Hello all! I’m cracking away on various projects and trying to keep focus. As I was going through my old notes, I came across a talk I wanted to give but could not due to my car accident and the subsequent down time caused me to forget. I wanted to cover making your own debugger […]
Hello again fellow readers and security enthusiasts. The last post was filler and I’m sorry for that. Today we’re going to go over some typical malware, start to finish. Exploit to C&C communication. We start with our exploit file. Java of course. Most of the time when I encounter a java file, it’s heavily obfuscated […]
Greetings and salutations. Today I’m going to be going over some malware I found in the wild. I found it after doing a search for ‘hack’ on the ‘rapidshare’ section of 4chan. With the name ‘SteamHackCount.exe’, being about 350 kb, and having the Apple icon? Totally legit right??? Opening the program in IDA showed the […]
Hello fellow readers, Its been a while since I’ve posted. Today at work I was going over malware already flagged by McAfee and sent to the quarantined folder. The way McAfee encrypts / encodes its quarantined files is pretty basic – XOR (exclusive OR) on each byte by the value of 0x6a (106 in decimal). […]
It happened again at work. This time twice the number of machines hit. The same people hit my company, and they took my advice when I last spoke to them – they obfuscated the executable to make it harder to perform a routine reverse engineering analysis. In this particular case, the obfuscation used was compiled […]
Howdy fellow crackers and hackers alike! Have I got a treat for you? A live botnet. The other day at work, I encountered a number of machines all attacking other hosts. Normally its just one machine, but this there were several. We isolated the exe responsible because it was eating up 100% CPU (not exactly […]
Hello everybody! Its been a wonderful new year. Full of new experiences and all that other stuff. Lately I’ve been running into a lot of .net stuff. Managed assemblies (compiled MSIL dlls) interacting with normal binaries as well as .net binaries. The beauty of it is most of the time, I can decompile them and […]
Hello everyone, Today we will be going over the answers to the test offered by Tenable / Nessus when you interview with them to be an appsec guy. I was told I was the first to ace all 3 tests, so I might as well be the first to spoil all 3 tests. What they […]
This week I encountered a password hash I hadnt seen in a while. Base64 with a twist. SmarterTools.com has a mail server called SmarterMail written in all .net. It stores its passwords in xml files in what looks to be base64, but not quite. Unlike most companies, I assume SmarterTools doesn’t know how to encrypt […]
GAHHH! The epitome of shitty design, aka baby’s first program also known as the wordpress plugin. There area SHITLOAD of these floating around the internet. Most of which promise the same shit – increased ad revenue, dumbing down an already easy to do process (such as auto-tweeting your lame posts), posting a bunch of […]