-
n1p replied to the topic Have I been hacked by the chinese? in the forum Forensics 9 years, 8 months ago
Hi,
That just looks like an ini file for the usual fake AVs doing the rounds, as you said. It may be that your AV caught it and failed to remove the ini files if you did not get any notifications saying you are infected..
Was the file called local.ini? Here is a threatexpert report for…[Read more]
-
n1p replied to the topic Hallelujah! I passed GPEN with 87% 🙂 in the forum GPEN – GIAC Certified Penetration Tester 9 years, 9 months ago
Maxe,
Congrats. I am giving some serious thought to taking it. I presume you self-studied? Can you provide info on referenced material/books?
n1p
-
n1p replied to the topic Got busted… in the forum Career Central 9 years, 11 months ago
Not very ethical eh?
-
n1p replied to the topic HACK CODE TO BE EXPLANED in the forum Malware 10 years, 1 month ago
Haha, it happens 😛
Update: After more research, it turns out that it is the Blackhole Exploit Kit.
http://malwareint.blogspot.com/2010/09/black-hole-exploits-kit-another.html
-
n1p replied to the topic HACK CODE TO BE EXPLANED in the forum Malware 10 years, 1 month ago
First one provided.. extracted the added code in main index.php and reformatted it..
-
n1p replied to the topic HACK CODE TO BE EXPLANED in the forum Malware 10 years, 1 month ago
Initial inspection – the initial arguments are set to globals for each function which are extrememly obfuscated:
[Read more]
$x1e="x63u162x6cx5fx69156ix74";Â Â Â Â Â Â //curl_init
$x1f="143165rl137setx6fpx74";Â Â Â Â Â Â Â Â //curl_setopt
$x20="x63165r154_x65xex63";         //defined      Â
$x23="x66143154x6f163e";Â … -
n1p replied to the topic Stuxnet – very interesting read / insight in the forum Cyber Warfare 10 years, 3 months ago
@sil wrote:
I was on a team of 26 professionals from Academia, Government, Private Industry etc., who performed an analysis on Stuxnet (http://www.alienvault.com/docs/CSFI_Stuxnet_Report_V1.pdf also see http://www.isssource.com/stuxnet-mitigation-defense-in-depth-needed/ for suggestions)
Where is the in-depth analysis in these reports or is it provided?
-
n1p replied to the topic Frustrated with Shellcode in the forum Programming 10 years, 8 months ago
No problem, do let us know how it turns out 😛
-
n1p replied to the topic Frustrated with Shellcode in the forum Programming 10 years, 8 months ago
Better late than neveer 😉 I normally use the alpha upper encoder which should remove bad characters. I remember having problems with the gai-nai encoder and removing bad characters whilst exploiting a program previously.
msfencode -e x86/alpha_upper -t c
Paste that into your exploit code and see. Also happy to look at your code if…[Read more]
-
n1p replied to the topic [Article]-April 2010 Free Giveaway Winners – CBT Nuggets in the forum News Items and General Discussion About EH-Net 10 years, 8 months ago
Hey,
Congrats and well deserved!
-
n1p replied to the topic VMware or VirtualBox? in the forum Hardware 10 years, 9 months ago
I use VirtualBox and find it much faster than VMware server or player and suits what I need. Preference really I suppose..
-
n1p replied to the topic Problem with a shellcode… in the forum Programming 10 years, 9 months ago
I would certainly echo sils comments about windbg. It is extremely powerful and I would recommend developing the exploit using it to get some experience with it.
Congrats by the way 🙂
Equix3n, take a look at hacking: art of exploitation and dino zovi videos on vimeo, corelan.be,uninformed.org,grey-corner blog. They will provide further valuable links
-
n1p replied to the topic Problem with a shellcode… in the forum Programming 10 years, 9 months ago
What’s your fuzzer of choice?
-
n1p replied to the topic Problem with a shellcode… in the forum Programming 10 years, 9 months ago
It is not meant to fit in EIP… That is your encoded shellcode, if you are looking for a valid return address i.e. start of your shellcode, it should not contain what can be considered bad characters – x0dx00x0a.
Ensure EIP points to a NOP sled to your shellcode or directly into your shellcode. If you have correctly aligned your offsets, attempt…[Read more]
-
n1p replied to the topic [Article]-Tutorial: SEH Based Exploits and the Development Process in the forum /root 10 years, 9 months ago
Sil,
You certainly make some good points! Windbg is awesome and is covered greatly over at corelan, however to some people it can be entirely overwhelming when they start out learning about RE. It has quite a steep learning curve when compared with olly/immunity. Not to mention the interface!
You are right about the lack of docs on using it, so…[Read more]
-
n1p replied to the topic [Article]-Tutorial: SEH Based Exploits and the Development Process in the forum /root 10 years, 10 months ago
Thanks! That is no problem. I might try make it a monthly thing, so if you have any suggestions let me know.
-
n1p replied to the topic [Article]-Tutorial: SEH Based Exploits and the Development Process in the forum /root 10 years, 10 months ago
Cheers for that. Any questions just shout!
-
n1p replied to the topic [Article]-May 2010 Free Giveaway Sponsor – eLearnSecurity in the forum News Items and General Discussion About EH-Net 10 years, 10 months ago
Awesome. Keep them coming 🙂
-
n1p replied to the topic Introduction to malware analysis in the forum Tutorials 10 years, 10 months ago
Nice links. His original VM lab and analysis paper started me on my way to malware reversing.
-
n1p replied to the topic [Article]-March 2010 Free Giveaway Winners – Offensive Security in the forum News Items and General Discussion About EH-Net 10 years, 10 months ago
Congratz guys, well deserved!
- Load More