Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge... Read more

March 21th I was in Paris for the annual Honeynet Workshop. For the first time this year there was a conference day accessible to the general public. Moreover, I didn't have to pay the registration fee since I successfully completed one of the Honeynet Forensics challenges. The day was split in 4 sessions and had talks covering the Honeynet projects, malware, and ethical and legal considerations of tracking botnets and eventual take-downs. Read more

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person. Today, we want to present a tool that can be added to your reconnaissance toolkit. Read more

Having missed the IOActive party last night, I woke up fresh and sharp and ready for some kick-ass debugger stuff so I decided to start my second day at BlackHat Europe 2011 with attending the Cisco IOS fuzzing & debugging talk. Read more

After having breakfast, chatting with ping and hanging out with @kokanin, @xme and @wimremes, it was time to start attending the various talks. So, as promised in yesterdays preview, what follows is the report of my first day at Black Hat Europe 2011. Read more

Things change. 11 months have passed since a lot of people found themselves trapped all over Europe (including Barcelona) because of a little volcano ash cloud thingy. This is 2011. This time BlackHat anticipated and outsmarted nature by rescheduling the Europe briefings to march (instead of april). Read more

Aloha, Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF. And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video. Read more

After spending a few hours fighting a battle against Snorby and Apache2 + Passenger, I finally managed to get it to run properly on my Ubunty 10.x box (32bit). Looking back, I figured I might not be the only one who is having issues with this. So I decided to publish the notes I took while setting everything up, and as a little bonus, explain how to install and configure Suricata as well (configured in combination with barnyard2 which will pick up local logs and send them to the remote MySQL server). Read more

A while ago I stumbled upon an awesome write-up of a very nice CTF challenge created by sapheads: http://hackerschool.org/DefconCTF/17/B300.html I love cartoons, and I love reversing, so I decided to play a little bit with that binary (b300.exe) which was a lot of fun. Because some interesting anti-debugging tricks were implemented into the binary... Read more

Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it "EGYPTS-AIRWAYS", set up a honeypot + some other monitoring tools, and connected it to the internet. Read more