Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. Sangavi

    illegal or not ?

    and and and There is only one right answer for all this: It all depends heavily on the country they are in, and even within that country it heavily depends on the state and jurisdiction they are in. The laws for cases like these vary wildly from county to county and city to city within even the same state, and the only way to get the proper answer would be to consult a good attorney in your area conversant with all these nuances. While this would not be a cheap option, only a good attorney would be able to suggest the best course of action and also explain the various legal remedies one can use in the situation. I realize that you clearly mentioned that it is a hypothetical scenario but even then, without many, many details, only various (mostly invalid) speculations and opinions can be offered.
  3. Progman

    illegal or not ?

    Yea this falls under whistleblower case. Can anonymously inform the press, the company who was ripped off, or his own legal or HR department. Or can choose to forget about it.
  4. Yesterday
  5. LCF-AT

    IP6 vs IP4 issues....?

    Hi again, thanks for answering so far.I still dont check that 4. parameter.I was checking Curl again and see that the 4. param points at the end to the same address like param 3 has just with -4 = over it but nothing is into.Just like that in visual style.... ------------------- | Param4 | ------------------- | Param3 | | | | | | | ------------------- ....and in addresses.... $ ==> > 0059D789 RETURN to curl.0059D789 from WS2_32.getaddrinfo $+4 > 01017BF0 ASCII "google.com" $+8 > 0356FBD4 RETURN to 0356FBD4 $+C > 02F19A14 $+10 > 0356FBA8 RETURN to 0356FBA8 Param3 $ ==> 02F19A14 00000000 ai_flags $+4 02F19A18 00000002 ai_family $+8 02F19A1C 00000001 ai_socktype $+C 02F19A20 00000000 $+10 02F19A24 00000000 $+14 02F19A28 00000000 $+18 02F19A2C 00000000 $+1C 02F19A30 00000000 $+20 Param4 0356FBA8 0356FBD0 to 0356FBD0 02F19A10 = Param3 address -4 $ ==> 02F19A10 00000000 <--- on top over struct!?But nothing into. ------------------------------------------ $+4 02F19A14 00000000 <--- Param3 addr $+8 02F19A18 00000002 $+C 02F19A1C 00000001 $+10 02F19A20 00000000 $+14 02F19A24 00000000 $+18 02F19A28 00000000 $+1C 02F19A2C 00000000 $+20 ...and the function param4 said..... ppResult A pointer to a linked list of one or more addrinfo structures that contains response information about the host. So is this now called linked?Using those 2 extra pointer addresses in param4 which points at the end to the ADDRINFOA struct -4h on param3? Hhmm.So I think that the fourth paramter isnt really important (to use as linked style) when just requesting on single filled ADDRINFOA struct.Not sure about that.Maybe anyone could post a example about a filled / pointed linked list to see how it would look and how to create it. greetz
  6. https://www.reuters.com/article/us-maxim-intg-m-a-analog-devices/chipmaker-analog-devices-to-buy-rival-maxim-for-about-21-billion-idUSKCN24E14B bonus Microsoft Worked with Google to Bring PWAs to the Play Store - thurrott.com/dev/237715/microsoft-worked-with-google-to-bring-pwas-to-the-play-store I Know What You Download on Torrent - iknowwhatyoudownload.com
  7. kao

    illegal or not ?

    Let me play a devil's advocate here. ...looks like the engineer is an entitled SJW from the snowflake generation. Engineer can bring it up with legal department (or HR, or follow whatever whistleblower process is in place in the company). Most likely outcome is that he'll upset his manager, his managers manager and few other people. As a result he'll be no longer welcome in this company. Will his actions change the company's product? F*ck, no. Or the engineer can STFU and do his job. After all, this is what he's being paid for.
  8. evlncrn8

    illegal or not ?

    oh that i totally agree with. very common in corporates and the nice people are on much lower salary and utreated like slaves
  9. Kurapica

    illegal or not ?

    Judging by my short experience in corporate environments, I found that people who work in IT are the scum of humanity. It could be different somewhere else, but It's an environment where people prey on each other to climb the stairs.
  10. apologies to mods if duped but it didnt seem to post the first time and didnt show in my activity hypothetical (for the time being) company W employed a reverse engineer, and often had him work while on sick leave, this tome they had him reverse engineer and document a product from company D (asian company too), the engineer documented the findings but was then pushed (supervisor was bossy and aggressive) to write a poc, which he did, under duress .. the poc was then taken and added to production code and company a then made a big song and dance about their new. .net tech to customers.. there was no clean room exchange or anything like that, the pm claims he sees no illegality... the engineer thinks this is a blatant case of ip theft what should the engineer do ?
  11. CodeExplorer

    Music Tips

    Some of my music I listen: Papa Roach 'Periscope' feat Skylar Grey Amaranthe - Amaranthine Bad Wolves - Hear Me Now feat. DIAMANTE (Official Video)
  12. JMC31337

    IP6 vs IP4 issues....?

    “ai_protocol = IPPROTO_ICMP ? <-- why this?“ 0316F8A4 will hold all the data returned back from your PARAM3 however you showed me the wrong memory buffer “ADDRINFOA struct paramter 4 $ ==> 02B596D0 00000000 $+4 02B596D4 00000000 $+8 02B596D8 00000000 $+C 02B596DC 00000001 ai_protocol = IPPROTO_ICMP ? <-- why this?” The right param4 buffer -> 0316F8A0 0316F8A4 which is why in your second example: “here I just entered a free address in parm 4 which points to just zero bytes” You manually changed the pointer to point to a memory buffer that will hold all those returned bytes - in your case they were already 00’s Why curl did the icmp I dunno ... does it ping a port before the GET I dunno and I haven’t looked at it’s source code sorry
  13. Last week
  14. LCF-AT

    Music Tips

    Hi guys, I found a new song which came out last year but didn't heard it before. Pretty hot dance track and I love it, hehe. The original song sounds already pretty disco but this remix by "Purple Disco Machine" puts another shovel on it. So both versions are just great! ....below the hot remix..... greetz
  15. sandboxie-plus/Sandboxie Release v0.3 / 5.42 https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.3
  16. atom0s

    Deno

    Would recommend avoiding this for the time being. Deno is a re-envision of NodeJS, created/founded by the original creator of NodeJS. However, the project is more of a dictatorship now than being an open source community collaboration. Safety/security are also not something I would say this project actually is, and rather just a buzz-word way of saying, "If you don't enable anything and basically have a useless shell of an application; it's secure!". Majority of any real-world usage out of this will require various flags be enabled that completely diminish the security aspect of it. The way imports/third-party libraries is handled is done via remote URL inclusions directly from your source code. Rather than allow any means of locking things down in a sensible way, the author has decided third-party includes are allowed to break the mixed-mode browser security implications and inherit from insecure sources. So importing a library you assume is safe via an HTTPS url can then itself import insecure libraries. Would say more than half their GitHub issues are revolved around this security problem and the creator has basically said 'deal with it' because normal JavaScript <script> tags allow for http includes, therefore he sees it as 'fine'. Give the project a lot more time to mature and break from the chains of the main guys "final say" over things and become an actual community project before bothering with it, imo.
  17. whoknows

    Deno

    Is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Secure by default. No file, network, or environment access, unless explicitly enabled. https://deno.land/ 65k stars @ https://github.com/denoland/deno
  18. https://www.commanderx16.com/
  19. On the topic of PHP, they are also potentially adding a JIT compiler in PHP 8.0 https://stitcher.io/blog/php-jit https://wiki.php.net/rfc/jit
  20. https://news-web.php.net/php.internals/110907
  21. Gh05st

    Set a breakpoint for a visual element in x64dbg

    Another thing: You can use a spy utility like Winspector (mentioned earlier) to find the correct window handle BUT, also to get the WM message being used. The WM message might not be WM_COMMAND as it usually is, most developers that write code that they don't want analysed will perform various methods to make it as hard as possible for you to reverse their software. Or they will use 3rd party software to jummble the code and lots of other methods invented to detect and avoid debuggers. In this case you might find that the code you are looking is in weird places and started by windows messages other then the usual ones. If you had to add message breakpoints for every message type it would be frustrating AF. So open Winspector and find the correct handle using the "Click and drag" function. then right click and select 'Message' -> a new window will open. The idea is to get all the windows messages being sent by that particular handle to windows API's so you can track down which message is being used. These spy utilities are often glitchy and I ran into a problem as I was writing this article. I tried to get the messages being sent by notepad.exe and came up with no output. Turns out it was the architecture of the notepad executable being used by windows 10. I haven't don't the research on exactly why this is happening but using ...\system32\notepad.exe (which is supposed to be the x86 architecture) I got no output from a 64bit OS but got output from ...\SysWow64\notepad.exe (the x64 version). Anyway if I want to find the message that corresponds to typing the letter 'a' into the notepad editor, it will go something like this: 1.jpg: all messages displayed with no filter 2.jpg: after message filter was applied to capture the message for capturing a keydown event when I type something into the textbox ('a' key was pressed) I hope this helps you
  22. reaction31

    intellilock 2.8.5.0?

    Hello, anyone able to unpack intellilock 2.8.5.0? Unfortunately Anti Tamper does not get up.
  23. Gh05st

    Set a breakpoint for a visual element in x64dbg

    Also, here is a list of common windows messages https://wiki.winehq.org/List_Of_Windows_Messages I'm assuming you're using windows
  24. Gh05st

    Set a breakpoint for a visual element in x64dbg

    Here: https://x64dbg.com/blog/2017/07/07/messages-breakpoints-in-x64dbg.html This will probably be the best guide you can ask for
  25. Gh05st

    Set a breakpoint for a visual element in x64dbg

    Easiest way if the program was written in an event based programming language is to use a message breakpoint. In x64dbg go to the Handles tab and refresh, select the correct window Handle (use Winspector to get that info) for the element you want and then right click on it and set a memory breakpoint to trigger on that instance only and on the correct windows message. WM_LBUTTONUP/DOWN is a common event, others are WM_COMMAND etc. To test: select a textbox Handle and set a memory breakpoint for WM_KEYUP, the program should pause right after you release the key from keyboard. The program will break inside windows API code, chances are you will want to be in user code if the program isn't using anti anti-debug techniques To get inside user code from where the code breaks is as simple as using a shortcut Alt+F9 (Run to user code), that will drop you exactly where you want to be, or at least as close as you can get with a memory breakpoint
  26. BlackHat

    Unpack Challenge (Agile.NET)

    Lots of Love for Your Work. ❤️
  27. GameHackerPM

    Unpack Challenge (Agile.NET)

    I still couldn't fix the delegates (Methods VM) , I sent you a message via Email, please check it.
  28. N0P/ribthegreat99

    Unpack Challenge (Agile.NET)

    https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator @GameHackerPM @BlackHat To fix delegates, controlflow, and strings here yous go ive made a tool with many comments to help you understand!
  1. Load more activity
×
×
  • Create New...