FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware

The FireEye Labs Advanced Reverse Engineering FLARE Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the...

Oreans Themida 2.1.8.0 - TMD File Handling Buffer Overflow Vulnerability

No description provided by source. / Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability Vendor: Oreans Technologies Product web page: http://www.oreans.com Affected version: 2.1.8.0 32/64bit Summary: Advanced Windows software protection system, developed for software develope...

MS15-061 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)

No description provided by source. include include / Exploiting MS15-061 with reverse engineering Win32k.sys by steps : 1: hook PEB callback Function 2: trigger vulnerability make proper Window to lead vulnerable function 3: replace fake object with NtUserDefSetText in Desktop heap inside PEB...

Student Decrypts Simplocker Android Ransomware that Encrypts Files

In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker Android/Simplocker.A is the latest Android ransomware that has...

DarunGrim - A Patch Analysis and Binary Diffing Tool

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality. Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details o...

Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated...

[Windbgshark] Windbg extension for VM traffic manipulation and analysis

This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands. The motivation of this work came from the intention to find a handy...

[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

[CrowdRE] Reverse Engineering Tool

A new project called CrowdRE aims to make it easy for the reverse engineering of complex applications working in collaboration with other users. Normally, the process reversing software from a complicated binary can consume much time, CrowdRE will help accelerate this process through teamwork...

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python...

D-Link Backdoor Czechr

!/usr/bin/php | Everyone is permitted to copy and distribute verbatim copies of this license | document, but changing it is not allowed. | | http://www.gnu.org/licenses/gpl.html .-------------------------------------------------------------------------------. / errorreporting1; settimelimit0; //...

[Binwalk v1.2.2] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

Ghost catcher of the eye(ZoomEye)on the D-Link back door of the statistical analysis report-vulnerability warning-the black bar safety net

Background Security researcher reverse engineering to discover the embedded equipment manufacturers Taiwan, Information Technology D-Link router models Use the firmware system in the presence of the back door. The D-Link firmware by its U.S. subsidiary Alpha Networks development. Hackers only nee...

DefCamp 2013 - International Hacking and Information Security Conference in Romania

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...

DefCamp 2013 - International Hacking and Information Security Conference in Romania

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013 is now open for Call for Papers. Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the...

Researchers Reverse Engineer Dropbox

Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...

Try something new – Beat the BlueHat Challenge!

August 2014 Update: The BlueHat Challenge is on hold. We will make an announcement on this blog when we re-start the BlueHat Challenge. Thanks for your interest! --- We were inspired by the Matasano Crypto Challenges. So we built a similar series of fun challenges to exercise reverse engineering,...

Software Obfuscation Mechanism Hampers Reverse Engineering

Researchers at UCLA said they’ve developed a game-changing obfuscation mechanism that will put a dent in hackers’ efforts to reverse engineer patches and understand how an underlying piece of software works. “You write your software in a nice, reasonable, human-understandable way and then feed th...

Autocad DWG-AC1021 Heap Corruption

AutoCAD is a software for computer-aided design CAD and technical drawing in 2D/3D, being one of the world leading CAD design tools. It is developed and sold by Autodesk, Inc. Title: AutoCAD DWG-AC1021 Heap Corruption CVE Name: CVE-2013-3665 Permalink:...

njRAT Attacks Spike Against Middle East High-Value Targets

Government agencies, telecom and energy organizations in the Middle East are being targeted by espionage malware known as njRAT. The remote access Trojan is thorough in its data-stealing capabilities. Beyond dropping a keylogger, variants are capable of accessing a computer’s camera, stealing...