Przemoc's troves http://troves.przemoc.net Valuable texts should be read. Am i right? posterous.com Wed, 30 Sep 2009 11:15:00 -0700 Mark Russinovich's posts http://troves.przemoc.net/2009/09/mark-russinovichs-posts.html http://troves.przemoc.net/2009/09/mark-russinovichs-posts.html Mark Russinovich, Pushing the Limits of Windows: Physical Memory

Mark Russinovich, Pushing the Limits of Windows: Virtual Memory

Mark Russinovich, Pushing the Limits of Windows: Paged and Nonpaged Pool

Mark Russinovich, Pushing the Limits of Windows: Processes and Threads

Mark Russinovich, Pushing the Limits of Windows: Handles

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Mon, 08 Jun 2009 10:20:00 -0700 Altering execution of the program http://troves.przemoc.net/2009/06/altering-execution-of-program.html http://troves.przemoc.net/2009/06/altering-execution-of-program.html Silvio Cesare, Shared library call redirection using ELF PLT infection (HTML)

Anonymous, Runtime Process Infection

Anonymous, Building ptrace injecting shellcodes

grugq, Cheating the ELF: Subversive Dynamic Linking to Libraries

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Wed, 18 Mar 2009 22:35:00 -0700 Interposing System Calls http://troves.przemoc.net/2009/03/interposing-system-calls.html http://troves.przemoc.net/2009/03/interposing-system-calls.html Yannis Smaragdakis, Layered Development with (Unix) Dynamic Libraries

Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools

Robert N. M. Watson, Exploiting Concurrency Vulnerabilities in System Call Wrappers

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Sun, 16 Nov 2008 15:47:00 -0800 Native API in Windows http://troves.przemoc.net/2008/11/native-api-in-windows.html http://troves.przemoc.net/2008/11/native-api-in-windows.html Sven B. Schreiber, Interfacing the the Native API in Windows 2000 - with sample application using the undocumented NtQuerySystemInformation() function

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Sun, 16 Nov 2008 14:21:00 -0800 Bypassing SFC/WFP (System File Checker/Windows File Protection) http://troves.przemoc.net/2008/11/bypassing-sfcwfp-system-file.html http://troves.przemoc.net/2008/11/bypassing-sfcwfp-system-file.html Jeremy Collake - Hacking Windows File Protection - exposed methods: ntdll.NtDuplicateHandle() on corresponding winlogon handles, SfcTerminateWatcherThread(), SfcFileException() and sfc.dll/sfc_os.dll patching

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Fri, 31 Oct 2008 09:11:00 -0700 Exploiting Windows http://troves.przemoc.net/2008/10/exploiting-windows.html http://troves.przemoc.net/2008/10/exploiting-windows.html Matt Miller, Ken Johnson, Bypassing Windows Hardware-enforced Data Execution Prevention (PDF)

bugcheck, Matt Miller, Kernel-mode Payloads on Windows (PDF)

Ken Johnson, Matt Miller, Exploiting the Otherwise Non-exploitable on Windows (PDF)

Ken Johnson, Getting out of Jail: Escaping Internet Explorer Protected Mode (PDF)

mxatone, Analyzing local privilege escalations in win32k (PDF)

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Tue, 07 Oct 2008 13:13:00 -0700 Regular expressions http://troves.przemoc.net/2008/10/regular-expressions.html http://troves.przemoc.net/2008/10/regular-expressions.html Nikolai Weibull, Theoretical Foundation of Regular Expressions and Text Editors (PDF, thesis) - symbols, languages,
grammars, regular expressions, finite automata, character sets (Unicode),
pattern matching, and the inner and outer workings of a text editor

Brian W. Kernighan, Rob Pike, Regular Expressions: Languages, Algorithms, and Software - backtracking implementation

Russ Cox, Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, ...) - NFA, DFA, backtracking and performance...

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Fri, 03 Oct 2008 22:18:00 -0700 Analysing Malicious Code http://troves.przemoc.net/2008/10/analysing-malicious-code.html http://troves.przemoc.net/2008/10/analysing-malicious-code.html Lars Haukli, Analysing Malicious Code: Dynamic Techniques (PDF, long) - API hooking, Networking and Virtualization, Memory Scanning and API Monitoring, Packers, Structural Analysis, Automating analysis

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk Fri, 03 Oct 2008 21:31:00 -0700 Gynvael Coldwind's papers http://troves.przemoc.net/2008/10/gynvael-coldwind-programmerre.html http://troves.przemoc.net/2008/10/gynvael-coldwind-programmerre.html Michał Składnikiewicz, Fibers in a thread

Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?

Michał Składnikiewicz, DLL spoofing (PL)

Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)

Permalink | Leave a comment  »

]]> http://files.posterous.com/user_profile_pics/602848/przemoc.png http://posterous.com/users/5Aqscs4gdJm1 Przemysław Pawełczyk przemoc Przemysław Pawełczyk