Toorcon 16 Videos
Like I said I would, here are the talks!
Author: averagejoe
Toorcon 16 slides and code
For those of you whom saw me at ToorCon and those of you who wish they could have, Here are my slides, and here are my code notes(pass is infected). I also had a 90 minute seminar on reverse engineering malware for newbies. Here are the slides and here are the samples / crackmes /tools. […]
Damn You SourceForge
SourceForge has been around as long as I can remember. Bringing open source projects to the world for people to download and peer at source code and projects. With github taking over in popularity, the need for SourceForge has dwindled. Slashdot owns SourceForge now (or maybe they always have? I don’t recall). So what brings […]
Syser + VirtualBox = Win
Greetings and salutations fellow readers. Recently I’ve had to step into the awful world of kernel debugging. When malware drops a rootkit and conventional userland debugging falls short, you have to step into ring 0. Unfortunately, options are rather limited when it comes to decent ring0 debugging on windows. What’s that one debugger everyone’s heard […]
Friday night coding
This is how I spent my Friday night – I was sipping some delicious liquor and thinking about how crappy XOR encryption is unless the key length is high. Then I thought to myself “What if there was a dynamic xor key for each shift?”. Then I thought “I really should be out meeting the […]
Quicky utility plus updates
It’s been a while, so its time to update the blog. Here’s a quick utility I wrote for finding hard coded addresses of functions within loaded modules. What possible reason could there be for hard coding addresses? Shell code mostly. Even then, most decent shellcode will not bother hard coding any addresses as it makes […]
Syrian Malware 2 – Electric Boogaloo
Back for part 2 are we? Let’s get this show on the road. We’ve seen how awful the first piece of malware was in terms of how it was thrown together in all but 10 minutes, but you aint seen nothing yet. The next one actually embeds passwords inside and even email addresses. After that, […]
HOPE X and stuff
Salutations! HOPE X, my first HOPE went pretty well. I wanted to speak on an official capacity, however was rejected. I instead had to settle for an impromptu speech in one of the other rooms. I spoke on the basics of breaking apart malware and made the most of what little I had. Aside from […]
Syrian Malware
Howdy all! Today we’re going to go through some malware straight out of the armpit of the world – Syria. There are of course hurdles to this – namely language barriers. A lot code I run into has Arabic characters, but the code is functionally the same. As you may (or not) know, there is […]
Server Side Deception Masquerading Your Server
The other day a colleague of mine asked how I keep my web server secure, short of keeping up to date on patches and shit. This is what I told em – you can fool a lot of people if you know what you’re doing with your server. Automated tools identify server software by the […]