Many roads to IAT
A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.
I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading
mona.py – the manual
This document describes the various commands, functionality and behaviour of mona.py.
Released on june 16, this pycommand for Immunity Debugger replaces pvefindaddr, solving performance issues and offering numerous new features. pvefindaddr will still be available for download until all of its functionality has been ported over to mona.
Continue reading
Universal DEP/ASLR bypass with msvcr71.dll and mona.py
Over the last few weeks, there has been some commotion about a universal DEP/ASLR bypass routine using ROP gadgets from msvcr71.dll (written by Immunity Inc) and the fact that it might have been copied into an exploit submitted to Metasploit as part of the Metasploit bounty.
I’m not going to make any statements about this, but the ROP routine itself looks pretty slick.
Continue reading
HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)
Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge…
Continue reading
Codegate 2011 CTF – Binary200 – Anti Debugging Techniques Explained
Aloha,
Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF.
And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video.
Continue reading
Anti-debugging tricks revealed – Defcon CTF Qualifications 2009: Bin300 Analysis
A while ago I stumbled upon an awesome write-up of a very nice CTF challenge created by sapheads: http://hackerschool.org/DefconCTF/17/B300.html I love cartoons, and I love reversing, so I decided to play a little bit with that binary (b300.exe) which was a lot of fun. Because some interesting anti-debugging tricks were implemented into the binary…
Continue reading
The Honeypot Incident – How strong is your UF (Reversing FU)
Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading
Offensive Security Exploit Weekend
Introduction I’m excited and honored to be able to announce that Sud0, one of our Corelan Team members, has won the Offensive Security Exploit weekend, an exploiting exercise only available to Offensive Security certified alumni. The challenge was built around a vulnerability in Foxit Reader. Each participant was pointed to a Proof of Concept exploit, […]
Corelan official IRC channel online (freenode)
#corelan Some of you may have already noticed … Corelan team decided to open an official channel on IRC (freenode). About 24 hours ago, the channel went live and we have had the pleasure to greeting about 50 users in the channel since that time. That’s great ! As a lot of people mentioned in […]
Donate
Your donation will help funding server hosting.
