Search Results for: pdf
Malicious pdf analysis : from price.zip to flashplayer.exe
This morning, my generic attachment filter for MS Exchange reported that about 100 emails were put in quarantine because they contained a small zip file.
When looking inside the zip file, I found a small pdf file… I immediately figured this file was up to no good, so it was time to get my hands dirty :)
Continue reading
Windows 10 egghunter (wow64) and more
Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn’t mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it’s a good practise to try to avoid egghunters if you can, as they tend to […]
HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing
Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs. Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]
HITB2014AMS – Hack In The Box / Haxpo 2014 Amsterdam
Dear friends, I’m getting ready for a short trip to Amsterdam, to attend the 5th Hack In The Box conference tomorrow … and I’m “hashtag” excited about it. HITB Haxpo and HITB2014AMS feature and amazing schedule of talks, an impressive selection of speakers and offers numerous side-events and I really can’t think of a better place […]
Root Cause Analysis – Integer Overflows
Table of ContentsForewordIntroductionAnalyzing the Crash DataIdentifying the Cause of ExceptionPage heapInitial analysisReversing the Faulty FunctionDetermining ExploitabilityChallengesPrerequisitesHeap BasicsLookaside ListsFreelistsPreventative Security MeasuresSafe-UnlinkingHeap CookiesApplication Specific ExploitationThoughts on This AttackGeneric Exploitation MethodsLookaside List OverwriteOverviewApplication Specific TechniqueWhy Not?Brett Moore: Wrecking Freelist[0] Since 2005Freelist[0] Insert AttackOverviewApplication Specific TechniqueWhy Not?Freelist[0] Searching AttackOverviewApplication Specific TechniqueWhy Not?ConclusionRecommended Reading Foreword Over the past few years, […]
Root Cause Analysis – Memory Corruption Vulnerabilities
Introduction For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities of crashes, even for heavily targeted applications, was easy. However, determining the exploitability of these crashes, […]
HITB2012AMS Day 2 – Attacking XML Processing
Attacking XML Processing Dressed in a classy Corelan Team T-Shirt, Nicolas Grégoire kicks off his presentation by introducing himself. Nicolas has been asked by a customer to audit some XML-DSig applications 18 months ago and found a number of bugs. This triggered him to do more research on this topic. This technology is present in […]
HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest
One Flew Over The Cuckoos Nest – Automated Malware Analysis Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project. He works with malware on a daily basis, maintains malwr.com and is the main developer of the Cuckoo Sandbox, which is also the main topic of his talk. […]
HITB2012AMS Day 1 – Intro and Keynote
Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Grégoire, Andy Ellis, Didier Stevens, and some other folks, conference time has arrived. With the conference taking place […]
BlackHat EU 2012 – Day 1
Introduction – Back in Amsterdam ! After a 2 year detour in Barcelona, BlackHat Europe has returned to Amsterdam again this year. After spending a few hours on the train, checking in at The Grand Hotel Krasnapolsky, getting my ‘media’ badge (thank you BlackHat) & grabbing a delegate bag, and finally working my way […]
Donate
Your donation will help funding server hosting.
