Archives/2015

From aldeid
Jump to navigation Jump to search

Solution to DaXXoR 101's KeygenMe #3

Sun, 6 Dec 2015 17:31:00 +0000

My solution to DaXXoR 101's KeygenMe #3. Patch and develop a keygen. Interesting technique of integrity checking.

Read more

Solution to andrewl.us' Crackme #1

Sat, 5 Dec 2015 17:32:00 +0000

My solution to andrewl.us' Crackme #1. This is easy and great for beginners to learn crypto basics and python scripting in IDA Pro.

Read more

Solution to Borismilner's 4N006135 level4 crackme

Tue, 1 Dec 2015 07:08:00 +0000

My solution to Borismilner's 4N006135 5th challenge. Very interesting crackme with self-modifying code and funny techniques.

Read more

Solution to Profdraculare's keygenme228

Sat, 28 Sep 2015 20:44:00 +0000

My solution to Profdraculare's keygenme228 (crackmes.de).

Read more

Solution to Borismilner's 4N006135 levels 0-3 crackmes

Mon, 24 Nov 2015 20:30:00 +0000

My solutions to the 4 levels (levels 0 to 3) for Borismilner's 4N006135, hosted on crackmes.de. Excellent crackmes, thanks Boris!

Read more

vik3790's Little Fish crackme

Sat, 7 Nov 2015 15:13:00 +0000

My solution to vik3790's Little Fish crackme. A funny one!

Read more

reZK2ll BeatME crackme

Sun, 25 Oct 2015 17:46:00 +0000

A not so difficult crackme but some fun for the week-ends...

Read more

Nuit du Hack 2012 Android Challenge

Wed, 21 Sep 2015 11:50:00 +0000

Following my learning curve on Android/ARM, I decided to give a try to the Nuit Du Hack (NDH) 2012 Android Challenge. Already 3 years old but still worth trying. This application uses 2 interesting anti-debugging techniques, respectively based on the IMEI check and on the elapsed time between 2 checkpoints. I had a lot of fun making this challenge, and learned new things.

Read more

Solution to FLARE-ON challenge 2015, challenge 6

Fri, 16 Sep 2015 18:15:00 +0000

After several weeks of hard work, learning about Android and ARM, I'm proud to post my solution to FLARE-ON challenge 2015, level 6.

Read more

Solution to FLARE-ON challenge 2015, challenge 10

Sat, 03 Sep 2015 18:10:00 +0000

My solution to FLARE-ON challenge 2015, level 10.

Read more

Solution to FLARE-ON challenge 2015, challenge 7

Mon, 28 Sep 2015 21:26:00 +0000

My solution to FLARE-ON challenge 2015, level 7.

Read more

Solution to FLARE-ON challenge 2015, challenge 9

Fri, 25 Sep 2015 17:36:00 +0000

My solution to FLARE-ON challenge 2015, level 9.

Read more

Solution to FLARE-ON challenge 2015, challenge 8

Fri, 25 Sep 2015 17:32:00 +0000

My solution to FLARE-ON challenge 2015, level 8.

Read more

Solution to FLARE-ON challenge 2015, challenge 5

Fri, 25 Sep 2015 17:27:00 +0000

My solution to FLARE-ON challenge 2015, level 5.

Read more

Solution to FLARE-ON challenge 2015, challenge 4

Fri, 25 Sep 2015 17:23:00 +0000

My solution to FLARE-ON challenge 2015, level 4.

Read more

Solution to FLARE-ON challenge 2015, challenge 3

Fri, 25 Sep 2015 17:16:00 +0000

My solution to FLARE-ON challenge 2015, level 3.

Read more

Solution to FLARE-ON challenge 2015, challenge 2

Fri, 25 Sep 2015 17:12:00 +0000

My solution to FLARE-ON challenge 2015, level 2.

Read more

Solution to FLARE-ON challenge 2015, challenge 1

Fri, 25 Sep 2015 17:01:00 +0000

My solution to FLARE-ON challenge 2015, level 1.

Read more

Solution to DevAstatoR's What do I want crackme

Thu, 23 Jul 2015 07:14:00 +0000

The objective of this crackme (http://crackmes.de/users/devastator/what_do_i_want/) is to find the value of 2 fields to reveal a password. This challenge is interesting because it requires some reverse engineering of the code itself to understand what is required.

Read more

Solution to LaFarge's crackme #2

Sat, 18 Jul 2015 07:14:00 +0000

The objective of this crackme is to crack the serial generation algorithm to find the appropriate serial from a given password and develop a keygen.

Read more

Hiew, Hex editor and assembler/disassembler

Tue, 25 Nov 2014 23:23:00 +0000

Hiew is an Hex editor and assembler/disassembler with following features: view and edit files of any length in text, hex, and decode modes; x86-64 disassembler & assembler (AVX instructions include); physical & logical drive view & edit; support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats; support for Netware Loadable Modules like NLM, DSK, LAN,...; following direct call/jmp instructions in any executable file with one touch; pattern search in disassembler; built-in simple 64bit decrypt/crypt system; built-in powerful 64bit calculator; block operations: read, write, fill, copy, move, insert, delete, crypt; multifile search and replace; keyboard macros; unicode support; Hiew External Module (HEM) support; ArmV6 disassembler.

Read more

Shellshock Bash Vulnerability (CVE-2014-6271, CVE-2014-7169)

Sun, 28 Sep 2014 10:52:00 +0000

Everything you should know about the Shellshock Bash Vulnerability (CVE-2014-6271 & CVE-2014-7169).

Read more

Heartbleed Vulnerability (CVE-2014-016)

Tue, 22 Apr 2014 07:02:00 +0000

On 2014 April 7th, a vulnerability about OpenSSL (CVE-2014-0160, TLS heartbeat read overrun) has been publicly disclosed. Heartbeat is a TLS extension that allows to ping and receive confirmation from the peer, and is described in RFC6520. This post explains the vulnerability in details.

Read more

Analysis of CryptoLocker (MD5: 98c9676d887d024defc1d340bd723073)

Sun, 13 Apr 2014 17:00:00 +0000

CryptoLocker is a ransomware trojan. It crypts personal data on the infected machine with a private RSA key stored on the remote C&C. The malware then displays a message which offers to decrypt the data if a payment of 400 USD is made by a stated deadline, and threatens to delete the private key if the deadline passes.

Read more

Analysis of Worm:VBS/Jenxcus

Thu, 27 Mar 2014 10:20:00 +0200

Worm:VBS/Jenxcus is a malware developed in VBScript by houdini. It uses a simple obfuscation technique based on the chr function. It posts sensitive data (Hardware ID, Hostname, Username, OS details, Antivirus, ...) to diana68.no-ip.biz on port 1177/tcp using the HTTP protocol. The malware has the ability to execute arbitrary commands, kill processes, send and receive files, enumerate files, processes and disk drives, delete files, ...

Read more

Analyzing malware with SysAnalyzer

Fri, 21 Mar 2014 11:29:00 +0200

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system.

Read more

Alternate Data Stream (ADS)

Wed, 12 Mar 2014 21:01:00 +0200

Alternate Data Stream (ADS) is a feature from Microsoft which purpose is to provide a compatibility with HFS, the file system management for Mac. It is well known from malware authors who can hide a malicious executable in a file.

Read more

Analysis of a malicious PDF file

Mon, 03 Mar 2014 08:21:00 +0200

I will describe the process of analyzing a malicious PDF file. For our analysis, we will need: the REMnux distribution (contains all below necessary tools), pdfid to identify objects in our PDF file, pdf-parser to list JavaScript objects, pdfobjflow to map the relationships between the PDF objects, jsunpackn to extract JavaScript contained in the PDF file, SpiderMonkey to run and de-obfuscate the JavaScript, sctest (libemu) to emulate the shellcode, command line tools (to convert our shellcode to various formats).

Read more

Origami, a complete toolkit to analyze malicious PDF documents

Mon, 30 Dec 2013 14:26:00 +0200

Origami is a Ruby framework for manipulating PDF documents. It features a PDF compliant parser and allows to analyze, modify or create malicious PDF files. Origami supports advanced features of the latest PDF specifications: Encryption (up to Adobe Reader X), Digital signatures, Forms (Acrobat and XML), JavaScript, Annotations, Flash, File attachments, Object streams.

Read more

Analyze malicious Office documents with OffVis

Thu, 26 Dec 2013 12:25:00 +0200

The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.

Read more

Older entries »