Syndicate

Syndicate content

Flattr


Flattr this
If you like this, you can use flattr. ;)

Imprint

About
eMail: wishinet at gmail . com
PGP ID: 0xCCCA5E74

Jabber: wishi@jabber.ccc.de

Quickpost: Inspiring Windows software profilers and checkers

Sun, 07/11/2010 - 20:22 |  wishi

There’s no Valgrind

One of the particular tools I like on MacOS and Linux to verify an application’s upright memory behavior is Valgrind. On Windows there’s some interesting Microsoft software worth gaining familiarity with. Practically only the Application Verifier is aiming into Valgrinds direction.

Application Verifier

Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, windows, Windows security

0x41 - back to bugs

Sun, 05/30/2010 - 15:54 |  wishi

COTS - there's a similar German word

The typical Windows scenario, Common Of The Shelf binary, leads to reverse engineering the target application to gain insight. Finding vulnerabilities can be a time-consuming task. Here're some motivating techniques to save tons of time.

Don't give up, just because...

The general methodology is quite self-explaining - similar for every audit process:

  1. behavior analysis:
    • how does the target look like,
    • which dialogues occur,
    • which files are required, what are the paths,
    • installer process,
    • uninstall process,
Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Exploits, Python, Reversing, Windows security

low footprint/hardware assisted virtualization with Linux and GrSec

Sun, 05/30/2010 - 02:21 |  wishi

In short

I used

  1. a 2.6.32.12 Linux Kernel (newly introduced: Kernel Samepage Merging can lower a virtualization solution's memory consumption)
  2. patched it with the Linux-VServer grsec patch
  3. applied the standard Ubuntu 10.4 Lucid Server configuration
  4. applied grsec "High" preference and customized it (details are in the Kernel config section)
  5. optimized it for KVM, VMware (software binary translation gets switched on by internal heuristics - chpax is still necessary if you want that feature and that is intended that way), and of course Vserver (just works). KVM Qemu works due KVM works.
Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Configuration, Linux, Security Tools, Setup

Postfix troubleshooting - a security nightmare

Sat, 05/29/2010 - 21:31 |  wishi

Why to hate typical Unix mailserver setups

I hate that stuff - and it's not that Postfix in particular sucks. But integrating with Postfix is absurd. Surely it works, and as long as it works nobody changes that stuff on how it's designed.


Ohne Titel.png

Even deploying an SSL/TLS setup is challenging. But no, you also need to install proper authentication. Locally, Postfix (for unknown reasons) is chrooted. People think that this is a security feature.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Configuration, Debian, Internet Protocols , Linux, Malware, Setup, wishi's weekly squib

New content soon

Wed, 05/26/2010 - 13:50 |  wishi

I had these weeks where I was unable to do something real... well... ;) Now I found some new inspiration, which I'll be able to share.

Have fun,

wishi

wishi's blog |  Add new comment |  1+[encrypted]+#b94+

0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge

Sat, 04/10/2010 - 21:36 |  wishi

The hardended heap

What a long headline...

The attack surfaces of modern NT 6 systems shifted. Nowadays there's no generic way to bypass heap protection mechanisms. There're many requirements to meet to exploit vulnerabilities with current approaches. In the following this is a about attacking heap data (application specific) and not heap metadata (generic).

The Heap and its Memory API

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, conference materials, Exploits, IT security science, Python, Windows security, wishi's weekly squib

0x41 - weekly exploitation matters - Shellcode and frameworks

Sun, 03/28/2010 - 13:50 |  wishi

A non Un-Shakespearian matter

There're mainly two things I wanted to write about regarding Shellcode. However my time is limited... and therefore I kept it short and simple this time.

The two things this mainly is about are:

  • dnscat
  • (lesser known) Shellcode tools

If your exploit is a rocket, it targets the vulnerable entry point, and the rocket's load is the Shellcode. Normally, when it comes to memory corruptions due exploitation attempts, the program flow alteration directs the EIP into this (pay)load. So instead of crashing your program continues doing what you wanted it to do.
At the point where the EIP doesn't get NOPs e. g. it expects carefully formated instructions (read: Shellcode).

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, DNS, Exploits, Python, shell-haqing, Windows security, wishi's weekly squib
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV, § 5 TMG, § 55 RfStV: Marius Ciepluch - Schauenburger Weg 5a - 23556 Lübeck
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail.

Save the nature. Don't print this!


I provide textual exports for every blog entry. However let's save the nature together. The nature is everything around us. Every being should be respected. Save the nature - don't print too much.


Die Umgehung dieser Ausdrucksperre ist nach § 95a UrhG verboten!
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV: Marius Ciepluch - Anschrift via eMail. Die eMail Adresse entnehmen sie dem Impresseum dieser englischsprachigen Seite.
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail. Dazu ist die postalische, beim Dienstleister hinterlegte, Anschrift zu verwenden.

Datenerfassung

Es werden keine personenbezogenen Daten erfasst. Logdaten werden anonymisiert.