ARM exploitation for IoT – Episode 3

In the previous episodes we have seen some basic concepts regarding ARM reversing and shellcode writing. In this last part will see a brief introduction to exploit writing and we’ll keep it as simple as possible. The list of topics is: Modify the value of a local variable Redirect the execution flow Overwrite return address […]

ARM exploitation for IoT – Episode 2

Introduction In part 1 we’ve seen an introduction in reversing of some simple ARM applications, we’ve also seen how to set up the work environment and how to write a hello world (also with syscall). In this episode we will use the same work environment. ARM shellcoding We will see some basic shellcode: Shell spawning […]

ARM exploitation for IoT – Episode 1

Introduction and motivation Few weeks ago while attending a conference I noticed that the proposed ARM exploitation course for IoT price tag was quite substantial and decided to write my own, to allow those who can’t to spend that much to still be able to study the topic. I will present this course in three different […]

ESET CrackMe Challenge 2015 Walkthrough

The ESET CrackMe Challenge 2015 is divided into 2 parts: This is the one you download from the ESET website. You are asked to reverse an UPX packed executable and find one password (Drevokokur). Then the application decrypts a message with this password that basically asks you to decrypt in the same way some unreferenced […]

Introduction to ARMv8 64-bit Architecture

Introduction The ARM architecture is a Reduced Instruction Set Computer (RISC) architecture, indeed its originally stood for “Acorn RISC Machine” but now stood for “Advanced RISC Machines”. In the last years, ARM processors, with the diffusion of smartphones and tablets, are beginning very popular: mostly this is due to reduced costs, and a more power […]

Extracting Objects from a Running Process

Few days ago two new 0-days have been spotted in the wild: CVE-2013-0633 and CVE-2013-0634, both of them involving a .swf file, possibly embedded inside a Word Document. It might be interesting to understand how to dump a similar resource while the attacked process is running,  after all the obfuscation layers are cleared. Clearly this same technique can be expanded to extract […]

Device Driver Development For Beginners

Just a little starter for people interested in starting Kernel-Mode Development. This tutorial is a flexible one, time by time I’ll Reload and Expand it. By following a good thread on UIC forum, opened by a beginner that wanted to know how to start with Device Driver Development, I remembered that long time ago published […]

Windows Drivers Debugging

In this tutorial we are going to see how to setup a Debugging Environment for our Drivers. This is not a complete guide, it’s just a quick tour intended to give a fast overview of Windbg and problems involved into Driver Debugging. DriverLoader WinDbg The Problem Setting up a full working Kernel Debugging Environment is […]

X64 Assembly

Links and References Introduction Essay Links And References AMD64 documentation Introduction This article is extracted from “Moving to Windows x64” by Daniel Pistelli (Ntoskrnl) Essay Now I’ll try to explain the basics of x64 assembly. I assume the reader is already familiar with x86 assembly, otherwise he won’t be able to make heads or tails […]