Log in

View Full Version : Blogs Forum


Pages : 1 [2] 3 4

  1. "Client" Unit Tests(some fun ones..)Indirect RtlCreateUserThread hooking.. (11 replies)
  2. Several Common Ways That Viruses Spread (2 replies)
  3. VMware ring3 detection (RF handling) (13 replies)
  4. Javascript for IDA Pro (1 replies)
  5. Sorry its taking so long on the next release of source.. (1 replies)
  6. Casts are bad (0 replies)
  7. (In My fucked up way Of thinking...) (2 replies)
  8. # faked Adobe PDF.SWF exploit on milw0rm (0 replies)
  9. # weakness of PAGE_GUARD or new Windows bug (XP/Vista 32/64 SP1) (1 replies)
  10. placing a "hotpatch" where it doesnt belong.. (0 replies)
  11. why Opcode0x90's "dll Injection shield" fails against RtlCreateUserThead (8 replies)
  12. Pwnie Awards Nominees!!! (1 replies)
  13. Bypassing Csrss's hold on Terminating Win32Threads.. (0 replies)
  14. Aslan (4514N) - Binary Code Integrator - Okaeri (8 replies)
  15. Generic unpacking paper revision (0 replies)
  16. Some graphs (0 replies)
  17. PAPER: Evading network-level emulation (0 replies)
  18. Blah (0 replies)
  19. Kon-Boot for USB and some news (0 replies)
  20. Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case) (0 replies)
  21. If I had a nickel for every time I had a nickel, I'd have TWO NICKELS (0 replies)
  22. Incoming... (0 replies)
  23. Presenting Kon-Boot v1.0 (1 replies)
  24. SpiderPig Memory Tracer (0 replies)
  25. SpiderPig and The Childs. (0 replies)
  26. PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs (0 replies)
  27. # IDA-Pro steals RIP ? introduction in relative addressing (0 replies)
  28. User-mode debugger with SoftICE UI (10 replies)
  29. # MS DirectShow MPEG2 (msvidctl.dll) worm was fired out! (0 replies)
  30. # IDA-Pro//BOCHSDBG plug-in bug: lack of 16bit support (0 replies)
  31. CallOutRecaptureRoutine and the changes it made (1 replies)
  32. # Xcon2009: passive non-resident root-kits (3 replies)
  33. VMprotect VM_logic (in v1.8 demo) (0 replies)
  34. # die Vista, die or why DEADDEEF is alive? (0 replies)
  35. A snippet of time.. ;) uneditted .. (0 replies)
  36. # IDA-Pro 5.5 has been updated, fixed ? Bochs plug-in unaligned PE bug (0 replies)
  37. # San-Francisco - A Dream Came True (3 replies)
  38. Native Blocks Pre-Alpha (10 replies)
  39. Server Handle Table Funtions. (1 replies)
  40. Ideas and concepts: behind the Sin32 Subsystem (0 replies)
  41. Bare Bone Client (8 replies)
  42. Ruby for Pentesters - The Dark Side I: Ragweed (0 replies)
  43. Server Thread Recycling (Beginings..) (13 replies)
  44. Current QuickLPC Client (0 replies)
  45. Current QuickLPC Server Implementation (10 replies)
  46. Function call graph plugin sample (1 replies)
  47. My first blog post.(plans for my blog) (8 replies)
  48. IDA Pro 5.5 and Hex-Rays 1.1 have been released! (0 replies)
  49. psusp (1 replies)
  50. Windows 7 RC syscalls (3 replies)
  51. # a bomb from McAfee (a nasty one) (2 replies)
  52. IDA Pro 5.5 goes alpha (0 replies)
  53. VMprotect VM_logic (in v1.8 demo) (2 replies)
  54. Matasano PFI (as seen on TV!) (1 replies)
  55. Using CreatePipe to detect and thwart Emulating Sandboxes and AV emulators (1 replies)
  56. EventPair Reversing, EventPairHandle as Anti-Dbg Trick (4 replies)
  57. Decompiling floating point (0 replies)
  58. IDA v5.4 demo (3 replies)
  59. RtlQueryProcessHeapInformation as Anti-Dbg Trick (0 replies)
  60. RtlQueryProcessDebugInformation as Anti-Dbg Trick (2 replies)
  61. Found what is that "long mode segmentation" (0 replies)
  62. Updated "Class Informer" plug-in (0 replies)
  63. Debugger tricks: Find all probable CONTEXT records in a crash dump (0 replies)
  64. Anti-Emulation Tricks (7 replies)
  65. InfoSec Institute's RE Course (0 replies)
  66. Examining kernel stacks on Vista/Srv08 using kdbgctrl -td (0 replies)
  67. VC++ asm intrinsics (0 replies)
  68. Ruby for Pen-Testers: Announcing Ruby Black Bag (0 replies)
  69. Netsons killed my Website (2 replies)
  70. DirecSound Capture With Deviare (1 replies)
  71. Understanding the kernel address space on 32-bit Windows Vista (0 replies)
  72. Recovering a process from a hung debugger (0 replies)
  73. Advanced Windows Kernel Debugging with VMWare and IDA's GDB debugger (0 replies)
  74. # I’m on my way to South Africa (2 replies)
  75. # JL/JGE Intel CPU bug as anti-reversing trick (2 replies)
  76. # self-replicated processes (0 replies)
  77. # Olly Plug-ins and MS VC (0 replies)
  78. # Olly loads Olly to bypass anti-attach tricks /* Clerk? trick */ (2 replies)
  79. # anti-attach: BaseThreadStartThunk => NO_ACCESS (0 replies)
  80. # zombie slam (0 replies)
  81. # Process Explorer - bloody hell of indefinite waiting bugs (0 replies)
  82. # NtRequestWaitReplyPort abuses IDA-Pro (0 replies)
  83. # PRNG based on REP STOS (0 replies)
  84. # attach to me? if you can (part II) (1 replies)
  85. # self-overwritten REP STOS/MOVS, IDA-Pro 5.4 and Ko (1 replies)
  86. # try to attach to me? if you can! (2 replies)
  87. BITS used as a covert channel (0 replies)
  88. Bochs Emulator and IDA? (0 replies)
  89. Bochs plugin goes alpha (0 replies)
  90. IDA and MIPS (0 replies)
  91. IDA Pro has 9 debugger modules (0 replies)
  92. The IDA Pro book (0 replies)
  93. Mr. Bachaalany joins Hex-Rays (0 replies)
  94. Blackhat USA 2008 (0 replies)
  95. Apple's variant of ptrace() (0 replies)
  96. Recon2008 (0 replies)
  97. Kernel debugging with IDA (1 replies)
  98. Testing debuggers (0 replies)
  99. From simple to complex (3 replies)
  100. Bridge them all (5 replies)
  101. # IDA-Pro 5.4: old bugs on the new streets (was: to download or to not download) (1 replies)
  102. # RE course in Tel-Aviv (0 replies)
  103. Playstation3 / PS3 - Harddisk encryption (4 replies)
  104. # simple OllyScript for upx (0 replies)
  105. S7 airlines is under attack! (0 replies)
  106. # Baghdad - dead alive breakpoints (0 replies)
  107. # PatchDiff => Hex-Rays => WinDiff: how to analyze patches faster (0 replies)
  108. Class Informer IDA plug-in (5 replies)
  109. Windows 7 syscall list (0 replies)
  110. IDA v5.4 release is not that far away (2 replies)
  111. # shell-codes analysis: where is EP? (0 replies)
  112. Windows 7 kernel structures (0 replies)
  113. x64 SEH & Explorer Suite Update (5 replies)
  114. # FreeLibrary bug becomes a PE packers bug (0 replies)
  115. San-Francisco - the place to meet (5 replies)
  116. # MS VC - challenge for PE packers (3 replies)
  117. Unpinning Imported .dll's (2 replies)
  118. # chilly suspicions of new win32 bug (0 replies)
  119. # 3 lines C-prog hurts MS VC (1 replies)
  120. Malware: Unpacking Waledac (0 replies)
  121. # dynamic TLS callbacks instead of SEH (1 replies)
  122. # IDA-Pro and simple (E)SP hack (0 replies)
  123. # GetProcessDEPPolicy for XP/XP SP2 (0 replies)
  124. NtSetDebugFilterState as Anti-Dbg Trick (11 replies)
  125. # TLS callbacks w/o USER32 (part III) (3 replies)
  126. # TLS callbacks w/o USER32 (part II) (0 replies)
  127. # another EnableTracing() bug (0 replies)
  128. # XP/S2K3 fails to process TLS w/o USER32 (3 replies)
  129. # DS/FS is under hardware breakpoints (0 replies)
  130. IDA and TLS callbacks (0 replies)
  131. how powerful IDA Script might be (0 replies)
  132. # IDA-Pro EnableTracing() - how not to do (0 replies)
  133. blog was moved (0 replies)
  134. Guidelines to MFC reversing (2 replies)
  135. IOCTL-Proxy (7 replies)
  136. Dynamic C++ Proposal (6 replies)
  137. Command line version of OSR's DeviceTree (0 replies)
  138. Backdoor.Win32.UltimateDefender Reverse Engineering (7 replies)
  139. Switch as Binary Search, Part 0 (0 replies)
  140. Switch as Binary Search, Part 1 (0 replies)
  141. Qt Internals & Reversing (11 replies)
  142. CVE-2006-5758: better late than ever (3 replies)
  143. Malware and initial stack pointer value (1 replies)
  144. Shared object injection on linux/unix (8 replies)
  145. Bagle.W IDB (0 replies)
  146. Trojan.Zhelatin.pk (3 replies)
  147. Hotpatching MS08-067 (0 replies)
  148. Using dual-mappings to evade automated unpackers (1 replies)
  149. On Analysis of Client-Server Software Applications (0 replies)
  150. Analyzing local privilege escalations in win32k (0 replies)
  151. Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 (0 replies)
  152. Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS (0 replies)
  153. VbPython 1.2a (0 replies)
  154. examples of the syllabuses (0 replies)
  155. Interesting Kernel32 Constant (3 replies)
  156. Analyzing Malicious PDF's (0 replies)
  157. The Wild World of VoIP (3 replies)
  158. RE-courses/conferences schedule (0 replies)
  159. custom gpa spy (3 replies)
  160. Debugger Detection Via NtSystemDebugControl (11 replies)
  161. POP SS and Debuggers (5 replies)
  162. Fighting Oreans' VM (code virtualizer flavour) (32 replies)
  163. PEiD imports parsing DoS (6 replies)
  164. Nucleus Framework (2 replies)
  165. SoftICE and KDExtensions (2 replies)
  166. IDA2PAT Reloaded (1 replies)
  167. Black Hat 2008 Wrap-up (0 replies)
  168. Part 2: Introduction to Optimization (0 replies)
  169. VMProtect, Part 0: Basics (15 replies)
  170. Part 3: Optimizing and Compiling (2 replies)
  171. Part 1: Bytecode and IR (0 replies)
  172. Inside DeleteFiber() as Anti Debug Trick (15 replies)
  173. Something different part 3, or not quite different (0 replies)
  174. Why hooking system services is more difficult (and dangerous) than it looks (0 replies)
  175. Inside SetUnhandledExceptionFilter (5 replies)
  176. Small Devices & RCE (3 replies)
  177. IDA on iPhone (6 replies)
  178. SymbolFinder (7 replies)
  179. Sun VirtualBox Disassembler Explantation (9 replies)
  180. CartellaUnicaTasse.exe Italian Malware RCE Analysis (5 replies)
  181. Why is secure development so important? (0 replies)
  182. pde/pte softice plugin (0 replies)
  183. Funny coded malware (10 replies)
  184. antisptd (7 replies)
  185. IceProbe - SoftIce Command Tracer (9 replies)
  186. build rule for x64 asm (0 replies)
  187. nonintrusive tracer on x64 (1 replies)
  188. My "Unofficial" ReCon Video (3 replies)
  189. Strong-Name Signing, AdmiralDebilitate v0.1 (6 replies)
  190. IDA Pro Development Environment (1 replies)
  191. Control Flow Deobfuscation Part 3 (2 replies)
  192. Vmware snapshot and SSDT (1 replies)
  193. Phoenix Protector 1.3.0.1 (9 replies)
  194. .NET Internals and Native Compiling (13 replies)
  195. Fujitsu 3D Shock Sensor Application Reversing (0 replies)
  196. An Introduction To .NET Reversing (3 replies)
  197. IDA and vmread/vmwrite x64 (3 replies)
  198. Intel VT and cpuid break (8 replies)
  199. Downloader.Win32.Small or Win32/PolyCrypt Reversing (0 replies)
  200. #773: bug in IDA-Pro [fails to debug zero-based PE] (0 replies)
  201. "Function String Associate" IDA Plug-in (1 replies)
  202. # old CD 03 bug in windows (0 replies)
  203. # free IDA-Pro training (2 replies)
  204. # turbo-import [stealth anti-api-monitors style] (0 replies)
  205. # bug in Olly, Windows behavior and Peter Ferrie (0 replies)
  206. # thinking in IDA Pro - how to obtain a copy (0 replies)
  207. # bug in Process Explorer (a gift for malware) (0 replies)
  208. # other solutions: how to load two or more files into the same IDA-Pro database (0 replies)
  209. # how to load two or more files into single IDA Pro database (0 replies)
  210. # Syser causes BSOD (1 replies)
  211. # eternal life, ammo, scores in games (1 replies)
  212. .NET Internals and Code Injection (15 replies)
  213. D3DLookingGlass v0.1 (14 replies)
  214. DisasMSIL and CFF Explorer (8 replies)
  215. Retsaot is Toaster, Reversed: Quick 'n Dirty Firmware Reversing (5 replies)
  216. My next 2 articles (3 replies)
  217. A brief discussion of Windows Vista’s IE Protected Mode (and user/process level secur (0 replies)
  218. Rebel.NET (10 replies)
  219. Integer overflow (0 replies)
  220. Control Flow Deobfuscation Part 2 (1 replies)
  221. Programming against the x64 exception handling support, part 2: A description of the (0 replies)
  222. The kernel object namespace and Win32, part 1 (0 replies)
  223. The kernel object namespace and Win32, part 2 (0 replies)
  224. The kernel object namespace and Win32, part 3 (0 replies)
  225. Frame pointer omission (FPO) optimization and consequences when debugging, part 1 (0 replies)
  226. Frame pointer omission (FPO) optimization and consequences when debugging, part 2 (0 replies)
  227. Programming against the x64 exception handling support, part 1: Definitions for x64 v (0 replies)
  228. Programming against the x64 exception handling support, part 3: Unwind internals (Rtl (0 replies)
  229. Programming against the x64 exception handling support, part 4: Unwind internals (Rtl (0 replies)
  230. Programming against the x64 exception handling support, part 5: Collided unwinds (0 replies)
  231. Programming against the x64 exception handling support, part 6: Frame consolidation u (0 replies)
  232. Programming against the x64 exception handling support, part 7: Putting it all togeth (0 replies)
  233. Debugger tricks: API call logging, the quick’n'dirty way (part 1) (0 replies)
  234. Debugger tricks: API call logging, the quick’n'dirty way (part 2) (0 replies)
  235. Debugger tricks: API call logging, the quick’n'dirty way (part 3) (0 replies)
  236. Few words about Kraken (2 replies)
  237. Useful debugger commands: .writemem and .readmem (0 replies)
  238. Introduction to x64 debugging, part 1 (0 replies)
  239. Introduction to x64 debugging, part 2 (0 replies)
  240. Introduction to x64 debugging, part 3 (0 replies)
  241. Introduction to x64 debugging, part 4 (0 replies)
  242. Introduction to x64 debugging, part 5 (0 replies)
  243. x64 Debugging Review (0 replies)
  244. Using SDbgExt to aid your debugging and reverse engineering efforts (part 1). (0 replies)
  245. SDbgExt extensions - part 2. (0 replies)
  246. Useful WinDbg commands: .formats (0 replies)
  247. Beware of stack usage with the new network stack in Windows Vista (0 replies)
  248. Debugger commands review (0 replies)
  249. Debugger flow control: More on breakpoints (part 2) (0 replies)
  250. SDbgExt 1.09 released (support for displaying x64 EH data) (0 replies)