(Software Testing and Binary Static Analysis:)
Discovering Variables in Executables
Author: Gogul Balakrishnan + Thomas Reps
This paper addresses the problem of recovering variable-like entities when analyzing executables in the absence of debugging information. We show that variable-like entities can be recovered by iterating Value-Set Analysis (VSA), a combined numeric-a [more...]
Date: 28 Jul : 09:01
Filesize: 244.87 kb
Total Downloads: 46
(Malware / Security Analysis:)
BerBoToss Analysis
Author: Strelitzia
The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, [more...]
Date: 28 Jul : 09:01
Filesize: 335.2 kb
Total Downloads: 29
(IDA Plugins:)
IDAPython 1.4.1
Author: Gergely Erdélyi + Elias Bachaalany
IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro. These programs have access to IDA Plugin API, IDC and all modules available for Python. The power of IDA Pro and Python provides a pla [more...]
Date: 28 Jul : 08:56
Filesize: 2.26 mb
Total Downloads: 353
(Malware / Security Analysis:)
Inference and Analysis of Formal Models of Botnet
Author: [ Various Authors ]
We propose a novel approach to infer complete protocol state machines in realistic high-latency network setting, and apply it to the analysis of botnet C&C protocols. Our proposed techniques enable an order of magnitude reduction in the number of que [more...]
Date: 28 Jul : 08:46
Filesize: 407.77 kb
Total Downloads: 24
(Software Testing and Binary Static Analysis:)
Input Generation via Decomposition and Re-Stitching
Author: [ Various Authors ]
Attackers often take advantage of vulnerabilities in benign software, and the authors of benign software must search their code for bugs in hopes of finding vulnerabilities before they are exploited. But there has been little research on the c [more...]
Date: 28 Jul : 08:43
Filesize: 199.46 kb
Total Downloads: 15
(Malware / Security Analysis:)
Kernel Malware - The Attack from Within
Author: Kimmo Kasslin
The Kernel is the heart of modern operating systems. Code executing in kernel mode has full access to all memory including the kernel itself, all CPU instructions, and all hardware. For this obvious reason only the most trusted software should be all [more...]
Date: 28 Jul : 08:41
Filesize: 615.62 kb
Total Downloads: 23
(Programming / Coding:)
Kernel-22
Author: Mike McCarl
The idea of spoofing DLLs is not new. It is atechnique used for analysis tools as well as malicious programs. By offering the same set of functions as another DLL, a calling program can unknowingly provide the means to load and execute alternate code [more...]
Date: 28 Jul : 08:38
Filesize: 379.27 kb
Total Downloads: 36
(Keygenning / Serial Fishing:)
Keygenning Deurus KeygenMe02
Author: GioTiN
This KeygenMe is coded in Microsoft VC++ 6.0 (you can check with PeiD ) and not use of Hash Crypto's (you can check via KANAL Plugin in PeiD). In this KeygenMe we need to solve 2 algorithms so I have decided to explain all the steps to you.
Date: 28 Jul : 08:34
Filesize: 751.15 kb
Total Downloads: 31
(Portable Executable Format (PE):)
New Approach of Hidden Data in the Portable Executable File
Author: [ Various Authors ]
The rapid development of multimedia and internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information. In additional, digital document is also easy to copy and distribute, theref [more...]
Date: 28 Jul : 08:33
Filesize: 177.95 kb
Total Downloads: 37
(Unpacking Tutorials:)
PEX 0.99 (Unpacking)
Author: ChessGod101
After reading a post about a PEX 0.99 unpacker, I was anxious to learn more about the packer itself. After locating a download for PEX, I decided to protect a random file in my computer to see it's potential. After five minutes of probing I dump [more...]
Date: 28 Jul : 08:31
Filesize: 1.2 mb
Total Downloads: 38
(Software Testing and Binary Static Analysis:)
Predicate Abstraction
Author: Satyaki Das
Designing basic protocols, used in networking, security and multiprocessor systems is hard. All of these have to deal with concurrency, that is the actions of multiple agents in parallel. This makes their design error-prone since all possible interac [more...]
Date: 28 Jul : 08:27
Filesize: 339.87 kb
Total Downloads: 6
(Software Testing and Binary Static Analysis:)
Proving Memory Safety of Floating-Point Computations
Author: Patrice Godefroid + Johannes Kinder
Whitebox fuzzing is a novel form of security testing based on dynamic symbolic execution and constraint solving. Over the last couple of years, whitebox fuzzers have found many new security vulnerabilities (bu?er overflows) in Windows and Linux appli [more...]
Date: 28 Jul : 08:23
Filesize: 1.62 kb
Total Downloads: 6
(Reverse Code Engineering:)
Reversing MFC Applications
Author: Externalist
MFC Programs seems to be the mainstream of Win32 GUI programming these days, other than QT applications that are rapidly gaining popularity recently. A few days ago, I suddenly got interested in embedded system reversing but was confronted [more...]
Date: 28 Jul : 08:23
Filesize: 1.07 mb
Total Downloads: 2450
(Software Testing and Binary Static Analysis:)
Towards Scalable Modular Checking of User-Defined Properties
Author: [ Various Authors ]
Theorem-prover based modular checkers have the potential to perform scalable and precise checking of user-defined properties by combining path-sensitive intraprocedural reasoning with user-defined procedure abstractions. However, such tools have seld [more...]
Date: 28 Jul : 08:18
Filesize: 177.79 kb
Total Downloads: 9
(Malware / Security Analysis:)
The Case of TTrojan DownLoader "TDL3TDL3"
Author: Ace PortuguezAce
Current trends in the Threat Landscape dictate that a malware’s functionality grow in number, perform more stealthily and increase in complexity. This continuous evolution is a known fact in the industry as Operating Systems improve and Network sec [more...]
Date: 28 Jul : 08:16
Filesize: 1.49 mb
Total Downloads: 16
(Programming / Coding:)
The Semantics of x86-CC Multiprocessor Machine Code
Author: [ Various Authors ]
Multiprocessors are now dominant, but real multiprocessors do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have subtle relaxed (or weak) memory models, usually described only [more...]
Date: 28 Jul : 08:14
Filesize: 266.37 kb
Total Downloads: 8
(Programming / Coding:)
Verified Just-In-Time Compiler On x86
Author: Magnus O. Myreen
This paper presents a method for creating formally correct just-in-time (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of s [more...]
Date: 28 Jul : 08:10
Filesize: 212.84 kb
Total Downloads: 12
(Anti-Debugging:)
Anti-Unpacker Tricks 2 - Part 9
Author: Peter Ferrie
Unpackers have been around for as long as packers themselves, but anti-unpacking tricks have appeared more recently – and have increased rapidly both in number and, in some cases, complexity.
The final part of this series of articles (see also [more...]
Date: 21 Jul : 09:55
Filesize: 43.66 kb
Total Downloads: 187
(Immunity Python Scripts:)
BlackManta 1.0
Author: Juggernaut
This script should be used within Immunity Debugger. It monitors API calls associated with malicious activity and reports it to a window.
Date: 21 Jul : 09:51
Filesize: 13.44 mb
Total Downloads: 93
(Malware / Security Analysis:)
Disinfection of Alman.NAB
Author: HamiD
My video tutorial is about the disinfection of Alman.NAB (ESET NOD32 AV) from an infected file with example and full details.
Date: 21 Jul : 09:50
Filesize: 9.78 mb
Total Downloads: 117
(OllyDbg Plugins:)
StrongOD 0.3.4.639
Author: 海风月影
Make your OllyDbg Strong!
This plug-in provides three kinds of ways to initiate the process:
1, Normal - And the same manner as the original start, the STARTUPINFO inside unclean data
2, CreateAsUser - User with a mandate to initiate the proc [more...]
Date: 21 Jul : 09:50
Filesize: 246.4 kb
Total Downloads: 8085
(Binary Analysis / Editing:)
PROTECTiON iD 6.4.0
Author: CDKiLLER & TippeX
Features:
- detection of every major PC ISO Game / Application protection
- currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers
- sector scanning CDs / DVDs for Copy Prote [more...]
Date: 11 Jul : 08:06
Filesize: 519.51 kb
Total Downloads: 3903
(IDA Plugins:)
IDA Stealth 1.3
Author: Jan Newger
IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the proce [more...]
Date: 11 Jul : 00:56
Filesize: 789.09 kb
Total Downloads: 1432
(IDA Pro Disassembler and Debugger:)
IDA Pro Disassembler 5.7
Author: Hex-Rays
IDA Pro is a programmable, interactive, multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment.
IDA Pro is in many ways unique. Its interactivity allows you to improve disa [more...]
Date: 03 Jul : 22:22
Filesize: 27.79 mb
Total Downloads: 4172
(OllyScript - Scripts:)
ZProtect 1.4.x HWID + Inline Patcher v1.4
Author: LCF-AT
It is a script to patch a new HWID in two ways in your target. Just a normal temporary patch and it can also patch the new HWID permanently in your target with a large inline patch which I have written. It also supports even to find and patch a new C [more...]
Date: 01 Jul : 08:33
Filesize: 47.51 kb
Total Downloads: 129
(IDA Plugins:)
IDA Entropy Plugin 0.1
Author: P.Zbitskiy
Utility for entropy calculation of 32-bit executable and binary files released. It can be usefull for express searching of a file blocks with a high entropy - encrypted chunks, encryption keys, etc. Utility can be built as a IDA plugin and as a stand [more...]
Date: 30 Jun : 08:19
Filesize: 2.12 mb
Total Downloads: 105
(IDA Scripts:)
IDA2SQL Exporter 20100629
Author: Zynamics
ida2sql is a set of IDAPython scripts to export most of the information contained in an IDB into a MySQL database. It has existed and evolved already for a few years and has been the main connection between IDA and BinNavi for the most of the life of [more...]
Date: 30 Jun : 08:17
Filesize: 55.63 kb
Total Downloads: 37
(IDA Scripts:)
MySQL Python 1.2.3
Author: Andy Dustman
MySQLdb is an thread-compatible interface to the popular MySQL database server that provides the Python database API.
Date: 30 Jun : 08:14
Filesize: 55.31 kb
Total Downloads: 25
(OllyScript - Scripts:)
ZProtect 1.4.x HWID + Inline Patcher v1.1
Author: LCF-AT
It is a script to patch a new HWID in two ways in your target. Just a normal temporary patch and it can also patch the new HWID permanently in your target with a large inline patch which I have written. It also supports even to find and patch a new C [more...]
Date: 27 Jun : 08:46
Filesize: 37.14 kb
Total Downloads: 80
(OllyScript - Scripts:)
PeCompact 2.xx - 3.xx OEP Finder
Author: atom0s
Simply load the script and let it run, if the OEP is found, the script will prompt with a messagebox.
Enable The Following Exception Options
- Ingore memory access violations in KERNEL32
- INT3 breaks
- Memory access violation
Date: 11 Jun : 08:43
Filesize: 1.54 kb
Total Downloads: 222
(Mobile Phones / Mobile Device Technology:)
Unofficial Reversing On The S40 Revealed (Part 1)
Author: Funtikar
In this tutorial I will show you how to use the tools to get started on reversing j2me applications on J2ME enabled phones especially on the Nokia S40v3
This is an extension from my previous tutorial which means that this is not part two. Please d [more...]
Date: 11 Jun : 08:37
Filesize: 320.6 kb
Total Downloads: 285
(OllyDbg Engines / Modifications:)
OllyDbg 2.00.01 (Final)
Author: Oleh Yuschuk
OllyDbg 2.0 is a 32-bit assembler-level analyzing Degugger with intuitive interface. It is especially useful if source code is not available or when you experience problems with your compiler.
Requirements. Developed and tested mainly under Windo [more...]
Date: 05 Jun : 04:32
Filesize: 1.13 mb
Total Downloads: 9333
(Portable Executable Format (PE):)
Parsing Malicious and Malformed Executables
Author: [ Various Authors ]
A foundational requirement in the security world is the capability to robustly parse and analyze Windows Portable Executable files. Coping with the full spectrum of PE's found in the wild is, in fact, quite challenging. While white files are typ [more...]
Date: 05 Jun : 04:28
Filesize: 894.38 kb
Total Downloads: 277
(Malware / Security Analysis:)
A Symbolic Execution Framework for JavaScript
Author: [ Various Authors ]
As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution spac [more...]
Date: 04 Jun : 10:31
Filesize: 376.86 kb
Total Downloads: 127
(Anti-Debugging:)
Anti-Unpacker Tricks 2 - Part 8
Author: Peter Ferrie
Unpackers have been around for as long as packers themselves, but anti-unpacking tricks have appeared more recently – and have increased rapidly both in number and, in some cases, complexity.
The final part of this series of articles (see also [more...]
Date: 04 Jun : 10:30
Filesize: 56.86 kb
Total Downloads: 382
(Software Testing and Binary Static Analysis:)
Dataflow Analysis and Transformation
Author: Simon Peyton Jones + Norman Ramsey + Joao Dias
Dataflow analysis and transformation of control-flow graphs is pervasive in optimizing compilers, but it is typically tightly interwoven with the details of a particular compiler. We describe Hoopl, a reusable Haskell library that makes it unusually [more...]
Date: 04 Jun : 10:29
Filesize: 182.22 kb
Total Downloads: 70
(Software Testing and Binary Static Analysis:)
Developing Representation For Analysis of Binary Code
Author: Julio Auto de Medeiros
The field of Program Analysis is vast and complex. Even though it has many decades of study and advances now, some of the biggest and most pursued problems remain open for resolution. In particular, a quick search through the literature on the inters [more...]
Date: 04 Jun : 10:28
Filesize: 180.87 kb
Total Downloads: 68
(Malware / Security Analysis:)
Diffing Binaries vs Anti-diffing
Author: Jeongwook Oh
The Problem:
Security patches are usually meant to fix security vulnerabilities. And those are for fixing problems and protect computers and end users from risks. But how about releasing patch imposes new threats? We call the threat 1-day exploits [more...]
Date: 04 Jun : 10:25
Filesize: 563.27 kb
Total Downloads: 67
(Malware / Security Analysis:)
Evolving Shell
Author: Masaki Suenaga
Everything evolves. There are no exceptions, even for shell code.First the code was hidden using encryption. Now, it mimics the host data file. This paper discusses the evolution thus far, and though impossible to know for certain, the probable futur [more...]
Date: 04 Jun : 10:23
Filesize: 131.95 kb
Total Downloads: 66
(Malware / Security Analysis:)
Experimental Security Analysis of a Modern Automobile
Author: [ Various Authors ]
Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency [more...]
Date: 04 Jun : 10:21
Filesize: 1.59 mb
Total Downloads: 59
[ Tuts 4 You ]
