Main Page

From aldeid
Jump to: navigation, search

Pentesting   •    Network   •    Web Hacking   •    Digital Forensics   •    Reverse Engineering   •    Malware

send me a mail follow me on twitter follow me on facebook linkedin profile subscribe rss feed follow me on youtube follow me on google+


Solution to DevAstatoR's What do I want crackme

Thu, 23 Jul 2015 07:14:00 +0000

The objective of this crackme ( is to find the value of 2 fields to reveal a password. This challenge is interesting because it requires some reverse engineering of the code itself to understand what is required.

Read more


Solution to LaFarge's crackme #2

Sat, 18 Jul 2015 07:14:00 +0000

The objective of this crackme is to crack the serial generation algorithm to find the appropriate serial from a given password and develop a keygen.

Read more


Hiew, Hex editor and assembler/disassembler

Tue, 25 Nov 2014 23:23:00 +0000

Hiew is an Hex editor and assembler/disassembler with following features: view and edit files of any length in text, hex, and decode modes; x86-64 disassembler & assembler (AVX instructions include); physical & logical drive view & edit; support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats; support for Netware Loadable Modules like NLM, DSK, LAN,...; following direct call/jmp instructions in any executable file with one touch; pattern search in disassembler; built-in simple 64bit decrypt/crypt system; built-in powerful 64bit calculator; block operations: read, write, fill, copy, move, insert, delete, crypt; multifile search and replace; keyboard macros; unicode support; Hiew External Module (HEM) support; ArmV6 disassembler.

Read more


Shellshock Bash Vulnerability (CVE-2014-6271, CVE-2014-7169)

Sun, 28 Sep 2014 10:52:00 +0000

Everything you should know about the Shellshock Bash Vulnerability (CVE-2014-6271 & CVE-2014-7169).

Read more


Heartbleed Vulnerability (CVE-2014-016)

Tue, 22 Apr 2014 07:02:00 +0000

On 2014 April 7th, a vulnerability about OpenSSL (CVE-2014-0160, TLS heartbeat read overrun) has been publicly disclosed. Heartbeat is a TLS extension that allows to ping and receive confirmation from the peer, and is described in RFC6520. This post explains the vulnerability in details.

Read more


Analysis of CryptoLocker (MD5: 98c9676d887d024defc1d340bd723073)

Sun, 13 Apr 2014 17:00:00 +0000

CryptoLocker is a ransomware trojan. It crypts personal data on the infected machine with a private RSA key stored on the remote C&C. The malware then displays a message which offers to decrypt the data if a payment of 400 USD is made by a stated deadline, and threatens to delete the private key if the deadline passes.

Read more


Analysis of Worm:VBS/Jenxcus

Thu, 27 Mar 2014 10:20:00 +0200

Worm:VBS/Jenxcus is a malware developed in VBScript by houdini. It uses a simple obfuscation technique based on the chr function. It posts sensitive data (Hardware ID, Hostname, Username, OS details, Antivirus, ...) to on port 1177/tcp using the HTTP protocol. The malware has the ability to execute arbitrary commands, kill processes, send and receive files, enumerate files, processes and disk drives, delete files, ...

Read more


Analyzing malwares with SysAnalyzer

Fri, 21 Mar 2014 11:29:00 +0200

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system.

Read more


Alternate Data Stream (ADS)

Wed, 12 Mar 2014 21:01:00 +0200

Alternate Data Stream (ADS) is a feature from Microsoft which purpose is to provide a compatibility with HFS, the file system management for Mac. It is well known from malware authors who can hide a malicious executable in a file.

Read more


Analysis of a malicious PDF file

Mon, 03 Mar 2014 08:21:00 +0200

I will describe the process of analyzing a malicious PDF file. For our analysis, we will need: the REMnux distribution (contains all below necessary tools), pdfid to identify objects in our PDF file, pdf-parser to list JavaScript objects, pdfobjflow to map the relationships between the PDF objects, jsunpackn to extract JavaScript contained in the PDF file, SpiderMonkey to run and de-obfuscate the JavaScript, sctest (libemu) to emulate the shellcode, command line tools (to convert our shellcode to various formats).

Read more

Older entries »