HackDig : Dig high-quality web security articles for hackers

Static Code Analysis and You

I have been involved in several efforts to integrate static code analysis into software projects—none have been terribly successful. Most have resulted in hours of time spent identifying and removing false positives. So, when I read Travis Smith’s recent post about Fallible static code analysis, I was immediately struck with the need to add my two bits
Publish At:2017-02-02 01:45 | Read:3302 | Comments:0 | Tags:Security Awareness analysis code SDLC

Linux Paranoia

If you’re the paranoid type, you don’t deny people are watching – you know they are. You encrypt your drives, use SSL-VPN, tor, proxies, and run tails. If not, then you at least care about privacy or have something to hide. This post is for you people. In the following example, it’s a bit extreme, but it works well. What I want to go
Publish At:2017-01-23 07:15 | Read:3973 | Comments:0 | Tags:code Joe you evil bastard linux

Intel PIN, Cheatz, Hax, And Detection Part 1

Herro! It’s been a while, but I’m still kicking. I got some new stuff to talk about. Specifically the binary instrumentation utility ‘PIN’ from Intel. We’re going to go over taking full advantage of this tool to cheat at games, unpack malwarez, and how to detect if your app is being run via PIN. Part 1 of this series will be o
Publish At:2016-12-15 11:50 | Read:4807 | Comments:0 | Tags:code reversing PIN

Meet Sp@mLooper, the Bot that Will Spam Spammers Back for You

Everyone hates scams. That’s because everyone’s a target.As we all know, social media websites like Facebook, Twitter and LinkedIn are rife with fraudsters. Most of those scammers just want a few hundred dollars or access to their target’s account. But some want more. Some try to steal their victim’s identity, while others attempt to
Publish At:2016-09-30 10:10 | Read:4156 | Comments:0 | Tags:Cyber Security Featured Articles code scam security social m

Backdooring a DLL part 4

Here we are finally at the last part of my series on backdooring dll files. I wanted to cover again detours as a means of backdooring dll files and executables. A fellow 2600 member I spoke to asked me the other day about what it would take to modify an exe without changing it on disk. For that I say detours! That’s what I’m going to do this in e
Publish At:2016-09-10 20:00 | Read:6196 | Comments:0 | Tags:code Joe you evil bastard reversing backdooring a dll C#

Backdooring DLL’s Part 3

Whaddup fellow crackers. Long time, no see. In this article, we’re going to do something I rarely bother with – Linux! Yes, you can backdoor Linux binaries quite easily. One method I like to use is via the LD_PRELOAD environment variable. Within the header file “dlfcn.h”, there exists a function named ‘dlsym’ which is us
Publish At:2016-07-31 16:45 | Read:4219 | Comments:0 | Tags:code reversing backdooring a dll linux

SmarterMail Password Decryption Updates

Greetings and salutations! One of my faithful readers reminded me that one of my old programs I wrote no longer works. This is due to SmarterMail updating their source code and me not updating enough. So to fix this, I have come up with a half-ass solution. For those wondering how to decrypt SmarterMail hashes, here’s how: It’s DES encryption wi
Publish At:2016-05-24 21:50 | Read:8595 | Comments:0 | Tags:code cracking reversing cracking smartermail

CactusCon Reverse Engineering Spoilers

Challenge 1: –[—–>+—-.[—>+—-.+++[->+++++.++++++++.+++++.——–.-[—>+–.+[->++++.++++++++.–.+++++.——-.–.—-.–[—>+–.++++++. Answer: brainfuckingeasy Challenge 2 – “simple” xor crackme with a 55 character password. May make this a highe
Publish At:2016-05-24 21:50 | Read:5637 | Comments:0 | Tags:code cracking cactuscon

Detours, Trampolines, and Code Caves

Howdy fellow RE folk! Today I’d like to cover the basics of detours, trampolines, and code caves. Traditionally, if one wanted to expand functionality to a program, they have to look for whats called a ‘code cave’, which is just a contiguous piece of (executable) memory. You replace a piece of code (typically a function prologue) with a lo
Publish At:2016-03-13 08:20 | Read:6250 | Comments:0 | Tags:code detours

And now for something completely different

I know a lot of what I do on this web site is related to RE and assembly and malware and such. It works fine. Today will be different. Today we’re going to rip apart some open source software. The target today is Phoronix Test Suite. We’re going to find us some vulnerabilities, because I haven’t done that in a while. Also you need root to
Publish At:2016-02-13 17:05 | Read:4156 | Comments:0 | Tags:code source code

Joecrypter finally released

Finally, I’m done with this my crypter. I’ve written the entire thing in a mish mash of C#, C, and assembly. The crypter I made modifies exes, packs them, and adds AV / VM / Sandbox / debugging evasions inside of a wrapper. I’m employing a basic process hollowing technique for the payload that is only run after all evasions are satisfied.
Publish At:2015-12-22 05:10 | Read:5323 | Comments:0 | Tags:code Joe you evil bastard reversing

US regulators grant DMCA exemption legalizing vehicle software tinkering

Every three years, the Librarian of Congress issues new rules on Digital Millennium Copyright Act exemptions. Acting Librarian David Mao, in an order (PDF) released Tuesday, authorized the public to tinker with software in vehicles for "good faith security research" and for "lawful modification."The decision comes in the wake of the Volkswagen scandal, in wh
Publish At:2015-10-28 00:25 | Read:3418 | Comments:0 | Tags:Cars Technica Law & Disorder Risk Assessment code DMCA dmca

3 stage dot net Trojan

Howdy fellow readers. My time is split between video games, code, and work. I have a number of interesting samples I’ve seen that I’ve decided to share with you all. This is a 3+ stage malware. Each stage meaning its own executable (think inception, but with exes). This isn’t all that uncommon with malware. Typically the file you first down
Publish At:2015-09-25 19:25 | Read:5217 | Comments:0 | Tags:code reversing malware

backdooring your javascript using minifier bugs

In addition to unforgettable life experiences and personal growth, one thing I got out of DEF CON 23 was a copy of POC||GTFO 0x08 from Travis Goodspeed. The coolest article I’ve read so far in it is “Deniable Backdoors Using Compiler Bugs,” in which the authors abused a pre-existing bug in CLANG to create a backdoored version of sudo that a
Publish At:2015-08-24 09:20 | Read:6949 | Comments:0 | Tags:code hacktivism

Sandworm detection

Hello loyal readers! Sorry for the delay in posts, I’ve just been busy with life. Anywho, I got some code to share. A lil script I put together for scanning office documents for the Sandworm exploit. aka Microsoft Security Bulletin MS14-060. For those of you who don’t know / live under a rock, its a recent vulnerability in PowerPoint that can be
Publish At:2015-07-10 09:20 | Read:4001 | Comments:0 | Tags:code reversing


Tag Cloud