•January 3, 2010 •
Leave a Comment
Today, i want to share with you a very useful tip that ive been using for a while, and i particulary like. Gera posted a variation of it in the IDA official forum some time ago but i think that would be useful to share it also here.
Usually, in IDA, we find ourselves needing a way to define a shortcut for that useful IDAPython script to bypass the tedious “alt+9 + [select the wanted IDAPython script] + enter” procedure.
Continue reading ‘[TIP] How to define a keyboard shortcut for an IDAPython script’
Posted in Main()
Tags: Dissasembly, exploit, IDA, IDAPython, Python, RE, Reversing
•January 1, 2010 •
3 Comments
It is very common, when involved on the reversing of a big function in IDA, to need to look for some specific instruction, basic block, or even some particular string within the function.
I know we can use Marks (CTRL+M) for this task but, to use that feature, we’d need to be previously there to set a mark (ALT+M).
Sometimes, we want to jump to some piece of code where we’ve never been before. We can not use the “Text Search” command for this task because it will search for the pattern through the whole binary. Well, we can in fact, but its not going to be so optimal.
Continue reading ‘FindInfunc.py (Little script to search for a pattern within a function)’
Posted in Main()
Tags: Cheat, Code Search, CS, IDA, IDAPython, Tip, Tool
•December 25, 2009 •
Leave a Comment
Peludo
Oh yeah!. Have you heard about Peludo from the Netifera guys?
You should. From the netifera’s page:
“Peludo is a system to create and run platform independent, self-contained and injectable applications written in the C programming language. It provides a cross compiling environment with the tools to generate applications in Peludo’s new binary format (PLD). The system also provides the runtime necessary to launch these programs as independent executable files or as position independent code that can be injected into a runnning process. Peludo makes the netifera probe’s Java virtual machine injectable and easier to port to new platforms.”
Continue reading ‘Peludo “Cachicamo” Beta 1.0 is finally out!’
Posted in Main()
Tags: 0day, exploits, Netifera, Peludo, security
•September 15, 2009 •
Leave a Comment
Ekoparty Security Conference
Well… everybody knows Ekoparty. One of the most important Security Conferences at south america. And a very important event in the local scene.
Of course, Alfred and I will be talking there. This’ll be a great opportunity for us to show all the PoC that we left out (coz of the Turbo Talk) in the past Black Hat – Las Vegas.
So, i hope you be there.
If you wanna share a beer (or two) and chat a bit. Please drop me a msg.
Posted in Uncategorized
Tags: Absolute, anti theft, BIOS, Computrace, Ekoparty, malware, Rootkit
•September 11, 2009 •
3 Comments
BlackHat 2009 - Vegas
Has been a long time since my last post here… Alfred and I were working very hard for our last research/talk (the continuation of ‘Persistant BIOS Infection’) “Deactivate the rootkit” where we found that Computrace (an Anti-Theft Technology system) comes by default on most of the laptops BIOSes and it can be controlled by an attacker compromising the whole system’s security mechanisms.
Im not going to explain all the research here… a lot has been said about this. We just did a turbo-talk at black hat ( a very long one, im really happy about that) and we didnt have the time to show all the proofs we gathered but we did it through Core. Here is all the stuff. Draw Your Own Conclusions
Slides: Black Hat – Las Vegas 2009
White Paper : Black Hat – Las Vegas 2009
Continue reading ‘Deactivate the rootkit – Black Hat Vegas 2009′
Posted in Main()
Tags: Absolute, BIOS, Computrace, Lo-Jack, LoJack, Ortega, Rootkit, Sacco
•June 26, 2009 •
Leave a Comment
SyScan
Alfred and I we’ll be giving our talk “Persistent BIOS Infection” at SyScan ‘09, Singapore. This time with some added content and of course, with our multiple cOOl demos, including the one with the dismembered real box (i hope not to have problems when traveling with the hardware).
If someone wants to meet and go out for a beer or something i’ll be glad. Just drop me some line here or at als.alsx@gmail.com
c ya there!
Posted in Main()
Tags: BIOS, bios rootkit, persistent bios infeccion, singapore, syscan
•June 3, 2009 •
Leave a Comment
Poor little CUPS… I feel bad for him.
I swear, i wasn’t looking for bugs in it (not for *new* bugs at least 
). It just crashed in my face…
At the beginning i didn’t give so much importance to it but CUPS is shipped as the default printing service for OS X and almost all Linux distributions. Besides, it’s a pre-auth vulnerability so… i think it was worth to release an advisory for it – with the appropiated PoC and technical info, as usual -
So, here you have it. have phun. :p
Continue reading ‘Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability’
Posted in Advisories
Tags: Apple CUPS, Core Security, exploit, PoC, pre authentication, Vulnerability
•April 22, 2009 •
Leave a Comment
HotFuzz
Mario Vilas, a very good friend of mine (and coworker) has released a very cool python module that allows developers to quickly code instrumentation scripts in Python under a Windows environment.
I’ve been folowing this project very close, testing some pre-releases, and i must say that i cant wait to fuzz some stuff with this final version.
Continue reading ‘Python winappdbg 1.0 is Out!’
Posted in Main()
Tags: ctypes, debugger, fuzzing, win32, winappdbg
•March 23, 2009 •
7 Comments
