Here we are finally at the last part of my series on backdooring dll files. I wanted to cover again detours as a means of backdooring dll files and executables. A fellow 2600 member I spoke to asked me the other day about what it would take to modify an exe without changing it on […]
Today I have some good news. Backdooring a dll file is a lot easier than I first made it out to be. Especially if we skip the bullshit of the IAT and take advantage of shellcode. There are problems with using shellcode – size constraints are different. In my previous example, I didn’t need much […]
Finally, I’m done with this my crypter. I’ve written the entire thing in a mish mash of C#, C, and assembly. The crypter I made modifies exes, packs them, and adds AV / VM / Sandbox / debugging evasions inside of a wrapper. I’m employing a basic process hollowing technique for the payload that is […]
Modems Do you have cable internet? Own a surfboard modem? Since most of my buddies in AZ do, I sent them to this page and to my amusement, they got knocked off the net for a few minutes. How? Javascript. Specifically a CSRF in the Motorolla Surfboard. The Surfboard cable modem offers little in functionality […]
Hello fellow readers! You all are probably wondering what the hell I’ve been up to this past month. Lot’s of stuff. This post is all over the place with code and slides and malware and general wackiness. Rather than spreading it out over several blog posts, I decided to just get it all over with […]
Salutations fellow hackers and crackers alike! Over the past few months I’ve been off and on writing a remote key logger. Why? Just to keep sharp I guess. How can we hope to stay on top of malware trends if we don’t attempt to think like the enemy? The fine line between white hat and […]
Howdy fellow h4x0rs & Cr4x0rs alike! Today I ran into some vmware aware malware and it threw me off until I ran procmon and apispy. I had to patch the program to skip the checks, but I don’t want to get into that. Instead, let’s cover what this malware was checking. First off, it was […]
Hello loyal readers. Good news! I’ve been picked to speak at ToorCon in San Diego next month in October. I will be going over my findings in malware that manages to slip by FireEye undetected. A chink in the armor of one of the most powerful (and expensive) malware appliances out there. But enough about […]
Hello again loyal readers. I’ve had a lot of ideas rattling around in my head lately. Malware related things. For example, what if someone used Gopher for C&C? Who the hell uses gopher anymore? The API’s for handling gopher, while deprecated, are still around. Though you would probably have to load it from an older […]
Hello again people! I’ve been busy lately with my awesome job giving me free time to code things up. I’ve constructed a raw TCP packet builder in C# for the hell of it. I coded this up using winpcap to test a topic I saw at Defcon this year. It was said a vulnerability exists […]