ARM exploitation for IoT – Episode 3

In the previous episodes we have seen some basic concepts regarding ARM reversing and shellcode writing. In this last part will see a brief introduction to exploit writing and we'll keep it as simple as possible. The list of topics is: Modify the value of a local variable Redirect the execution flow Overwrite return address GOT overwrite C++ virtual … read more.

ARM exploitation for IoT – Episode 2

Introduction In part 1 we've seen an introduction in reversing of some simple ARM applications, we've also seen how to set up the work environment and how to write a hello world (also with syscall). In this episode we will use the same work environment. ARM shellcoding We will see some basic shellcode: Shell spawning shellcode Bind TCP shellcode Reverse shell … read more.

ARM exploitation for IoT – Episode 1

Introduction and motivation Few weeks ago while attending a conference I noticed that the proposed ARM exploitation course for IoT price tag was quite substantial and decided to write my own, to allow those who can't to spend that much to still be able to study the topic. I will present this course in three different episodes. Surely these articles are not comparable to a … read more.

ESET CrackMe Challenge 2015 Walkthrough

Eset 2015 Crackme Challenge

The ESET CrackMe Challenge 2015 is divided into 2 parts: This is the one you download from the ESET website. You are asked to reverse an UPX packed executable and find one password (Drevokokur). Then the application decrypts a message with this password that basically asks you to decrypt in the same way some unreferenced data inside the exe. This unreferenced data, once … read more.

Black Hat Arsenal peepdf Challenge 2015 writeup

At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here's my writeup solution. I hope that you like it. PS: I suggest you to spend a bit of your time to try to solve the challenge … read more.

Information leakage analysis in block ciphers – Part 2

Cryptology attacks on CBC mode of operation In the first part we talked about block ciphers and their mode of operation. In this part we want to explain more about how an adversary will misuse this … read more.

Information leakage analysis in block ciphers – Part 1

Overview of block ciphers Block ciphers are cryptographic functions for blocks of data of fixed-size, as opposed to stream ciphers (take as an example the classic RC4) that can be used over a stream … read more.

Inside a Kippo honeypot: how the billgates botnet spreads

A few months ago I decided to install a honeypot to find some new threat and to collect some new malware to be analyzed. There are several honeypot I had in mind to try, but for now I have chosen … read more.

Kaspersky Hooking Engine Analysis

In this article we will talk about a few hooking techniques used by antivirus software. For the purpose of this analysis the antivirus chosen will be Kaspersky ( PURE … read more.

Win32.BlackBerryBBC Malware Analysis

Today I got a mail containing a malware from [email protected] The sender's address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages … read more.