Archives/2015
|
Solution to DaXXoR 101's KeygenMe #3 Sun, 6 Dec 2015 17:31:00 +0000 My solution to DaXXoR 101's KeygenMe #3. Patch and develop a keygen. Interesting technique of integrity checking. |
|
Solution to andrewl.us' Crackme #1 Sat, 5 Dec 2015 17:32:00 +0000 My solution to andrewl.us' Crackme #1. This is easy and great for beginners to learn crypto basics and python scripting in IDA Pro. |
|
Solution to Borismilner's 4N006135 level4 crackme Tue, 1 Dec 2015 07:08:00 +0000 My solution to Borismilner's 4N006135 5th challenge. Very interesting crackme with self-modifying code and funny techniques. |
|
Solution to Profdraculare's keygenme228 Sat, 28 Sep 2015 20:44:00 +0000 My solution to Profdraculare's keygenme228 (crackmes.de). |
|
Solution to Borismilner's 4N006135 levels 0-3 crackmes Mon, 24 Nov 2015 20:30:00 +0000 My solutions to the 4 levels (levels 0 to 3) for Borismilner's 4N006135, hosted on crackmes.de. Excellent crackmes, thanks Boris! |
|
vik3790's Little Fish crackme Sat, 7 Nov 2015 15:13:00 +0000 My solution to vik3790's Little Fish crackme. A funny one! |
|
reZK2ll BeatME crackme Sun, 25 Oct 2015 17:46:00 +0000 A not so difficult crackme but some fun for the week-ends... |
|
Nuit du Hack 2012 Android Challenge Wed, 21 Sep 2015 11:50:00 +0000 Following my learning curve on Android/ARM, I decided to give a try to the Nuit Du Hack (NDH) 2012 Android Challenge. Already 3 years old but still worth trying. This application uses 2 interesting anti-debugging techniques, respectively based on the IMEI check and on the elapsed time between 2 checkpoints. I had a lot of fun making this challenge, and learned new things. |
|
Solution to FLARE-ON challenge 2015, challenge 6 Fri, 16 Sep 2015 18:15:00 +0000 After several weeks of hard work, learning about Android and ARM, I'm proud to post my solution to FLARE-ON challenge 2015, level 6. |
|
Solution to FLARE-ON challenge 2015, challenge 10 Sat, 03 Sep 2015 18:10:00 +0000 My solution to FLARE-ON challenge 2015, level 10. |
|
Solution to FLARE-ON challenge 2015, challenge 7 Mon, 28 Sep 2015 21:26:00 +0000 My solution to FLARE-ON challenge 2015, level 7. |
|
Solution to FLARE-ON challenge 2015, challenge 9 Fri, 25 Sep 2015 17:36:00 +0000 My solution to FLARE-ON challenge 2015, level 9. |
|
Solution to FLARE-ON challenge 2015, challenge 8 Fri, 25 Sep 2015 17:32:00 +0000 My solution to FLARE-ON challenge 2015, level 8. |
|
Solution to FLARE-ON challenge 2015, challenge 5 Fri, 25 Sep 2015 17:27:00 +0000 My solution to FLARE-ON challenge 2015, level 5. |
|
Solution to FLARE-ON challenge 2015, challenge 4 Fri, 25 Sep 2015 17:23:00 +0000 My solution to FLARE-ON challenge 2015, level 4. |
|
Solution to FLARE-ON challenge 2015, challenge 3 Fri, 25 Sep 2015 17:16:00 +0000 My solution to FLARE-ON challenge 2015, level 3. |
|
Solution to FLARE-ON challenge 2015, challenge 2 Fri, 25 Sep 2015 17:12:00 +0000 My solution to FLARE-ON challenge 2015, level 2. |
|
Solution to FLARE-ON challenge 2015, challenge 1 Fri, 25 Sep 2015 17:01:00 +0000 My solution to FLARE-ON challenge 2015, level 1. |
|
Solution to DevAstatoR's What do I want crackme Thu, 23 Jul 2015 07:14:00 +0000 The objective of this crackme (http://crackmes.de/users/devastator/what_do_i_want/) is to find the value of 2 fields to reveal a password. This challenge is interesting because it requires some reverse engineering of the code itself to understand what is required. |
|
Solution to LaFarge's crackme #2 Sat, 18 Jul 2015 07:14:00 +0000 The objective of this crackme is to crack the serial generation algorithm to find the appropriate serial from a given password and develop a keygen. |
|
Hiew, Hex editor and assembler/disassembler Tue, 25 Nov 2014 23:23:00 +0000 Hiew is an Hex editor and assembler/disassembler with following features: view and edit files of any length in text, hex, and decode modes; x86-64 disassembler & assembler (AVX instructions include); physical & logical drive view & edit; support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats; support for Netware Loadable Modules like NLM, DSK, LAN,...; following direct call/jmp instructions in any executable file with one touch; pattern search in disassembler; built-in simple 64bit decrypt/crypt system; built-in powerful 64bit calculator; block operations: read, write, fill, copy, move, insert, delete, crypt; multifile search and replace; keyboard macros; unicode support; Hiew External Module (HEM) support; ArmV6 disassembler. |
|
Shellshock Bash Vulnerability (CVE-2014-6271, CVE-2014-7169) Sun, 28 Sep 2014 10:52:00 +0000 Everything you should know about the Shellshock Bash Vulnerability (CVE-2014-6271 & CVE-2014-7169). |
|
Heartbleed Vulnerability (CVE-2014-016) Tue, 22 Apr 2014 07:02:00 +0000 On 2014 April 7th, a vulnerability about OpenSSL (CVE-2014-0160, TLS heartbeat read overrun) has been publicly disclosed. Heartbeat is a TLS extension that allows to ping and receive confirmation from the peer, and is described in RFC6520. This post explains the vulnerability in details. |
|
Analysis of CryptoLocker (MD5: 98c9676d887d024defc1d340bd723073) Sun, 13 Apr 2014 17:00:00 +0000 CryptoLocker is a ransomware trojan. It crypts personal data on the infected machine with a private RSA key stored on the remote C&C. The malware then displays a message which offers to decrypt the data if a payment of 400 USD is made by a stated deadline, and threatens to delete the private key if the deadline passes. |
|
Analysis of Worm:VBS/Jenxcus Thu, 27 Mar 2014 10:20:00 +0200 Worm:VBS/Jenxcus is a malware developed in VBScript by houdini. It uses a simple obfuscation technique based on the chr function. It posts sensitive data (Hardware ID, Hostname, Username, OS details, Antivirus, ...) to diana68.no-ip.biz on port 1177/tcp using the HTTP protocol. The malware has the ability to execute arbitrary commands, kill processes, send and receive files, enumerate files, processes and disk drives, delete files, ... |
|
Analyzing malware with SysAnalyzer Fri, 21 Mar 2014 11:29:00 +0200 SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. |
|
Alternate Data Stream (ADS) Wed, 12 Mar 2014 21:01:00 +0200 Alternate Data Stream (ADS) is a feature from Microsoft which purpose is to provide a compatibility with HFS, the file system management for Mac. It is well known from malware authors who can hide a malicious executable in a file. |
|
Analysis of a malicious PDF file Mon, 03 Mar 2014 08:21:00 +0200 I will describe the process of analyzing a malicious PDF file. For our analysis, we will need: the REMnux distribution (contains all below necessary tools), pdfid to identify objects in our PDF file, pdf-parser to list JavaScript objects, pdfobjflow to map the relationships between the PDF objects, jsunpackn to extract JavaScript contained in the PDF file, SpiderMonkey to run and de-obfuscate the JavaScript, sctest (libemu) to emulate the shellcode, command line tools (to convert our shellcode to various formats). |
|
Origami, a complete toolkit to analyze malicious PDF documents Mon, 30 Dec 2013 14:26:00 +0200 Origami is a Ruby framework for manipulating PDF documents. It features a PDF compliant parser and allows to analyze, modify or create malicious PDF files. Origami supports advanced features of the latest PDF specifications: Encryption (up to Adobe Reader X), Digital signatures, Forms (Acrobat and XML), JavaScript, Annotations, Flash, File attachments, Object streams. |
|
Analyze malicious Office documents with OffVis Thu, 26 Dec 2013 12:25:00 +0200 The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. |