One Flew Over The Cuckoos Nest - Automated Malware Analysis

Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project.  He works with malware on a daily basis, maintains malwr.com Read more

WinRT : The Metro-politan Museum of Security

Sébastien Renaud and Kévin Szkudlpaski start their talk by introducing themselves.  They both work as Security Researcher at Quarkslab, focusing on reverse engineering, dissecting network protocols and file formats. They will Read more

Introduction

Good morning everyone,

After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Read more

In less than a week from now, Hack In The Box Amsterdam will open its 2012 edition. The conference will take place in the Okura Hotel, and features 3 days of training, 2 days of quad-track talks, a CTF and HackWEEKDAY, a 12 hour hackathon hosted alongside the actual confererence. The line-up looks promising... Read more

In this post, we'll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme. Put simple, the program creates a key for your username, and compares it to the one you enter. The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password. Read more

Good morning,

Since doing live-blogging seemed to work out pretty well yesterday, I'll do the same thing again today.  Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam.

The first talk Read more

Welcome back friends, at day 2 of BlackHat Europe 2012, held in the Grand Hotel Krasnapolsky in the wonderful city of Amsterdam.

Today, I'm going to do things slightly different.  I will try to post write-ups immediately after Read more

 

Introduction - Back in Amsterdam !

After a 2 year detour in Barcelona, BlackHat Europe has returned to Amsterdam again this year.

After spending a few hours on the train, checking in at The Grand Hotel Krasnapolsky,   Read more

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located. Read more

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions. Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail. Of course, you can probably derive how it works by looking at those public exploits. With this tutorial, I'm going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms. I'll start with some "ancient" techniques (or classic techniques if you will) that can be used on IE6 and IE7. We'll also look at heap spraying for non-browser applications. Next, we'll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8. I'll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9. Read more