(Virtualization / Virtual Machines:)
A Comparison of Software and Hardware Techniques for x86 Virtualization
Author: Keith Adams + Ole Agesen
Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMware Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, bot [more...]
Date: 28 Aug : 12:03
Filesize: 129.96 kb
Total Downloads: 80
(Cryptography / Algorithms:)
All-out Attacks or How to Attack Cryptography Without Intensive Cryptanalysis
Author: Jean-Baptiste Bedrune + Eric Filiol + Fr´ed´eric Raynal
This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefor [more...]
Date: 28 Aug : 12:02
Filesize: 5.26 mb
Total Downloads: 159
(Obfuscation / Deobfuscation:)
Applied Binary Code Obfuscation
Author: Nicolaou George + Glafkos Charalambous
An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse enginee [more...]
Date: 28 Aug : 12:01
Filesize: 866.52 kb
Total Downloads: 112
(Obfuscation / Deobfuscation:)
Automatic Binary Deobfuscation
Author: Yoann Guillot + Alexandre Gazet
This paper gives an overview of our research in the automation of the process of software protection analysis. We will focus more particularly on the problem of obfuscation.
Our current approach is based on a local semantic analysis, which aims t [more...]
Date: 28 Aug : 11:59
Filesize: 437.38 kb
Total Downloads: 66
(Reverse Code Engineering:)
In Memory Reverse Engineering for Obfuscated Python Bytecode
Author: Rich Smith
Growing numbers of commercial and closed source applications are being developed using the Python programming language. The trend with developers of such applications appears to be that there is an increasing amount of effort being invested in order [more...]
Date: 28 Aug : 11:56
Filesize: 204.31 kb
Total Downloads: 31
(Obfuscation / Deobfuscation:)
Loco: An Interactive Code Deobfuscation Tool
Author: Matias Madou + Ludo Van Put + Koen De Bosschere
This paper presents LOCO, a graphical, interactive environment to experiment with code obfuscation and deobfuscation transformations, which can be applied automatically, semi-automatically and by hand. LOCO is an extension of the multi-platform visua [more...]
Date: 28 Aug : 11:55
Filesize: 291.85 kb
Total Downloads: 45
(Cryptography / Algorithms:)
Non-Black-Box Techniques in Cryptography
Author: Boaz Barak
The American Heritage dictionary defines the term “Black-Box” as “A device or theoretical construct with known or specified performance characteristics but unknown or unspecified constituents and means of operation.”
In the context of Com [more...]
Date: 28 Aug : 11:55
Filesize: 1.1 mb
Total Downloads: 20
(Portable Executable Format (PE):)
Portable Executable File Format – A Reverse Engineer View
Author: Goppit
This tutorial aims to collate information from a variety of sources and present it in a way which is accessible to beginners. Although detailed in parts, it is oriented towards reverse code engineering and superfluous information has been omitted. Yo [more...]
Date: 28 Aug : 11:53
Filesize: 7.82 mb
Total Downloads: 129
(Obfuscation / Deobfuscation:)
Reverse Engineering Obfuscated Code
Author: Sharath K. Udupa + Saumya K. Debray + Matias Madou
In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for [more...]
Date: 28 Aug : 11:52
Filesize: 130.18 kb
Total Downloads: 49
(Obfuscation / Deobfuscation:)
Unpacking Virtualization Obfuscators
Author: Rolf Rolles
Nearly every malware sample is sheathed in an executable protection which must be removed before static analyses can proceed. Existing research has studied automatically unpacking certain protections, but has not yet caught up with many modern techni [more...]
Date: 28 Aug : 11:51
Filesize: 125.06 kb
Total Downloads: 52
(Obfuscation / Deobfuscation:)
Using Optimization Algorithms for Malware Deobfuscation
Author: Branko Spasojevic
Analysis of malware binaries is constantly becoming more difficult with introduction of many different types of code obfuscators. One common theme in all obfuscators is transformation of code into a complex representation. This process can be viewed [more...]
Date: 28 Aug : 11:50
Filesize: 762.78 kb
Total Downloads: 16
(Debuggers / Debugging:)
Virt-ICE: Next-Generation Debugger for Malware Analysis
Author: Nguyen Anh Quynh + Kuniyasu Suzaki
Dynamic malware analysis is an important method to analyze malware. The most important tool for dynamic malware analysis is debugger. However, because debuggers are originally built by software developers to debug legitimate software, they have some [more...]
Date: 28 Aug : 11:48
Filesize: 143.87 kb
Total Downloads: 81
(IDA Plugins:)
IDA Stealth 1.3.1
Author: Jan Newger
IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the proce [more...]
Date: 27 Aug : 22:23
Filesize: 793.79 kb
Total Downloads: 1493
(OllyDbg Plugins:)
StrongOD 0.3.6.650
Author: 海风月影
Make your OllyDbg Strong!
This plug-in provides three kinds of ways to initiate the process:
1, Normal - And the same manner as the original start, the STARTUPINFO inside unclean data
2, CreateAsUser - User with a mandate to initiate the proc [more...]
Date: 24 Aug : 07:47
Filesize: 260.82 kb
Total Downloads: 8499
(IAT / PE Rebuilding:)
Imports Fixer 1.5a (Public Beta)
Author: SuperCRacker
Imports Fixer (abbreviated to IF hereafter) has been specifically created to assist in the process of rebuilding and reconstructing portable executable files found in memory. IF has been designed to rebuild imports for Win32 Portable Executable and D [more...]
Date: 24 Aug : 07:39
Filesize: 848.24 kb
Total Downloads: 846
(Binary Analysis / Editing:)
BinDiff 3.2 (Public Beta)
Author: Zynamics
Do you need to analyze multiple variations of essentially the same program? Do you need to understand the changes between two versions of a program? Are you trying to detect code theft?
Zynamics BinDiff uses a unique graph-theoretical aproach to a [more...]
Date: 18 Aug : 07:04
Filesize: 498.33 kb
Total Downloads: 237
(Cryptography Tools:)
YAFU 1.19.2
Author: Ben Buhrow
This code is the result of several's years effort to learn more about integer factorization, arbitrary precision arithmetic, C programming, memory and cpu speed optimizations. It's freely available to anyone that wants to use it. I provid [more...]
Date: 18 Aug : 06:52
Filesize: 3.12 mb
Total Downloads: 250
(Keygenning / Serial Fishing:)
An Exercise in RSA Reversal (RSA128 + MD5)
Author: Office Jesus
Hi and welcome to another Office Jesus tutorial. I just want to go ahead and say that if you are an ABSOLUTE beginner with no experience debugging or coding (Delphi in this case), you should NOT read this tutorial! I recommend watching Lena151's [more...]
Date: 06 Aug : 10:08
Filesize: 1.25 mb
Total Downloads: 339
(Binary Analysis / Editing:)
VxClass 1.1
Author: Zynamics
Based on the same ideas and algorithms that made zynamics BinDiff great, zynamics VxClass can structurally compare executables and thus ignore byte-level changes such as instruction reordering or string obfuscation. Small changes in the code or chang [more...]
Date: 03 Aug : 08:07
Filesize: 2.39 mb
Total Downloads: 85
(Binary Analysis / Editing:)
BinNavi 3.0
Author: Zynamics
BinNavi is a platform-independent integrated reverse engineering environment that helps you dissect and analyze binary files. You can use it to discover new vulnerabilities in closed-source software, to analyze the latest piece of malware you found w [more...]
Date: 03 Aug : 07:43
Filesize: 301.71 kb
Total Downloads: 126
(Miscellaneous Papers:)
One Great Way To Get More Effecient Solar Power For Batteries
Author: Sophia H. Walker
University of southern California experts indicate us a more effective use of graphene solar panels
Is it possible to imagine people powering their mobile phone or music/video device while jogging in the sun?
A University of Southern Californ [more...]
Date: 31 Jul : 23:40
Filesize: 144.49 kb
Total Downloads: 33
(Cryptography Tools:)
Msieve 1.46 + GUI 1.1
Author: Jason Papadopoulos + Anogrganix
Factoring is the study (half math, half engineering, half art form) of taking big numbers and expessing them as the product of smaller numbers. If I find out 15 = 3 * 5, I've performed an integer factorization on the number 15. As the number to [more...]
Date: 31 Jul : 23:26
Filesize: 1.25 mb
Total Downloads: 5081
(IDA Plugins:)
MyNav 1.0
Author: Joxean Piti
MyNav is a plugin for IDA Pro to help reverse engineers in the most typical task like discovering what functions are responsible of some specifical tasks, finding paths between "interesting" functions and data entry points.
Features:
[more...]
Date: 31 Jul : 09:47
Filesize: 13.7 kb
Total Downloads: 73
(Java Reversing:)
A Practical Method for Watermarking Java Programs
Author: [ Various Authors ]
Java programs distributed through Internet are now suffering from program theft. It is because Java programs can be easily decomposed into reusable class files even decompiled into source code by program users. In this paper we propose a practical [more...]
Date: 31 Jul : 09:40
Filesize: 58.5 kb
Total Downloads: 73
(Software Testing and Binary Static Analysis:)
An Analysis of Black-Box Web Vulnerability Scanners
Author: Adam Doup´e + Marco Cova + Giovanni Vigna
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as “point-and-click pentesting” tools that automatically evaluate the security of web appli [more...]
Date: 31 Jul : 09:39
Filesize: 167.24 kb
Total Downloads: 71
(Malware / Security Analysis:)
DEP/ASLR Implementation Progress in Popular Third-party Windows Applications
Author: Alin Rad Pop
Vulnerabilities that corrupt memory typically result in the execution of arbitrary code by redirecting the program flow to a writable memory area containing instructions defined by an attacker.
DEP (Data Execution Prevention) is a generic defensi [more...]
Date: 31 Jul : 09:36
Filesize: 108.06 kb
Total Downloads: 57
(Software Testing and Binary Static Analysis:)
A Technique for Automated Software Debugging
Author: Cristian Zamfir + George Candea
Debugging real systems is hard, requires deep knowledge of the code, and is time-consuming. Bug reports rarely provide sufficient information, thus forcing developers to turn into detectives searching for an explanation of how the program could have [more...]
Date: 31 Jul : 09:34
Filesize: 237.58 kb
Total Downloads: 86
(Reverse Code Engineering:)
Theories and Methods of Code-Caves
Author: Faldo
Since many have read my tutorial on basic memory hacking and got stuck on the creation of code-caves, I’ve decided to make a short follow-up on some code-cave techniques where I’ll explain the WHYs and the HOWs.
Archive also contains "The [more...]
Date: 31 Jul : 09:32
Filesize: 744.53 kb
Total Downloads: 306
(Software Testing and Binary Static Analysis:)
Discovering Variables in Executables
Author: Gogul Balakrishnan + Thomas Reps
This paper addresses the problem of recovering variable-like entities when analyzing executables in the absence of debugging information. We show that variable-like entities can be recovered by iterating Value-Set Analysis (VSA), a combined numeric-a [more...]
Date: 28 Jul : 09:01
Filesize: 244.87 kb
Total Downloads: 121
(Malware / Security Analysis:)
BerBoToss Analysis
Author: Strelitzia
The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, [more...]
Date: 28 Jul : 09:01
Filesize: 335.2 kb
Total Downloads: 86
(IDA Plugins:)
IDAPython 1.4.1
Author: Gergely Erdélyi + Elias Bachaalany
IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro. These programs have access to IDA Plugin API, IDC and all modules available for Python. The power of IDA Pro and Python provides a pla [more...]
Date: 28 Jul : 08:56
Filesize: 2.26 mb
Total Downloads: 401
(Malware / Security Analysis:)
Inference and Analysis of Formal Models of Botnet
Author: [ Various Authors ]
We propose a novel approach to infer complete protocol state machines in realistic high-latency network setting, and apply it to the analysis of botnet C&C protocols. Our proposed techniques enable an order of magnitude reduction in the number of que [more...]
Date: 28 Jul : 08:46
Filesize: 407.77 kb
Total Downloads: 102
(Software Testing and Binary Static Analysis:)
Input Generation via Decomposition and Re-Stitching
Author: [ Various Authors ]
Attackers often take advantage of vulnerabilities in benign software, and the authors of benign software must search their code for bugs in hopes of finding vulnerabilities before they are exploited. But there has been little research on the c [more...]
Date: 28 Jul : 08:43
Filesize: 199.46 kb
Total Downloads: 39
(Malware / Security Analysis:)
Kernel Malware - The Attack from Within
Author: Kimmo Kasslin
The Kernel is the heart of modern operating systems. Code executing in kernel mode has full access to all memory including the kernel itself, all CPU instructions, and all hardware. For this obvious reason only the most trusted software should be all [more...]
Date: 28 Jul : 08:41
Filesize: 615.62 kb
Total Downloads: 189
(Programming / Coding:)
Kernel-22
Author: Mike McCarl
The idea of spoofing DLLs is not new. It is atechnique used for analysis tools as well as malicious programs. By offering the same set of functions as another DLL, a calling program can unknowingly provide the means to load and execute alternate code [more...]
Date: 28 Jul : 08:38
Filesize: 379.27 kb
Total Downloads: 99
(Keygenning / Serial Fishing:)
Keygenning Deurus KeygenMe02
Author: GioTiN
This KeygenMe is coded in Microsoft VC++ 6.0 (you can check with PeiD ) and not use of Hash Crypto's (you can check via KANAL Plugin in PeiD). In this KeygenMe we need to solve 2 algorithms so I have decided to explain all the steps to you.
Date: 28 Jul : 08:34
Filesize: 751.15 kb
Total Downloads: 105
(Portable Executable Format (PE):)
New Approach of Hidden Data in the Portable Executable File
Author: [ Various Authors ]
The rapid development of multimedia and internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information. In additional, digital document is also easy to copy and distribute, theref [more...]
Date: 28 Jul : 08:33
Filesize: 177.95 kb
Total Downloads: 101
(Unpacking Tutorials:)
PEX 0.99 (Unpacking)
Author: ChessGod101
After reading a post about a PEX 0.99 unpacker, I was anxious to learn more about the packer itself. After locating a download for PEX, I decided to protect a random file in my computer to see it's potential. After five minutes of probing I dump [more...]
Date: 28 Jul : 08:31
Filesize: 1.2 mb
Total Downloads: 94
(Software Testing and Binary Static Analysis:)
Predicate Abstraction
Author: Satyaki Das
Designing basic protocols, used in networking, security and multiprocessor systems is hard. All of these have to deal with concurrency, that is the actions of multiple agents in parallel. This makes their design error-prone since all possible interac [more...]
Date: 28 Jul : 08:27
Filesize: 339.87 kb
Total Downloads: 27
(Software Testing and Binary Static Analysis:)
Proving Memory Safety of Floating-Point Computations
Author: Patrice Godefroid + Johannes Kinder
Whitebox fuzzing is a novel form of security testing based on dynamic symbolic execution and constraint solving. Over the last couple of years, whitebox fuzzers have found many new security vulnerabilities (bu?er overflows) in Windows and Linux appli [more...]
Date: 28 Jul : 08:23
Filesize: 1.62 kb
Total Downloads: 24
[ Tuts 4 You ]
