Debugging EA’s Steam knock off
The Battlefield 3 beta is over. Now all i have is their stupid knock off of steam until the 28th when the release Bf3 to the masses. After some careful manipulation (setting the 3rd byte of the PEB to...
View ArticleClik here to view.
Reversing Origin P2
The triumphant release of Battlefield 3 marks the second time in my life where I waited til midnight to purchase a game standing outside a store. The first of which being Fallout 3 (after all I did...
View ArticleClik here to view.
Dongles, how do they work?
Reversing aint easy these days and is getting harder. Every other executable is packed with this or that, PEID is no longer updated, and many software companies are moving towards dongle based...
View ArticleClik here to view.
Mimicking task manager
Have you ever wondered how to make your own task manager? That thing that pops up when you press control+shift+escape and shows all the process names, ids and files associated with them? Well now you...
View ArticleExploiting WordPress Plugins
GAHHH! The epitome of shitty design, aka baby’s first program also known as the wordpress plugin. There area SHITLOAD of these floating around the internet. Most of which promise the same shit –...
View ArticleClik here to view.
Cracking SmarterMail hashes
This week I encountered a password hash I hadnt seen in a while. Base64 with a twist. SmarterTools.com has a mail server called SmarterMail written in all .net. It stores its passwords in xml files in...
View ArticleClik here to view.
Tenable Nessus Appsec Interview Spoilers
Hello everyone, Today we will be going over the answers to the test offered by Tenable / Nessus when you interview with them to be an appsec guy. I was told I was the first to ace all 3 tests, so I...
View ArticleClik here to view.
.net reversing and MSIL modification
Hello everybody! Its been a wonderful new year. Full of new experiences and all that other stuff. Lately I’ve been running into a lot of .net stuff. Managed assemblies (compiled MSIL dlls) interacting...
View ArticleClik here to view.
Reversing a Botnet
Howdy fellow crackers and hackers alike! Have I got a treat for you? A live botnet. The other day at work, I encountered a number of machines all attacking other hosts. Normally its just one machine,...
View ArticleClik here to view.
reversing a botnet 2 – electric boogaloo
It happened again at work. This time twice the number of machines hit. The same people hit my company, and they took my advice when I last spoke to them – they obfuscated the executable to make it...
View ArticleClik here to view.
Restoring McAfee BUP Files
Hello fellow readers, Its been a while since I’ve posted. Today at work I was going over malware already flagged by McAfee and sent to the quarantined folder. The way McAfee encrypts / encodes its...
View ArticleClik here to view.
Stego Malware And DotNet
Greetings and salutations. Today I’m going to be going over some malware I found in the wild. I found it after doing a search for ‘hack’ on the ‘rapidshare’ section of 4chan. With the name...
View ArticleClik here to view.
Typical Malware On A Typical Day
Hello again fellow readers and security enthusiasts. The last post was filler and I’m sorry for that. Today we’re going to go over some typical malware, start to finish. Exploit to C&C...
View ArticleClik here to view.
Writing your own windows debugger in C
Hello all! I’m cracking away on various projects and trying to keep focus. As I was going through my old notes, I came across a talk I wanted to give but could not due to my car accident and the...
View ArticleClik here to view.
0day Wednesday – Newish Malware That Came Across My Desk
Some may say this is crazy, I call it Wednesday. This came across my desk yesterday and I worked it out today. It came as the payload following a java exploit from an old 2012 CVE (SecurityManager one...
View ArticleOther AntiDebug tricks
I came across this one individual’s page whom is an avid reverse engineer with some great material. Check out his pdf cheat sheet on anti-debugging. There were a few in there I didn’t know about like...
View ArticleClik here to view.
Merry F’in Christmas to you too buddy!
So here I am at work on Christmas Eve (because I have no soul) and the malware is insulting me. See it? Fuck you too buddy! And in another one, to be an asshole, they embedded their program in another...
View ArticleClik here to view.
Remote Backdoor Malware Writeup
Seasons greetings from your fellow hacker cracker, AverageJoe. Tonight I’d like to go over some malware I spent the better part of November going through off and on. Its a part of the payload delivered...
View ArticleClik here to view.
Python and Immunity Debugger
Howdy all! Been a great few weeks. Lots of ideas flowing and lots more malware to work on. I got it down to a science now. What I’ve been digging into lately is taking advantage of the Python shell...
View ArticleClik here to view.
Friday Quicky
Salutations! Just wanted to share a couple things. First off, I encountered some clever malware. By checking to see if an audio device is enabled (by adjusting the volume), the malware knows not to run...
View Article