- Total Posts
- Posts Per Day
- Last Activity
- 01-18-2017 02:20 PM
- Join Date
Showing Friends 1 to 10 of 19
View "vinnu"'s Blog
on 11-10-2014 at 12:01 PM
Hesperbot DGA : Everything is Dynamically generated using GA
Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates
on 06-14-2014 at 05:05 PM
This post discuses the things from the point where reversing of any malware ends.
The analysis of a malware is not enough to satisfy any researcher. There is no point
in analysing a malware and then writing a report on it and forgetting it for eternal times.
Neither just analysing a malware will help stop botnet herders from performing crimes nor it will
help a large population of non technical targets/victims.
If analysing a malware
on 11-18-2011 at 09:11 AM
[ Taken from Forum posts and edited ]
This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, a vulnerability, and a debugger, and though notepad + calc also.
So we have Windows 8 : Developer's Preview Edition
Firefox : 3.6.16
Java (JRE) : 6u29
So what is the difference in windows7 and windows8 exploitation.
To achieve code execution in win7
on 09-21-2011 at 12:22 PM
In defeating DEP you atleast need some information that will evade the ASLR.
There are mainly two ways:
1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.
2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.