antoxar.blogspot.com
Details are still coming in: Detecting abnormal executable files using binary code mining
http://antoxar.blogspot.com/2013/02/detecting-abnormal-executable-les-using.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, February 7, 2013. Detecting abnormal executable files using binary code mining. Rechkov. Lomonosov Report. PS Please don't shy to add comments and ideas! Subscribe to: Post Comments (Atom). Detecting abnormal executable files using binary co. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. VNSECURITY TEAM (Vietnam Internet Security Research Team).
antoxar.blogspot.com
Details are still coming in: January 2015
http://antoxar.blogspot.com/2015_01_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, January 5, 2015. Using WPP to trace usermode apps. I've created sample app here. To don't forget howto include WPP into system service. For more details in Russian blog post is on habrahabr. Subscribe to: Posts (Atom). Using WPP to trace usermode apps. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. Tor – Xác định các exit relay độc hại.
antoxar.blogspot.com
Details are still coming in: July 2013
http://antoxar.blogspot.com/2013_07_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, July 22, 2013. UFOCTF WriteUP: Mmmm, Whiskey metal. PS I already get a few tips:. Key is SHA256 or decoded string. My brother always make "Burp" and likes tea. Here you can find a dump. Https:/ docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE. Here is a short how to. First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView. Or just using search in WinDbg. Take a look inside. Buildin...
antoxar.blogspot.com
Details are still coming in: March 2011
http://antoxar.blogspot.com/2011_03_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Friday, March 18, 2011. Lets show you decision of T4 RusCrypto task from Ufologists. We were given an access to the box on which key container was running. It was uploaded not long ago by third party developer. Container search ended with BSOD with help of antirootkit and antiviruse. Analyze the dump and find the key in root of OS. We know for sure that flag contains only latin symbols. download file. Ok Let's see all drivers in system.
antoxar.blogspot.com
Details are still coming in: Write up Mailgw ICTF2011
http://antoxar.blogspot.com/2011/12/write-up-mailgw-ictf2011.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Saturday, December 3, 2011. Write up Mailgw ICTF2011. It was best CTF, which I ever played. Thanks to organisers very much. I'm in TU Berlin write know and I played with ENOFLAG team. In this topic I will describe mailgw service. Lets analyse it with IDA. Analysis of server application should starts from accept function. ERROR: accept on socket failed: %s n. LABEL 34 ;. ERROR: fork failed: %s n. LABEL 34 ;. Manage tcp client (. Q - quit;.
antoxar.blogspot.com
Details are still coming in: February 2013
http://antoxar.blogspot.com/2013_02_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, February 7, 2013. Detecting abnormal executable files using binary code mining. Rechkov. Lomonosov Report. PS Please don't shy to add comments and ideas! Subscribe to: Posts (Atom). Detecting abnormal executable files using binary co. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. VNSECURITY TEAM (Vietnam Internet Security Research Team).
antoxar.blogspot.com
Details are still coming in: December 2011
http://antoxar.blogspot.com/2011_12_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Saturday, December 3, 2011. Write up Mailgw ICTF2011. It was best CTF, which I ever played. Thanks to organisers very much. I'm in TU Berlin write know and I played with ENOFLAG team. In this topic I will describe mailgw service. Lets analyse it with IDA. Analysis of server application should starts from accept function. ERROR: accept on socket failed: %s n. LABEL 34 ;. ERROR: fork failed: %s n. LABEL 34 ;. Manage tcp client (. Q - quit;.
antoxar.blogspot.com
Details are still coming in: UFOCTF WriteUP: Mmmm, Whiskey metal
http://antoxar.blogspot.com/2013/07/ufoctf-writeup-mmmm-whiskey-metal.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, July 22, 2013. UFOCTF WriteUP: Mmmm, Whiskey metal. PS I already get a few tips:. Key is SHA256 or decoded string. My brother always make "Burp" and likes tea. Here you can find a dump. Https:/ docs.google.com/file/d/0Bw72cstp5cGsMVlDSlBJU05fdVE. Here is a short how to. First you should find "Burp" log string in the memory dump. There is a two ways here. Using DebugView. Or just using search in WinDbg. Take a look inside. Buildin...
antoxar.blogspot.com
Details are still coming in: Using WPP to trace usermode apps
http://antoxar.blogspot.com/2015/01/using-wpp-to-trace-usermode-apps.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Monday, January 5, 2015. Using WPP to trace usermode apps. I've created sample app here. To don't forget howto include WPP into system service. For more details in Russian blog post is on habrahabr. Subscribe to: Post Comments (Atom). Using WPP to trace usermode apps. Exploring and exploiting Lenovo firmware secrets. What does this command? Черный ящик и внедрение ошибок на Black Hat Trainings. Tor – Xác định các exit relay độc hại.
antoxar.blogspot.com
Details are still coming in: June 2011
http://antoxar.blogspot.com/2011_06_01_archive.html
Details are still coming in. IDA, windbg tips. CTF tasks and so on. Thursday, June 2, 2011. Unpacked bootmgr x86 part. First 5 sections is correct. Other segments are wrong. But anymore IDA can associate it with pdb. This version is check Win 7 Sp0. You also can find free version or asking me. Also there are small differences after ms-advisory-2506014-x64. Subscribe to: Posts (Atom). Unpacked bootmgr x86 part. Exploring and exploiting Lenovo firmware secrets. What does this command?