Some time ago, I came across a video of Didier Stevens in my Twitter TL. In that video, he was using a tool called oledump.py to analyze MS Office files. Since I watched the video, I have been looking forward to using it with a…
Here we go with the second round of Microcorruption writeups. Reykjavik (35 points). Lockitall LOCKIT PRO r a.03 ______________________________________________________________________ User Manual: Lockitall LockIT Pro, rev a.03 ______________________________________________________________________ OVERVIEW – Lockitall developers have implemented military-grade on-device encryption to keep the password secure. – This lock is…
Some days ago, I found a link to Matasano’s Microcorruption Challenge. This is a set of challenges focused mainly on Reversing and Exploiting of embedded devices. Something I found really cool about this challenge was that, even if it’s a RE challenge, you don’t need…
The next round of exercises starts with the following: 1. Given what you learned about CALL and RET, explain how you would read the value of EIP? Why can’t you just do MOV EAX, EIP? I can’t do mov eax, eip because this register is…
While writing the previous post, I came up with a curious obstacle I would like to share. I had to analyze the instruction scasb and, since I didn’t know exactly how it worked, I ended up checking the Intel manual, where I read the following:…
I was playing with the flare-on challenge last month, and I realized I was bit too rusty with RE. So, since I have recently received my copy of the book Practical Reverse Engineering, I decided to write some posts with my solutions to the exercises….
After writing the previous post, I started developing a quick script to spot anomalies inside a PE file. In addition to the things I already wrote about, I added a couple of extra anomalies to the script: Entry point falling out of the .text section….
This post is just a bunch of quick notes for PE analysis while handling an incident. It may be modified in the future if I find something else I consider interesting to include. I have added some reference links where you can find more in-depth…
When installing pynids in Ubuntu via apt-get, there is a bug that doesn’t let it work properly. After some time fighting against it, I managed to succeed. So I’ll leave you here the workaround I’ve found. First, let’s see what happens when instaling it from…
Yet another IT security blog with random periodicity. It may also contain posts related to some other topics, but always within the scope of my projects and research (e.g. a workaround in order to have a library working in a given system). I’ll use this…