Sniffing USB traffic with VMWare
VMWare offers the possibility to dump any usb traffic at the lowest level to a dump file.We'll describe here how to activate this feature, and additionally publish a script to convert the dump file to the PCAP format, suitable for use with wireshark.
Enable USB logging
VMWare can ...
Splitting a mercurial repository : HgSplit
Training at CanSecWest 2011: Advanced binary deobfuscation
The course will teach you how to overcome state-of-the-art binary obfuscation.
You will see, and learn to defeat :
- traditional junk,
- arithmetic code hiding,
- code flattening,
- and ...
In this article I will explain how I designed a rootkit for Microsoft Internet Information Services (IIS).The question is: why a backdoor in a web server?
First obvious but useless answer: because we can.
Ok, let us give a more clever answer. The purpose of backdooring a web sever ...read more
Training at CanSecWest 2011 : Analysis of malicious documents
The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector to exploit end-user systems. Their respective ...read more
Metasm recipes: working with a process image
Today we'll discuss how metasm can be used to work with a process memory dump, and also how to search for gadgets suitable for a short ROP sequence.
While working on a vulnerability on a windows server, we had the following premises:
- Non-executable heap
- Randomised address space (except for ...
CVE-2010-3830 - iOS < 4.2.1 packet filter local kernel vulnerability
This post will describe a recent iPhone kernel vulnerability discovered by comex and used in the limera1n and Greenpois0n jailbreaking tools. Both tools exploit a BootROM vulnerability found by geohot to get initial code execution on the device, and comex's kernel exploit is then used to make the jailbreak ...read more
Padding Oracle attack and its applications on ASP.NET
ASP.NET is a group of Web development technologies created by Microsoft, which offers developers an easy way to create dynamic web sites, web applications, or XML web services. To use it, a compatible web server is needed (like Microsoft IIS for example). ASP.NET is part of Microsoft.NET ...read more
ESET CONFidence 2010 Crackme - WriteUp
ESET proposed a crackme during the CONFidence conference. Challenge started on November, 29th and lasted two days. The goal was to find a valid username/serial combination. Challenge was won by Dmitry Sklyarov, from ElcomSoft. This article will present a solution for the crackme, and the steps needed to write ...read more