This article discusses obfuscating compilers, their operational principle, and the LLVM architecture. You will learn how to write your own code obfuscation passes. Using practical examples, I will explain how to create a string obfuscator, build LLVM from the source code, and integrate…
CONTINUE READING 🡒 Category: Coding
Automating IDA Pro. Polishing debugger with coarse file
Debugger management plugins make it possible to delegate routine debugging and vulnerability identification tasks to the machine. Using practical examples, I am going to demonstrate how to bypass anti-debugging, identify paths to vulnerable functions, and highlight important code sections. You will write a plugin in C++,…
CONTINUE READING 🡒 
Arduino-based programmer. How to reflash a router using improvised resources
From this article, you will learn how to: (1) create a programming device for 25-series SPI flash memory on the basis of an Arduino UNO clone, (2) calculate parameters of a resistor divider required to translate voltage levels, (3) connect a three-volt memory…
CONTINUE READING 🡒 
Down the rabbit hole. Storming Yandex Station debug console
This article describes my experience in reverse engineering of firmware used in Yandex Stations. I reversed the U-Boot debug console of the smart station processor and created a utility that extracts it from the decrypted bootloader. The method is applicable to all similar devices and, potentially, to other gadgets…
CONTINUE READING 🡒 
Listen to your heart. Writing an account hijacking utility
Today, you will write a program that intercepts user credentials, transmits them to a remote host in real time, makes it possible to start multiple RDP sessions, and breaks competing connections. In fact, all you have to do is modify the Mimikatz code.
CONTINUE READING 🡒 
Automating x64dbg. How to transform a debugger into a hacker…
Why automate x64dbg? Because an automated debugger enables you to create custom tools for standard debugging tasks: unpack files, search for signatures, intercept or substitute function outputs on the fly, and even perform fuzzing in RAM! Let’s see how this can be done.
CONTINUE READING 🡒 
InstallShield from the inside. Examining installer’s virtual machine in x64dbg
This article discusses the InstallShield virtual machine and its operation in dynamics. To dissect InstallShield, I’m going to use my favorite debugger x64dbg; the installer embedded into a technical application will be used as an example.
CONTINUE READING 🡒 
Computer Vision Explained: Core Algorithms Every Data Scientist Should Know
Computer vision is the field that tackles problems involving the analysis of images and video. At their core, these tasks all boil down to answering the question: what’s in the picture? Despite its apparent simplicity, that question…
CONTINUE READING 🡒 
Spy among penguins. Writing a custom Linux rootkit
Linux rootkits have been known for quite some time; they feature highly sophisticated architecture, can effectively intercept system calls, and disguise their presence in the system. Today you will learn how to write your own Linux rootkits and get an understanding of key…
CONTINUE READING 🡒 
Dangerous skin: Exploiting a glitch in GTA Vice City
Today I will demonstrate the full exploit development cycle: from creating a fuzzer to shellcode start. The target that will be exploited is a parser of BMP files embedded in GTA Vice City: the game takes these files as user skins. A correctly crafted file should cause…
CONTINUE READING 🡒 
Vicious exploitation. Searching for buffer overflow vulnerabilities with Angr
Angr, a powerful symbolic emulator, makes it possible to seize control over execution of someone else’s code; all you have to do is specify the search direction. Today you will learn how to find similar holes in applications using Angr; in addition, you will write an inline…
CONTINUE READING 🡒 
Modologic. Decompiling proprietary Assembler into C++ code
This article describes the creation of a Hex-Rays-like decompiler for an exotic programming language used in the game “Pathologic”. You will learn how cross-compilation works and master the basics of the compilation theory so that you can write such a decompiler yourself.
CONTINUE READING 🡒 
Modologic. Dissecting the Pathologic virtual machine
Many years ago, I was eager to understand how the game “Pathologic” actually works. But at that time, the format of its scripts was beyond my capacity. Today, I will show you how to crack the game engine to find out how its scripts operate.…
CONTINUE READING 🡒 
Harness the woolly beast! Identifying critical data in code with…
This article discusses three topics: (1) why should AppSec engineers closely monitor sensitive data contained in their products; (2) how to extract the structure of transmitted data from the service code; and (3) how to assess severity for particular fields in found objects in accordance with…
CONTINUE READING 🡒 
Assembly Programming for Beginners
We've been developing this idea for a long time, probably for several years. On one hand, assembler programming is fascinating. On the other hand, there are plenty of up-to-date resources on assembly language, including publications from this…
CONTINUE READING 🡒 
Shattered gem. Architecture of Ruby applications and their reverse-engineering
This article discusses the Ruby programming language and reverse-engineering of applications written in it. You will get familiar with useful research tools, learn distinctive features of such programs, and discover a simple way to debug them.
CONTINUE READING 🡒 
Anger management. Welcome to Angr, a symbolic emulation framework
Angr is an unbelievably powerful emulator. This crossplatform tool supports all most popular architectures; using it, you can search for vulnerabilities both in PE32 on Linux and in router firmware on Windows. Let’s examine this binary analysis framework in more detail using Linux…
CONTINUE READING 🡒 
Puzzle solving. Writing custom JavaScript deobfuscator
Today, I am going to demonstrate that JavaScript obfuscation can be removed even in situations when sophisticated deobfuscators are useless. You will learn an effective research technique that can be applied to obfuscated code and write your own deobfuscator.
CONTINUE READING 🡒 
Multistep SQL injection attacks: Operating principle and impact
SQL injections (SQLi) are among the most popular vulnerabilities in the pentesting community. Too bad, such attacks are increasingly rare nowadays since modern security tools easily detect them. By contrast, an injection triggered when data transfer occurs between services is much…
CONTINUE READING 🡒 
Python via Telegram! Writing five simple Telegram bots in Python
In this article, we are implementing a simple but extremely useful project in Python — a bot for Telegram. Bots are small scripts that can interact with the API to receive messages from the user and send information to different chats and channels.
CONTINUE READING 🡒