Analyzing a malicious Excel file with oledump.py

Some time ago, I came across a video of Didier Stevens in my Twitter TL. In that video, he was using a tool called oledump.py to analyze MS Office files. Since I watched the video, I have been looking forward to using it with a…

Microcorruption challenge II

Here we go with the second round of Microcorruption writeups. Reykjavik (35 points). Lockitall LOCKIT PRO r a.03 ______________________________________________________________________ User Manual: Lockitall LockIT Pro, rev a.03 ______________________________________________________________________ OVERVIEW – Lockitall developers have implemented military-grade on-device encryption to keep the password secure. – This lock is…

Microcorruption challenge I

Some days ago, I found a link to Matasano’s Microcorruption Challenge. This is a set of challenges focused mainly on Reversing and Exploiting of embedded devices. Something I found really cool about this challenge was that, even if it’s a RE challenge, you don’t need…

SetStatusFlags(temp);

While writing the previous post, I came up with a curious obstacle I would like to share. I had to analyze the instruction scasb and, since I didn’t know exactly how it worked, I ended up checking the Intel manual, where I read the following:…

analPE.py – A script to spot anomalies in PE files

After writing the previous post, I started developing a quick script to spot anomalies inside a PE file. In addition to the things I already wrote about, I added a couple of extra anomalies to the script: Entry point falling out of the .text section….

Quick reference guide to PE Files in IH

This post is just a bunch of quick notes for PE analysis while handling an incident. It may be modified in the future if I find something else I consider interesting to include. I have added some reference links where you can find more in-depth…

Installing pynids in Ubuntu 12.10 x64

When installing pynids in Ubuntu via apt-get, there is a bug that doesn’t let it work properly. After some time fighting against it, I managed to succeed. So I’ll leave you here the workaround I’ve found. First, let’s see what happens when instaling it from…

Hello world

Yet another IT security blog with random periodicity. It may also contain posts related to some other topics, but always within the scope of my projects and research (e.g. a workaround in order to have a library working in a given system). I’ll use this…