isdebuggerpresent

Debugging Fun – Putting a process to sleep()

Published February 29, 2012 |

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading →

Posted in 001_Security, Exploit Writing Tutorials, Malware and Reversing, Uncategorized | Tagged cgi, corelan, corelan team, cve-2008-0532, debugger, entrypoint, f, function, fx, hook, immunity, isdebuggerpresent, jit, just in time, loop, pefile, python, rva, sleep, www-corelan-be

The Honeypot Incident – How strong is your UF (Reversing FU)

Published January 31, 2011 |

By Peter Van Eeckhoutte (corelanc0d3r)

Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it “EGYPTS-AIRWAYS”, set up a honeypot + some other monitoring tools, and connected it to the internet.
Continue reading →

Posted in 001_Security, Exploits, Malware and Reversing | Tagged analysis, anti, challenge, compromise, conficker, corelan, debugger, debugging, engineer, game, honeypot, how strong is you uf, iat, isdebuggerpresent, malware, ms08-067, netapi, peb, reverse, reversing, svchost.ee, worm

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Debugging Fun – Putting a process to sleep()

The Honeypot Incident – How strong is your UF (Reversing FU)

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!