Challenge 1: –[—–>+—-.[—>+—-.+++[->+++++.++++++++.+++++.——–.-[—>+–.+[->++++.++++++++.–.+++++.——-.–.—-.–[—>+–.++++++. Answer: brainfuckingeasy Challenge 2 – “simple” xor crackme with a 55 character password. May make this a higher challenge. Answer: “Waxing my car will not result in expert karate training” challenge 3 – C app, createthread, easy to solve with ida and hex editor or debugger. Change the timeout for WaitForSingleObject to […]
Greetings and salutations! One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough. So to fix this, I have come up with a half-ass solution. For those wondering how to decrypt SmarterMail hashes, […]
Salutations fellow readers. I hope some of you saw me speak on JoeCrypter last week at CactusCon. As for the slides from my talk, you can view them here. For those who don’t know, I wrote the reverse engineering challenges this year for the CTF. Most of them were solved, but not all. Perhaps some […]
Greetings and salutations fellow readers. Recently I’ve had to step into the awful world of kernel debugging. When malware drops a rootkit and conventional userland debugging falls short, you have to step into ring 0. Unfortunately, options are rather limited when it comes to decent ring0 debugging on windows. What’s that one debugger everyone’s heard […]
Back for part 2 are we? Let’s get this show on the road. We’ve seen how awful the first piece of malware was in terms of how it was thrown together in all but 10 minutes, but you aint seen nothing yet. The next one actually embeds passwords inside and even email addresses. After that, […]
Howdy all! On this glorious Saturday night we’re going to go over how to unpack the ‘Local-App-Wizard’ packer. The way the packer works is by creating a suspended process of itself, hollowing it out / allocating the space with memory mapped files, and writing the contents of the unpacked version of itself to this newly […]
Some may say this is crazy, I call it Wednesday. This came across my desk yesterday and I worked it out today. It came as the payload following a java exploit from an old 2012 CVE (SecurityManager one I think). I’m calling it 0day because there were no listing for the exe in VirusTotal / […]
Hello again fellow readers and security enthusiasts. The last post was filler and I’m sorry for that. Today we’re going to go over some typical malware, start to finish. Exploit to C&C communication. We start with our exploit file. Java of course. Most of the time when I encounter a java file, it’s heavily obfuscated […]
Hello again! It’s been a busy week at work. Lots of unique malware. As you may or may not know, malware uses non-conventional things to stay hidden and throw off heuristic analysis. I see weird stuff. Instructions that make no sense in context like the ‘out’ instruction, blocks of code which perform floating point arithmetic […]
Hello people! Long time, no update. I am sorry for that. I’ve been working at my new job and have been focusing my time on video games and women. The bane of all procrastination. I’ve been hammering away at my brutus app every time I get the chance. With the basic auth stub out of […]