Clik here to view.
Updates! Updates! Updates!
Howdy all! It’s been a dog’s age. I’ve been busy with work and personal things. I enjoyed a brief 3 month relationship only to return to a life of loneliness. For now anyways. CactusCon went well. Had...
View ArticleClik here to view.
Unpacking the Local-App-Wizard packer
Howdy all! On this glorious Saturday night we’re going to go over how to unpack the ‘Local-App-Wizard’ packer. The way the packer works is by creating a suspended process of itself, hollowing it out /...
View ArticleClik here to view.
Syrian Malware 2 – Electric Boogaloo
Back for part 2 are we? Let’s get this show on the road. We’ve seen how awful the first piece of malware was in terms of how it was thrown together in all but 10 minutes, but you aint seen nothing yet....
View ArticleClik here to view.
Syser + VirtualBox = Win
Greetings and salutations fellow readers. Recently I’ve had to step into the awful world of kernel debugging. When malware drops a rootkit and conventional userland debugging falls short, you have to...
View ArticleClik here to view.
Damn You SourceForge
SourceForge has been around as long as I can remember. Bringing open source projects to the world for people to download and peer at source code and projects. With github taking over in popularity, the...
View ArticleClik here to view.
assembly, c-sharp, anti-sandbox, anti-antivirus, anti-debug, and malware...
Hello fellow readers! You all are probably wondering what the hell I’ve been up to this past month. Lot’s of stuff. This post is all over the place with code and slides and malware and general...
View ArticleClik here to view.
What the hell Uber? Uncool bro.
Howdy ho! This is one of those interim posts where I’m not posting something cool, but rather something that’s bothering me. You know, like a blog post? Anyways, I downloaded Uber the other day and...
View ArticleClik here to view.
SmarterMail Password Decryption Updates
Greetings and salutations! One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough....
View ArticleClik here to view.
Backdooring a DLL
Howdy! It’s been a dogs age, but I’m back at it. I had a crazy idea come to me. Backdoor a common DLL. From time to time I’ll download a dll off the net if its required for some other program to run....
View ArticleClik here to view.
Backdooring DLL’s Part 2
Today I have some good news. Backdooring a dll file is a lot easier than I first made it out to be. Especially if we skip the bullshit of the IAT and take advantage of shellcode. There are problems...
View ArticleClik here to view.
Backdooring DLL’s Part 3
Whaddup fellow crackers. Long time, no see. In this article, we’re going to do something I rarely bother with – Linux! Yes, you can backdoor Linux binaries quite easily. One method I like to use is via...
View ArticleClik here to view.
Backdooring a DLL part 4
Here we are finally at the last part of my series on backdooring dll files. I wanted to cover again detours as a means of backdooring dll files and executables. A fellow 2600 member I spoke to asked me...
View ArticleClik here to view.
Intel PIN, Cheatz, Hax, And Detection Part 1
Herro! It’s been a while, but I’m still kicking. I got some new stuff to talk about. Specifically the binary instrumentation utility ‘PIN’ from Intel. We’re going to go over taking full advantage of...
View ArticleClik here to view.
Intel PIN, Cheatz, Hax, And Detection Part 2
Hi! Today I’m going to go over more on intel’s PIN, more on cheats, and less on detection since I already covered that. I feel like I’ve spent way too much time on this and it’s a huge turn off against...
View ArticleClik here to view.
More VM Detection!
Hiyo! Defcon was awesome this year. It always gives me inspiration for things to blog about. That said, I want to go over something simple today – more VM detection. I’ll be hitting vmware because I...
View ArticleClik here to view.
Backdooring Plugins
I had this thought speaking with fellow hacker friendos at 2600. Alternative ways to persist. Why not backdoor some popular programs? Sure why not? Today let’s scope in on backdooring some plugins for...
View ArticleClik here to view.
Yet Another Botnet Writeup
Whaddup RE people? I have a treat especial just for you. I didn’t find 1 botnet host, I found 3. The first item on the menu is Linux based. This one with working clients across many platforms including...
View Article