Mark Russinovich, Pushing the Limits of Windows: Physical Memory
Mark Russinovich, Pushing the Limits of Windows: Virtual Memory
Mark Russinovich, Pushing the Limits of Windows: Paged and Nonpaged Pool
Mark Russinovich, Pushing the Limits of Windows: Processes and Threads
Mark Russinovich, Pushing the Limits of Windows: Handles
2009-09-30
2009-06-08
2009-03-18
Interposing System Calls
Yannis Smaragdakis, Layered Development with (Unix) Dynamic Libraries
Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
Robert N. M. Watson, Exploiting Concurrency Vulnerabilities in System Call Wrappers
Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
Robert N. M. Watson, Exploiting Concurrency Vulnerabilities in System Call Wrappers
2008-11-16
Native API in Windows
Sven B. Schreiber, Interfacing the the Native API in Windows 2000 - with sample application using the undocumented NtQuerySystemInformation() function
Bypassing SFC/WFP (System File Checker/Windows File Protection)
Jeremy Collake - Hacking Windows File Protection - exposed methods: ntdll.NtDuplicateHandle() on corresponding winlogon handles, SfcTerminateWatcherThread(), SfcFileException() and sfc.dll/sfc_os.dll patching
Labels:
programming,
reverse engineering,
undocumented,
windows
2008-10-31
Exploiting Windows
Matt Miller, Ken Johnson, Bypassing Windows Hardware-enforced Data Execution Prevention (PDF)
bugcheck, Matt Miller, Kernel-mode Payloads on Windows (PDF)
Ken Johnson, Matt Miller, Exploiting the Otherwise Non-exploitable on Windows (PDF)
Ken Johnson, Getting out of Jail: Escaping Internet Explorer Protected Mode (PDF)
mxatone, Analyzing local privilege escalations in win32k (PDF)
bugcheck, Matt Miller, Kernel-mode Payloads on Windows (PDF)
Ken Johnson, Matt Miller, Exploiting the Otherwise Non-exploitable on Windows (PDF)
Ken Johnson, Getting out of Jail: Escaping Internet Explorer Protected Mode (PDF)
mxatone, Analyzing local privilege escalations in win32k (PDF)
2008-10-07
Regular expressions
Nikolai Weibull, Theoretical Foundation of Regular Expressions and Text Editors (PDF, thesis) - symbols, languages,
grammars, regular expressions, finite automata, character sets (Unicode),
pattern matching, and the inner and outer workings of a text editor
Brian W. Kernighan, Rob Pike, Regular Expressions: Languages, Algorithms, and Software - backtracking implementation
Russ Cox, Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, ...) - NFA, DFA, backtracking and performance...
grammars, regular expressions, finite automata, character sets (Unicode),
pattern matching, and the inner and outer workings of a text editor
Brian W. Kernighan, Rob Pike, Regular Expressions: Languages, Algorithms, and Software - backtracking implementation
Russ Cox, Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, ...) - NFA, DFA, backtracking and performance...
2008-10-04
Analysing Malicious Code
Lars Haukli, Analysing Malicious Code: Dynamic Techniques (PDF, long) - API hooking, Networking and Virtualization, Memory Scanning and API Monitoring, Packers, Structural Analysis, Automating analysis
2008-10-03
Gynvael Coldwind's papers
Michał Składnikiewicz, Fibers in a thread
Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?
Michał Składnikiewicz, DLL spoofing (PL)
Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)
Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?
Michał Składnikiewicz, DLL spoofing (PL)
Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)
Labels:
people,
polish,
programming,
reverse engineering,
windows
Subscribe to:
Posts (Atom)