8 Jun 2009

Altering execution of the program

Silvio Cesare, Shared library call redirection using ELF PLT infection (HTML)

Anonymous, Runtime Process Infection

Anonymous, Building ptrace injecting shellcodes

grugq, Cheating the ELF: Subversive Dynamic Linking to Libraries

17 Nov 2008

Native API in Windows

Sven B. Schreiber, Interfacing the the Native API in Windows 2000 - with sample application using the undocumented NtQuerySystemInformation() function
16 Nov 2008

Bypassing SFC/WFP (System File Checker/Windows File Protection)

Jeremy Collake - Hacking Windows File Protection - exposed methods: ntdll.NtDuplicateHandle() on corresponding winlogon handles, SfcTerminateWatcherThread(), SfcFileException() and sfc.dll/sfc_os.dll patching
31 Oct 2008

Exploiting Windows

Matt Miller, Ken Johnson, Bypassing Windows Hardware-enforced Data Execution Prevention (PDF)

bugcheck, Matt Miller, Kernel-mode Payloads on Windows (PDF)

Ken Johnson, Matt Miller, Exploiting the Otherwise Non-exploitable on Windows (PDF)

Ken Johnson, Getting out of Jail: Escaping Internet Explorer Protected Mode (PDF)

mxatone, Analyzing local privilege escalations in win32k (PDF)

4 Oct 2008

Analysing Malicious Code

Lars Haukli, Analysing Malicious Code: Dynamic Techniques (PDF, long) - API hooking, Networking and Virtualization, Memory Scanning and API Monitoring, Packers, Structural Analysis, Automating analysis
4 Oct 2008

Gynvael Coldwind's papers

Michał Składnikiewicz, Fibers in a thread

Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?

Michał Składnikiewicz, DLL spoofing (PL)

Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)

Przemysław Pawełczyk's Space

Realist and pragmatist. Strong-willed and strong-minded. Sometimes taciturn, sometimes loquacious. FLOSS enthusiast but still using Windows. Stuck in the endless process of becoming a Linux wizard.

Search

Listing programming

Archive

2009 (3)
2008 (6)
Obox Design