To help the attendees of my Brucon White Hat Shellcode workshop, I wrote a new program to generate simple shellcode. I’m releasing it now. People regularly ask me for malware so they can test their security setup. First, that’s a bad idea, and second, you can do without. Why is using malware a bad idea? It’s dangerous and not reliable. Say you use a trojan to test your sandbox. You notice that you
Synalyze It! - Hex Editor for MacThe fastest way to analyze binary files. Let Synalyze It! parse your files and see immediately all the structures, strings and numbers. Imagine... you have a binary file and don't know its contents. Or some software creates binary files you have a specification for but don't want to decode them manually. Have you ever looked at a hex dump and felt how hard it is to
I came across a program the other day that is very powerful when it comes to IR (Incident Response). So wanting to learn more about the platform I dived right in and decided to create a plugin. What if you could automatically carve out a file from a memory image and submit said carving to an online virus scanning service? That’d be awesome and make for quick work to triage any memory dumps you
Soon we are going to start testing the next IDA version. There will be many improvements. Some of them we have mentioned previously: Proximity view PE+ support for Bochs (64-bit PE files) UI shortcut editor Filters in choosers Database snapshots Other new major features: GUI installers for Linux and OS X Automatic check for new versions: Cross-references to structure members: Floating licenses: ou
リメイクがこの秋に出ると聞いてPSPを引っ張り出し、『俺の屍を越えてゆけ(ダウンロード版)』をリプレイしている。発売当時、大学生だった筆者を廃ゲーマーと化させたこのゲーム、実は少し前にも再プレイしていた。このゲームの「家族」というテーマが、あれからしばらく経った自分にどんなかたちで受け入れられるのか、知りたくなったからだ。 結論から言うと、このゲームの主題歌である『花』について、往事は何とも思わなかったのが、今は「やばい!」と感じるようになった。そう、やばいのは涙腺だ。ゲームどころではなくなってしまう(笑) さて、冒頭はいつも通りの回り道をしてから、今日はEMETに追加されたEAF(Export Address Table Access Filtering)について紹介したい。ただ、EAFについて理解するためには、少し予備知識が必要だ。 一般に、いわゆるバッファオーバーフロー脆弱性を悪用す
I'm releasing a couple tools I use internally for Linux kernel exploit development: ksymhunter and kstructhunter. They're probably only useful for like ten people on the planet, but oh well, enjoy! ksymhunter Kernel symbols are definitely a useful resource when writing Linux kernel exploits. Whether you're looking for particular structures in kernel memory or pulling the old commit_creds technique
#Hyde v1.01 Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide ollyDbg from detection by the debugee. This is done by patching memory and apis, and the options (or patch sets) can be saved to file, for easy reloading. For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever
The Beta version of HoneySink is out! What is HoneySink? HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network. Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols. With configuration and scalability in mind, HoneySink was des
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く