Search Results for: pat
Fixing ‘Compatibility Mode grayed out’ or ‘Unable to enable Run as administrator’ on Vista / Windows 2008 Server
Ever wondered how you can set Compatibility Mode on executables under Vista / Windows 2008 server when the settings (or even the entire tab) has been disabled ? Or make the application “run as administrator” permanently, and you’ve found that this setting is disabled ? All of the settings in the Compatibility tab can be […]
Windows 10 egghunter (wow64) and more
Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn’t mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it’s a good practise to try to avoid egghunters if you can, as they tend to […]
Windows 10 x86/wow64 Userland heap
Introduction Hi all, Over the course of the past few weeks ago, I received a number of “emergency” calls from some relatives, asking me to look at their computer because “things were broken”, “things looked different” and “I think my computer got hacked”. I quickly realized that their computers got upgraded to Windows 10. We […]
EncFSGui – GUI Wrapper around encfs for OSX
Introduction 3 weeks ago, I posted a rant about my frustration/concern related with crypto tools, more specifically the lack of tools to implement crypto-based protection for files on OSX, in a point-&-click user-friendly way. I listed my personal functional and technical criteria for such tools and came to the conclusion that the industry seem to […]
How to become a pentester
Intro I receive a lot of emails. (Please don’t make it worse, thanks!) Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members […]
Analyzing heap objects with mona.py
Introduction Hi all, While preparing for my Advanced exploit dev course at Derbycon, I’ve been playing with heap allocation primitives in IE. One of the things that causes some frustration (or, at least, tends to slow me down during the research) is the ability to quickly identify objects that may be useful. After all, I’m […]
CSO : Common Sense Operator/Operations
As the CSO/CISO/person responsible for Information Security, your job is to… well … do you even know? Does upper management know? “Our crappy CSO …” and “Our stupid CSO …” are statements commonly used by various (techie) people, throwing their hands up in despair, attempting to prove that their CSO doesn’t understand technology and has […]
HITB2014AMS – Day 2 – Keynote 4: Hack It Forward
Good morning Amsterdam, good morning readers, welcome to the second day of the Hack In The Box conference. The speaker for the first keynote didn’t show up, so we’ll jump right into the next keynote. Jennifer starts her keynote by explaining that she’s fortunate to be able to travel to a lot of conferences and […]
HITB2014AMS – Day 1 – State of the ART: Exploring the New Android KitKat Runtime
Good afternoon and welcome back to Hack In the Box. I can’t think of anything better than a talk on ART, the new Android KitKat Runtime, to digest lunch :) Intro ART was introduced in Android 4.4 back in October 2013 and although it is still in an experimental stage, it’s poised to replace Dalvik […]
HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing
Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs. Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]
Donate
Your donation will help funding server hosting.
