5 has been updated, fixed ? Bochs plug-in unaligned PE bug (0 replies)
- # San-Francisco - A Dream Came True (3 replies)
- Native Blocks Pre-Alpha (10 replies)
- Server Handle Table Funtions. (1 replies)
- Ideas and concepts: behind the Sin32 Subsystem (0 replies)
- Bare Bone Client (8 replies)
- Ruby for Pentesters - The Dark Side I: Ragweed (0 replies)
- Server Thread Recycling (Beginings..) (13 replies)
- Current QuickLPC Client (0 replies)
- Current QuickLPC Server Implementation (10 replies)
- Function call graph plugin sample (1 replies)
- My first blog post.(plans for my blog) (8 replies)
- IDA Pro 5.5 and Hex-Rays 1.1 have been released! (0 replies)
- psusp (1 replies)
- Windows 7 RC syscalls (3 replies)
- # a bomb from McAfee (a nasty one) (2 replies)
- IDA Pro 5.5 goes alpha (0 replies)
- VMprotect VM_logic (in v1.8 demo) (2 replies)
- Matasano PFI (as seen on TV!) (1 replies)
- Using CreatePipe to detect and thwart Emulating Sandboxes and AV emulators (1 replies)
- EventPair Reversing, EventPairHandle as Anti-Dbg Trick (4 replies)
- Decompiling floating point (0 replies)
- IDA v5.4 demo (3 replies)
- RtlQueryProcessHeapInformation as Anti-Dbg Trick (0 replies)
- RtlQueryProcessDebugInformation as Anti-Dbg Trick (2 replies)
- Found what is that "long mode segmentation" (0 replies)
- Updated "Class Informer" plug-in (0 replies)
- Debugger tricks: Find all probable CONTEXT records in a crash dump (0 replies)
- Anti-Emulation Tricks (7 replies)
- InfoSec Institute's RE Course (0 replies)
- Examining kernel stacks on Vista/Srv08 using kdbgctrl -td (0 replies)
- VC++ asm intrinsics (0 replies)
- Ruby for Pen-Testers: Announcing Ruby Black Bag (0 replies)
- Netsons killed my Website (2 replies)
- DirecSound Capture With Deviare (1 replies)
- Understanding the kernel address space on 32-bit Windows Vista (0 replies)
- Recovering a process from a hung debugger (0 replies)
- Advanced Windows Kernel Debugging with VMWare and IDA's GDB debugger (0 replies)
- # I’m on my way to South Africa (2 replies)
- # JL/JGE Intel CPU bug as anti-reversing trick (2 replies)
- # self-replicated processes (0 replies)
- # Olly Plug-ins and MS VC (0 replies)
- # Olly loads Olly to bypass anti-attach tricks /* Clerk? trick */ (2 replies)
- # anti-attach: BaseThreadStartThunk => NO_ACCESS (0 replies)
- # zombie slam (0 replies)
- # Process Explorer - bloody hell of indefinite waiting bugs (0 replies)
- # NtRequestWaitReplyPort abuses IDA-Pro (0 replies)
- # PRNG based on REP STOS (0 replies)
- # attach to me? if you can (part II) (1 replies)
- # self-overwritten REP STOS/MOVS, IDA-Pro 5.4 and Ko (1 replies)
- # try to attach to me? if you can! (2 replies)
- BITS used as a covert channel (0 replies)
- Bochs Emulator and IDA? (0 replies)
- Bochs plugin goes alpha (0 replies)
- IDA and MIPS (0 replies)
- IDA Pro has 9 debugger modules (0 replies)
- The IDA Pro book (0 replies)
- Mr. Bachaalany joins Hex-Rays (0 replies)
- Blackhat USA 2008 (0 replies)
- Apple's variant of ptrace() (0 replies)
- Recon2008 (0 replies)
- Kernel debugging with IDA (1 replies)
- Testing debuggers (0 replies)
- From simple to complex (3 replies)
- Bridge them all (5 replies)
- # IDA-Pro 5.4: old bugs on the new streets (was: to download or to not download) (1 replies)
- # RE course in Tel-Aviv (0 replies)
- Playstation3 / PS3 - Harddisk encryption (4 replies)
- # simple OllyScript for upx (0 replies)
- S7 airlines is under attack! (0 replies)
- # Baghdad - dead alive breakpoints (0 replies)
- # PatchDiff => Hex-Rays => WinDiff: how to analyze patches faster (0 replies)
- Class Informer IDA plug-in (5 replies)
- Windows 7 syscall list (0 replies)
- IDA v5.4 release is not that far away (2 replies)
- # shell-codes analysis: where is EP? (0 replies)
- Windows 7 kernel structures (0 replies)
- x64 SEH & Explorer Suite Update (5 replies)
- # FreeLibrary bug becomes a PE packers bug (0 replies)
- San-Francisco - the place to meet (5 replies)
- # MS VC - challenge for PE packers (3 replies)
- Unpinning Imported .dll's (2 replies)
- # chilly suspicions of new win32 bug (0 replies)
- # 3 lines C-prog hurts MS VC (1 replies)
- Malware: Unpacking Waledac (0 replies)
- # dynamic TLS callbacks instead of SEH (1 replies)
- # IDA-Pro and simple (E)SP hack (0 replies)
- # GetProcessDEPPolicy for XP/XP SP2 (0 replies)
- NtSetDebugFilterState as Anti-Dbg Trick (11 replies)
- # TLS callbacks w/o USER32 (part III) (3 replies)
- # TLS callbacks w/o USER32 (part II) (0 replies)
- # another EnableTracing() bug (0 replies)
- # XP/S2K3 fails to process TLS w/o USER32 (3 replies)
- # DS/FS is under hardware breakpoints (0 replies)
- IDA and TLS callbacks (0 replies)
- how powerful IDA Script might be (0 replies)
- # IDA-Pro EnableTracing() - how not to do (0 replies)
- blog was moved (0 replies)
- Guidelines to MFC reversing (2 replies)
- IOCTL-Proxy (7 replies)
- Dynamic C++ Proposal (6 replies)
- Command line version of OSR's DeviceTree (0 replies)
- Backdoor.Win32.UltimateDefender Reverse Engineering (7 replies)
- Switch as Binary Search, Part 0 (0 replies)
- Switch as Binary Search, Part 1 (0 replies)
- Qt Internals & Reversing (11 replies)
- CVE-2006-5758: better late than ever (3 replies)
- Malware and initial stack pointer value (1 replies)
- Shared object injection on linux/unix (8 replies)
- Bagle.W IDB (0 replies)
- Trojan.Zhelatin.pk (3 replies)
- Hotpatching MS08-067 (0 replies)
- Using dual-mappings to evade automated unpackers (1 replies)
- On Analysis of Client-Server Software Applications (0 replies)
- Analyzing local privilege escalations in win32k (0 replies)
- Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 (0 replies)
- Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS (0 replies)
- VbPython 1.2a (0 replies)
- examples of the syllabuses (0 replies)
- Interesting Kernel32 Constant (3 replies)
- Analyzing Malicious PDF's (0 replies)
- The Wild World of VoIP (3 replies)
- RE-courses/conferences schedule (0 replies)
- custom gpa spy (3 replies)
- Debugger Detection Via NtSystemDebugControl (11 replies)
- POP SS and Debuggers (5 replies)
- Fighting Oreans' VM (code virtualizer flavour) (32 replies)
- PEiD imports parsing DoS (6 replies)
- Nucleus Framework (2 replies)
- SoftICE and KDExtensions (2 replies)
- IDA2PAT Reloaded (1 replies)
- Black Hat 2008 Wrap-up (0 replies)
- Part 2: Introduction to Optimization (0 replies)
- VMProtect, Part 0: Basics (15 replies)
- Part 3: Optimizing and Compiling (2 replies)
- Part 1: Bytecode and IR (0 replies)
- Inside DeleteFiber() as Anti Debug Trick (15 replies)
- Something different part 3, or not quite different (0 replies)
- Why hooking system services is more difficult (and dangerous) than it looks (0 replies)
- Inside SetUnhandledExceptionFilter (5 replies)
- Small Devices & RCE (3 replies)
- IDA on iPhone (6 replies)
- SymbolFinder (7 replies)
- Sun VirtualBox Disassembler Explantation (9 replies)
- CartellaUnicaTasse.exe Italian Malware RCE Analysis (5 replies)
- Why is secure development so important? (0 replies)
- pde/pte softice plugin (0 replies)
- Funny coded malware (10 replies)
- antisptd (7 replies)
- IceProbe - SoftIce Command Tracer (9 replies)
- build rule for x64 asm (0 replies)
- nonintrusive tracer on x64 (1 replies)
- My "Unofficial" ReCon Video (3 replies)
- Strong-Name Signing, AdmiralDebilitate v0.1 (6 replies)
- IDA Pro Development Environment (1 replies)
- Control Flow Deobfuscation Part 3 (2 replies)
- Vmware snapshot and SSDT (1 replies)
- Phoenix Protector 1.3.0.1 (9 replies)
- .NET Internals and Native Compiling (13 replies)
- Fujitsu 3D Shock Sensor Application Reversing (0 replies)
- An Introduction To .NET Reversing (3 replies)
- IDA and vmread/vmwrite x64 (3 replies)
- Intel VT and cpuid break (8 replies)
- Downloader.Win32.Small or Win32/PolyCrypt Reversing (0 replies)
- #773: bug in IDA-Pro [fails to debug zero-based PE] (0 replies)
- "Function String Associate" IDA Plug-in (1 replies)
- # old CD 03 bug in windows (0 replies)
- # free IDA-Pro training (2 replies)
- # turbo-import [stealth anti-api-monitors style] (0 replies)
- # bug in Olly, Windows behavior and Peter Ferrie (0 replies)
- # thinking in IDA Pro - how to obtain a copy (0 replies)
- # bug in Process Explorer (a gift for malware) (0 replies)
- # other solutions: how to load two or more files into the same IDA-Pro database (0 replies)
- # how to load two or more files into single IDA Pro database (0 replies)
- # Syser causes BSOD (1 replies)
- # eternal life, ammo, scores in games (1 replies)
- .NET Internals and Code Injection (15 replies)
- D3DLookingGlass v0.1 (14 replies)
- DisasMSIL and CFF Explorer (8 replies)
- Retsaot is Toaster, Reversed: Quick 'n Dirty Firmware Reversing (5 replies)
- My next 2 articles (3 replies)
- A brief discussion of Windows Vista’s IE Protected Mode (and user/process level secur (0 replies)
- Rebel.NET (10 replies)
- Integer overflow (0 replies)
- Control Flow Deobfuscation Part 2 (1 replies)
- Programming against the x64 exception handling support, part 2: A description of the (0 replies)
- The kernel object namespace and Win32, part 1 (0 replies)
- The kernel object namespace and Win32, part 2 (0 replies)
- The kernel object namespace and Win32, part 3 (0 replies)
- Frame pointer omission (FPO) optimization and consequences when debugging, part 1 (0 replies)
- Frame pointer omission (FPO) optimization and consequences when debugging, part 2 (0 replies)
- Programming against the x64 exception handling support, part 1: Definitions for x64 v (0 replies)
- Programming against the x64 exception handling support, part 3: Unwind internals (Rtl (0 replies)
- Programming against the x64 exception handling support, part 4: Unwind internals (Rtl (0 replies)
- Programming against the x64 exception handling support, part 5: Collided unwinds (0 replies)
- Programming against the x64 exception handling support, part 6: Frame consolidation u (0 replies)
- Programming against the x64 exception handling support, part 7: Putting it all togeth (0 replies)
- Debugger tricks: API call logging, the quick’n'dirty way (part 1) (0 replies)
- Debugger tricks: API call logging, the quick’n'dirty way (part 2) (0 replies)
- Debugger tricks: API call logging, the quick’n'dirty way (part 3) (0 replies)
- Few words about Kraken (2 replies)
- Useful debugger commands: .writemem and .readmem (0 replies)
- Introduction to x64 debugging, part 1 (0 replies)
- Introduction to x64 debugging, part 2 (0 replies)
- Introduction to x64 debugging, part 3 (0 replies)
- Introduction to x64 debugging, part 4 (0 replies)
- Introduction to x64 debugging, part 5 (0 replies)
- x64 Debugging Review (0 replies)
- Using SDbgExt to aid your debugging and reverse engineering efforts (part 1). (0 replies)
- SDbgExt extensions - part 2. (0 replies)
- Useful WinDbg commands: .formats (0 replies)
- Beware of stack usage with the new network stack in Windows Vista (0 replies)
- Debugger commands review (0 replies)
- Debugger flow control: More on breakpoints (part 2) (0 replies)
- SDbgExt 1.09 released (support for displaying x64 EH data) (0 replies)
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.