View RSS Feed


Entries with no category

  1. Hesperbot DGA : Everything is Dynamically generated using GA

    Hesperbot DGA : Everything is Dynamically generated using GA
    Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
    similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
    mutexes etc.

    But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates ...
  2. Malware Emulation - An Introduction


    This post discuses the things from the point where reversing of any malware ends.
    The analysis of a malware is not enough to satisfy any researcher. There is no point
    in analysing a malware and then writing a report on it and forgetting it for eternal times.
    Neither just analysing a malware will help stop botnet herders from performing crimes nor it will
    help a large population of non technical targets/victims.

    If analysing a malware ...
  3. Windows 8 DEP bypass

    [ Taken from Forum posts and edited ]


    This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, a vulnerability, and a debugger, and though notepad + calc also.

    So we have Windows 8 : Developer's Preview Edition
    Firefox : 3.6.16
    Java (JRE) : 6u29

    So what is the difference in windows7 and windows8 exploitation.
    To achieve code execution in win7 ...
  4. ASLR DEP bypassing techniques

    In defeating DEP you atleast need some information that will evade the ASLR.
    There are mainly two ways:

    1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.

    2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.