Tab Content
No Recent Activity
About "vinnu"

Basic Information

Statistics


Total Posts
Total Posts
271
Posts Per Day
0.08
General Information
Last Activity
08-31-2019 12:14 AM
Join Date
07-14-2010
Referrals
3

19 Friends

  1. Snypter Snypter is offline

    Garage Newcomer

    Snypter
  2. spidey spidey is offline

    Garage member

    spidey
  3. the dark hat the dark hat is offline

    Garage Newcomer

    the dark hat
  4. Vrajesh Vrajesh is offline

    Garage Newcomer

    Vrajesh
  5. webdevil webdevil is offline

    Security Researcher

    webdevil
  6. [s] [s] is offline

    Administrator

    [s]
Showing Friends 11 to 16 of 19
Page 2 of 2 FirstFirst 12
View "vinnu"'s Blog

Recent Entries

Hesperbot DGA : Everything is Dynamically generated using GA

by "vinnu" on 11-10-2014 at 12:01 PM
Hesperbot DGA : Everything is Dynamically generated using GA
Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
mutexes etc.

But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates

Read More

Categories
Uncategorized

Malware Emulation - An Introduction

by "vinnu" on 06-14-2014 at 04:05 PM
Namaste

This post discuses the things from the point where reversing of any malware ends.
The analysis of a malware is not enough to satisfy any researcher. There is no point
in analysing a malware and then writing a report on it and forgetting it for eternal times.
Neither just analysing a malware will help stop botnet herders from performing crimes nor it will
help a large population of non technical targets/victims.

If analysing a malware

Read More

Categories
Uncategorized

Windows 8 DEP bypass

by "vinnu" on 11-18-2011 at 09:11 AM
[ Taken from Forum posts and edited ]

Namaste

This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, a vulnerability, and a debugger, and though notepad + calc also.

So we have Windows 8 : Developer's Preview Edition
Firefox : 3.6.16
Java (JRE) : 6u29

So what is the difference in windows7 and windows8 exploitation.
To achieve code execution in win7

Read More

Categories
Uncategorized

ASLR DEP bypassing techniques

by "vinnu" on 09-21-2011 at 11:22 AM
In defeating DEP you atleast need some information that will evade the ASLR.
There are mainly two ways:

1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.

2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.

Read More

Categories
Uncategorized