Reverse Engineering Articles

An interesting read up on SSD forensics... />http://resources.infosecinstitute.com/ssd-forensics/ Ted.

It is similar to, but different from the one i disclosed in the previous post. The previous one occurs when OllyDbg tries to grab .sym files, but this one occurs when OllyDbg tries to grab .udd files. Similar to .sym files, .udd files are grabbed for all loaded modules, including dynamically loaded ones, which gives us the chance to use this buffer overflow as an anti-debug method. To exploit this buffer overflow, all you have to do is create a .dll with length of 0x102 bytes and then LoadLibrary it. N.B. ollydbg.exe must reside in a directory with length of 0x29 bytes or more, e.g. "D:\Documents and Settings\Administrator\Desktop\odbg110". Further details: http://…

It is a buffer overflow in ollydbg v1.10. It occurs when olly tries to find the .sym file for the being-loaded module. POC: />http://ollytlscatch.googlecode.com/files/trick.exe />https://docs.google.com/document/d/1T5LPY3qDkxmR1XVgxnsKW42lggS5iSjtQwFXOtNfqMM/edit Further details: />http://waleedassar.blogspot.com/2011/12/new-ollydbg-anti-debug-trick.html />http://www.virustotal.com/file-scan/report.html?id=97f2c22d3fde1db56aaef4e555e32927d0a0087e7e92d369093ac5ac749e83d9-1324964958

This makes for interesting reading... Exploring new lands on Intel CPUs (SINIT code execution hijacking) />http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf/>http://theinvisiblethings.blogspot.com/2011/12/exploring-new-lands-on-intel-cpus-sinit.html Ted.

If you're someone who already has a reasonable grasp of reverse engineering and malware analysis, I need your help. I need you to help train more people like yourself. More likely than not you're "self-taught". Except, when you were teaching yourself you were probably actually relying in large part on the help of others. They freely posted zines, articles, and blog entries. They and answered questions in forums, email lists, and in person. Eventually, once you were confident enough to believe you would be right more often than wrong, you might have tried to pay it forward and share your knowledge back to others. If so, you're the type of person who is needed. We need peop…

http://dreamofareverseengineer.blogspot.com/2011/10/unpacking-custom-packers.html

/----------------------------\ | * UIC Reversing FTP v3.0 * | | | | -=[ Zero_G ]=- | \----------------------------/ ** Welcome to the UIC Reversing FTP v2.0! ** Here you will find everything you need for your reversing pleasure! :-) If you want to share something with the community, feel free to put it in the "_UPLOAD_" folder (write permission enabled) ... I will reorganize data every week! -=[Zero_G]=- zerorev.net

XBox 360 Reset Glitch Hack >http://www.youtube.com/watch?v=JyYdL4L6vwE&feature=player_embedded Download Links: http://www.libxenon....h_hack_v1.0.rar http://libxenon.org/...146.0;attach=61 Ted.

Well after the disappointing take down of Crackmes.de I took it upon myself to mirror the crackmes (thanks for the inspiration @darelgrif) as well as the solutions that were on that site. Please find the following linked zip that contains almost 1000 crackme’s for all levels. Please enjoy and mirror/spread. Author : Malware Ninja Author website : http://crackmes.de/ Download : http://tuts4you.com/request.php?3152

to be found here: http://shell-storm.org/papers/index.php?lg=englishVery interesting papers, focusing mainly on application security / exploitation.

It's a bit of a tacky title but the talk is very nice. Starts with a pretty good intro to how handles work inside the windows subsystem and how sessions and desktops come into all of this. />http://www.archive.org/details/Shattering_the_Windows_Message_Passing_Architecture_and_Security_Model

GoVirtual® CloudCrack />http://www.govirtual.tv/CloudCrack.php Ted.

SERSC is an international center for supporting distinguished scholars and students who are researching various areas of Science and Technology. SERSC wishes to provide good chances for academic and industry professionals to discuss recent progress in various areas of Science and Technology. SERSC organizes many international conferences, symposia and workshops every year, and provides sponsor or technical support to researchers who wish to organize their own conferences and workshops. SERSC also publishes high quality academic international journals in various areas of Science and Technology. Journal Aims Our Journal provides a chance for academic and industry profession…

Public Key Infrastructure (PKI) />http://softwarekishorekoney.blogspot.com/2010/05/public-key-infrastructure-pki.html

ʻpyREticʼ – In memory reverse engineering for obfuscated Python bytecode />http://www.defcon.org/images/defcon-18/dc-18-presentations/RSmith/DEFCON-18-RSmith-pyREtic.pdf

4x5: Reverse Engineering Automation with Phyton: />https://www.blackhat.com/presentations/bh-usa-07/Carrera/Presentation/bh-usa-07-carrera.pdf

Python Reverse Engineering - PyHooks: />http://www.manaware.net/reverse-engineering/pyhooks.html

Gray Hat Python: Python Programming for Hackers and Reverse Engineers />http://avaxhome.ws/ebooks/eLearning_book/information_technologies/1593271921.html

Hacking the Pirates of the Caribbean Online MMORPG />http://dvlabs.tippingpoint.com/blog/2008/06/23/hacking-the-pirates-of-the-caribbean-online-mmorpg

Google Fuzzing at Scale Adobe Flash />http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html Ted.

NTRUEncrypt Public Key Cryptosystem />http://en.wikipedia.org/wiki/NTRUEncrypt/>http://sourceforge.net/projects/ntru/files/ Ted.

IDA Pro Book, 2nd Edition />http://nostarch.com/idapro2.htm/>http://www.nostarch.com/download/idapro2_ch24.pdf Ted.

Thue Tuxen />http://ttuxen.wordpress.com/2010/03/15/crackme-introduction-2/ RE blog

Hello all, this is a video showing how to hack deep freeze password by reading it. I created a simple tool to aid or help me reading the valid string character. Screenshot: Download Video: http://www.mediafire.com/?1hq2c3k0hijg2ar

portuogral.no - portugral re blog: />http://portuogral.no.sapo.pt/