374 matches found
2016 Flare-On Challenge Solutions
I would like to thank the challenge authors this year: 1. Alexander Rich 2. Matt Williams @0xmwilliams 3. Dominik Weber 4. James T. Bennett @jtbennettjr 5. Tyler Dean 6. Josh Homan 7. Alex Berry 8. Nick Harbour @nickharbour 9. Jon Erickson @2130706433 10. FireEye Labs Advanced Vulnerability...
Announcing the Third Annual Flare-On Challenge
Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...
Analyzing the Malware Analysts – Inside FireEye’s FLARE Team
At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...
Analyzing the Malware Analysts – Inside FireEye’s FLARE Team
At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...
IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems
In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...
FLARE Script Series: flare-dbg Plug-ins
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my first post on using flare-dbg to automate string decoding, be sure to check it out! We created the flare-dbg Pytho...
FLARE IDA Pro Script Series: Automating Function Argument Extraction
...
FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware
The FireEye Labs Advanced Reverse Engineering FLARE Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the...
Flare <= 0.6 - Local Heap Overflow DoS
No description provided by source. Exploit Title: Flare = 0.6 local heap overflow DoS Date: 3/7/2010 Author: l3D Software Link: http://www.nowrap.de/download/flare06doswin.zip Version: 0.6 Tested on: Windows 7, Windows XP SP2 and some linux distributions Code: !/usr/bin/env python IRC:...
Flare 0.6 Heap Overflow Denial Of Service
!/usr/bin/env python IRC: irc.nix.co.il Site: xraysecurity.blogspot.com ---- Coming soon! Registers: EAX 003E0000 ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." EDX 41414141 EBX 00004141 ESP 0022FB0C EBP 0022FBDC ESI 003E1080 EDI 41414141 EIP 77195B44 ntdll.77195B44 import os...
Flare <= 0.6 Local Heap Overflow DoS
Exploit for multiple platform in category dos / poc ==================================== Flare Site: xraysecurity.blogspot.com ---- Coming soon! Registers: EAX 003E0000 ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." EDX 41414141 EBX 00004141 ESP 0022FB0C EBP 0022FBDC ESI...
Flare 0.6 - Local Heap Overflow Denial of Service
Flare 0.6 - Local Heap Overflow Denial of Service Exploit Title: Flare Site: xraysecurity.blogspot.com ---- Coming soon! Registers: EAX 003E0000 ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." EDX 41414141 EBX 00004141 ESP 0022FB0C EBP 0022FBDC ESI 003E1080 EDI 41414141 EIP...
Flare 0.6 - Local Heap Overflow Denial of Service
Exploit Title: Flare Site: xraysecurity.blogspot.com ---- Coming soon! Registers: EAX 003E0000 ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." EDX 41414141 EBX 00004141 ESP 0022FB0C EBP 0022FBDC ESI 003E1080 EDI 41414141 EIP 77195B44 ntdll.77195B44 import os, sys if lensys.arg...
Unfixed XSS vulnerability at www.ncl.ac.uk
Security researcher SolarFlare, has submitted on 21/02/2008 a cross-site-scripting XSS vulnerability affecting www.ncl.ac.uk, which at the time of submission ranked 12760 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2008. It is current...