30 Sep 2009

Mark Russinovich's posts

Mark Russinovich, Pushing the Limits of Windows: Physical Memory

Mark Russinovich, Pushing the Limits of Windows: Virtual Memory

Mark Russinovich, Pushing the Limits of Windows: Paged and Nonpaged Pool

Mark Russinovich, Pushing the Limits of Windows: Processes and Threads

Mark Russinovich, Pushing the Limits of Windows: Handles

8 Jun 2009

Altering execution of the program

Silvio Cesare, Shared library call redirection using ELF PLT infection (HTML)

Anonymous, Runtime Process Infection

Anonymous, Building ptrace injecting shellcodes

grugq, Cheating the ELF: Subversive Dynamic Linking to Libraries

19 Mar 2009

Interposing System Calls

Yannis Smaragdakis, Layered Development with (Unix) Dynamic Libraries

Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools

Robert N. M. Watson, Exploiting Concurrency Vulnerabilities in System Call Wrappers

17 Nov 2008

Native API in Windows

Sven B. Schreiber, Interfacing the the Native API in Windows 2000 - with sample application using the undocumented NtQuerySystemInformation() function
16 Nov 2008

Bypassing SFC/WFP (System File Checker/Windows File Protection)

Jeremy Collake - Hacking Windows File Protection - exposed methods: ntdll.NtDuplicateHandle() on corresponding winlogon handles, SfcTerminateWatcherThread(), SfcFileException() and sfc.dll/sfc_os.dll patching
31 Oct 2008

Exploiting Windows

Matt Miller, Ken Johnson, Bypassing Windows Hardware-enforced Data Execution Prevention (PDF)

bugcheck, Matt Miller, Kernel-mode Payloads on Windows (PDF)

Ken Johnson, Matt Miller, Exploiting the Otherwise Non-exploitable on Windows (PDF)

Ken Johnson, Getting out of Jail: Escaping Internet Explorer Protected Mode (PDF)

mxatone, Analyzing local privilege escalations in win32k (PDF)

7 Oct 2008

Regular expressions

Nikolai Weibull, Theoretical Foundation of Regular Expressions and Text Editors (PDF, thesis) - symbols, languages,
grammars, regular expressions, finite automata, character sets (Unicode),
pattern matching, and the inner and outer workings of a text editor

Brian W. Kernighan, Rob Pike, Regular Expressions: Languages, Algorithms, and Software - backtracking implementation

Russ Cox, Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, ...) - NFA, DFA, backtracking and performance...

4 Oct 2008

Analysing Malicious Code

Lars Haukli, Analysing Malicious Code: Dynamic Techniques (PDF, long) - API hooking, Networking and Virtualization, Memory Scanning and API Monitoring, Packers, Structural Analysis, Automating analysis
4 Oct 2008

Gynvael Coldwind's papers

Michał Składnikiewicz, Fibers in a thread

Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?

Michał Składnikiewicz, DLL spoofing (PL)

Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)

Przemysław Pawełczyk's Space

Realist and pragmatist. Strong-willed and strong-minded. Sometimes taciturn, sometimes loquacious. FLOSS enthusiast but still using Windows. Stuck in the endless process of becoming a Linux wizard.

Search

Archive

2009 (3)
2008 (6)
Obox Design