Jump to content


Highest Reputation Content


#24735 Pwn2Own 2016: Windows, OS X, Chrome, Edge, Safari all hacked

Posted by whoknows on 21 March 2016 - 06:00 AM

http://www.ghacks.net/2016/03/20/pwn2own-2016-windows-os-x-chrome-edge-safari-hacked/

 
*bonus* - Bypassing Antivirus With Ten Lines of Code

http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html

*bonus* - How to hack a sex toy

http://www.reuters.com/article/us-germany-cyber-idUSKCN0WH1YU

  • 5


#23135 Wireless networking tutorial

Posted by CodeExplorer on 09 March 2015 - 06:39 PM

A Wireless networking tutorial,
in the end is shown how to create
a Peer-to-Peer Network using an UTP cable.
This is NOT a reverse engineering tutorial.
 

Attached Files


  • 5


#24904 Flash Decompiler

Posted by whoknows on 03 May 2016 - 11:49 AM

JPEXS Free Flash Decompiler
Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts or fonts. Various output formats available. Works with Java on Windows, Linux or MacOS.
 
You can find more information on homepage at: 
https://www.free-decompiler.com/flash/

source code @:

https://github.com/jindrapetrik/jpexs-decompiler

  • 4


#24322 Alternate.DLL Analyzer

Posted by whoknows on 07 January 2016 - 05:28 PM

A simple application to extract the available function names

 

img_dllanalyzer.jpg

http://www.alternate-tools.com/pages/c_dllanalyzer.php?lang=ENG

  • 4


#23010 CoreCLR is open-source!

Posted by yck1509 on 04 February 2015 - 07:11 AM

See https://github.com/dotnet/coreclr

It seems very similar to desktop version of .NET

 

Also, FYI, https://github.com/d...c/corjit.h#L398

// Note: Obfuscators that are hacking the JIT depend on this method having __stdcall calling convention.

Which explains 0xd4d's observation at https://github.com/0...crypter.cs#L125 :P

 

EDIT: From their wiki: https://github.com/d...ki/Contributing

 

 

Equally important is to understand that both CoreCLR and Desktop CLR (part of the .NET Framework) are built from the same source code and this repository contains a subset of that source code - targeted to build CoreCLR.

It seems pretty sure most of the code is identical to desktop CLR.


  • 4


#22745 Any problems with the new style ?

Posted by Kurapica on 05 December 2014 - 05:51 PM

Sorry about that ...

 

we can't disappoint kao and CodeCracker in one day ! ;)

 

I fixed the code highlighting for both styles and now you can use the old one.

 

have fun.


  • 4


#21442 Brain Food for Hackers [ A must read blog ]

Posted by Kurapica on 10 April 2014 - 08:11 PM

Don't waste your weekends on mental plagues like Facebook or WhatsApp !

 

have fun reading those topics.

 

I packed the latest topics in 3 MHTML files. use FireFox to open this kind of files, you will need a small addin, or simply browse the BLOG online !

 

you can open them in IE but I don't talk to people who use IE :D

 

All credits to the Author of this blog : Gustavo Duarte

 

http://duartes.org/gustavo/blog/

Attached Files


  • 4


#16057 Save the nature

Posted by CodeExplorer on 03 December 2011 - 06:30 AM

As you may noticed I am retired from SnD. I have a lot of things to sort in my life. I will do less reversing from now.

Lately I am ready to die for the ecology!
My message will be: save the nature.
  • 4


#27159 Oracle to charge for Java from Jan 2019

Posted by Kurapica on 10 August 2018 - 08:19 AM

Anything that speed up the burial of Java is good


  • 3


#25026 HTTPS certificate expired

Posted by Kurapica on 10 June 2016 - 05:38 PM

Solved ...


  • 3


#24752 [HELP] Project with function hooking / memory patching

Posted by kao on 23 March 2016 - 12:31 PM

I have access to the executable file - I can reverse engineer it, but I cannot modify the file in any way (thus memory patching).

Care to explain why? Is it protected with some tough protector like VMProtect?

 

hook functions like NtFileCreate, but I encountered a bunch of problems. I cannot properly catch and edit the file name of the file I want to ‘redirect’.

Yuck. It's a very bad idea for multiple reasons.

Nt* functions use specific style of strings - UNICODE_STRING, to be exact. So, all your processing should take that into account.
Functions like NtFileCreate can use namespaces and other weird stuff. It gets complicated real fast: https://msdn.microso...7(v=vs.85).aspx
And don't get me even started on all possible race and re-entrancy problems.. :)

In short-don't hook NtFileCreate if you can. Try hooking CreateFileA/W or other top-level functions.
 

I also experience weird anomalies when injecting my DLL – the target executable starts permanently malfunctioning until I restart my computer (message boxes won’t show, icons will disappear, clicks refuse to work, etc.).

Sounds like a bad side effect of hooking. You're either clobbering some register values or stack, or memory.

First, try injecting DLL that does nothing. If that causes problems, your DLL or injector are flawed. Then try installing hooks that do nothing. If they work, problem is in your code. If app still behaves weird, hooks are causing the problem - try again with different hooking lib.


  • 3


#24281 Safe Native Code

Posted by whoknows on 20 December 2015 - 03:27 PM

http://joeduffyblog.com/2015/12/19/safe-native-code/

---------------------------

 

btw donate @:

http://telethon.archive.org/

---------------------------

bonus!

https://www.udemy.com/google-hacking-and-pentesting/

  • 3


#21355 Microsoft .NET Native

Posted by kao on 03 April 2014 - 10:52 PM

What happens when .NET code is statically compiled to machine code (versus runtime compiled via JIT) by the VC++ back end compiler? You get highly optimized binaries that load and run faster than .NET code ever has before. Yes, my friends, .NET has gone native! :)


Currently it's limited to Windows Store apps for ARM and x64, but judging from their presentation, they are going to extend it to all .NET Framework eventually.. :)

Main topic: http://msdn.microsof...io/dotnetnative (download link inside, might require registration).
Presentation video: http://channel9.msdn...side-NET-Native
  • 3


#26734 A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM: Pa...

Posted by whoknows on 23 January 2018 - 08:22 PM

http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/

  • 3