Articles in the Reverse Engineering category

Analysis of the Apache Vulnerability
In this article we'll talk about the CVE-2013-1862 vulnerability, which exists in Apache versions 2.2.x before 2.2.25, where the data written to the log is not sanitized for non-printing characters. Therefore, an escape sequence characters sent by attacker in a request will get logged to ...
Pin: Dynamic Binary Instrumentation Framework
Introduction Pin is a DBI framework for IA-32 and x86-64 architectures, which can be used for dynamic analysis of the binary program at run time. When using Pin framework to build tools, you're actually creating pintools; you can think of Pin as an abstraction layer that abstract away the ...
Linux Kernel Development Process
Introduction When I was listening to the question and answer session at LinuxCon, there was some interesting discussion going on: some of the latest news information is Linus Torvals's joke about putting a backdoor into the Linux operating system. The reason I started writing this tutorial is because I ...
Windows Memory Protection Mechanisms
Introduction When trying to protect memory from being maliciously used by the hackers, we must first understand how everything fits in the whole picture. Let's describe how a buffer overflow is exploited: ** ** Finding Input Shellcode Address— When we send input data to the application, we must send data that ...
Calling NTDLL Functions Directly
Introduction If you're reading this, then you've probably wanted to call some internal ntdll function that isn't exported and easily callable, right? If no, then let me explain what I mean. If we start the Visual Studio Command Prompt, we can use the dumpbin command to display ...
LUKS and LVM
LVM + LUKS LVM is software that uses physical devices as physical volumes (PVs) in storage pools called volume group (VG). Physical volumes can be a partition, whole SATA hard drive grouped as JBOD, RAID systems, iSCSI, Fibre Channel, eSATA, etc [1]. Whenever we decide we want to enable the LVM ...
Using SetWindowsHookEx for DLL Injection on Windows
Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec .** ** In this tutorial, we'll take a look at the DLL injections by using the SetWindowsHookEx method. I haven't found a good blog post on the subject, which ...
API Hooking and DLL Injection on Windows
Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. In this tutorial, we'll take a look at various methods that we can use to inject a DLL into the process' address space. For injecting a DLL into ...
Using CreateRemoteThread for DLL Injection on Windows
Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. ** ** In this tutorial, we'll talk about how to inject a custom DLL into the process's address space by using the CreateRemoteThread function call. The CreateRemoteThread function creates ...
The ASP.NET Internals
ASP.NET Configuration Options The most important configurations in the web.config file will be described in this section: The authentication tag is used at the application level and is used to identify the client. There are four authentication modes we can choose from when setting this element. Those ...