Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity
Introduction Last weekend I had some time so I wanted to have a look at a reversing challenge which you can find here: https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity Reverse Engineering 101 Contest Steps Get the exe to be hacked Break it open and start exploring. The only rule for the challenge is that it has to be solved by […]
Reversing 101 – Solving a protection scheme
In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading
Debugging Fun – Putting a process to sleep()
Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading
Many roads to IAT
A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.
I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading
HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)
Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge…
Continue reading
Honeynet Workshop 2011
March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public. Moreover, I didn’t have to pay the registration fee since I successfully completed one of the Honeynet Forensics challenges. The day was split in 4 sessions and had talks covering the Honeynet projects, malware, and ethical and legal considerations of tracking botnets and eventual take-downs.
Continue reading
Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained
Aloha,
Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF.
And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video.
Continue reading
Anti-debugging tricks revealed – Defcon CTF Qualifications 2009: Bin300 Analysis
A while ago I stumbled upon an awesome write-up of a very nice CTF challenge created by sapheads: http://hackerschool.org/DefconCTF/17/B300.html I love cartoons, and I love reversing, so I decided to play a little bit with that binary (b300.exe) which was a lot of fun. Because some interesting anti-debugging tricks were implemented into the binary…
Continue reading
The Honeypot Incident – How strong is your UF (Reversing FU)
Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading
Malicious pdf analysis : from price.zip to flashplayer.exe
This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip file.
When looking inside the zip file, I found a small pdf file… I immediately figured this file was up to no good, so it was time to get my hands dirty :)
Continue reading
Donate
Your donation will help funding server hosting.
