Origami 1.0 released!
I am pleased to announce the first stable release of Origami, the PDF manipulation framework! A lot of new cool features has been added since the last beta and I consider the framework has become stable enough now. This release introduces the support for AES256 encryption/decryption, partial support for ...read more
Sniffing USB traffic with VMWare
VMWare offers the possibility to dump any usb traffic at the lowest level to a dump file.We'll describe here how to activate this feature, and additionally publish a script to convert the dump file to the PCAP format, suitable for use with wireshark.
Enable USB logging
VMWare can ...
Splitting a mercurial repository : HgSplit
In this article I will explain how I designed a rootkit for Microsoft Internet Information Services (IIS).The question is: why a backdoor in a web server?
First obvious but useless answer: because we can.
Ok, let us give a more clever answer. The purpose of backdooring a web sever ...read more
Metasm recipes: working with a process image
Today we'll discuss how metasm can be used to work with a process memory dump, and also how to search for gadgets suitable for a short ROP sequence.
While working on a vulnerability on a windows server, we had the following premises:
- Non-executable heap
- Randomised address space (except for ...
An approach to PDF shielding
However while many antivirus vendors ...read more
Hack in the Box - Amsterdam 2010
Nous y tiendrons le dojo Metasm, et donnerons une présentation sur une attaque physique ciblant Windows 7 64bits.
N'hésitez pas à passer nous faire un petit coucou !
We'll ...read more
Is this PDF malicious?
(At least) 4 ways to die opening a PDF
There are several way to trigger events when a PDF is viewed: pushing a button, resizing the document, closing it, reaching a page, when mouse pass on a zone, when an annotation is displayed/hidden, ... but the most interesting from an offensive point of view is when the document is ...read more