Protean Security

Articles in the Reverse Engineering category

In this article we'll talk about the CVE-2013-1862 vulnerability, which exists in Apache versions 2.2.x before 2.2.25, where the data written to the log is not sanitized for non-printing characters. Therefore, an escape sequence characters sent by attacker in a request will get logged to ...

By Dejan Lukan | Oct 29, 2014 | Reverse Engineering |

Pin: Dynamic Binary Instrumentation Framework

Introduction Pin is a DBI framework for IA-32 and x86-64 architectures, which can be used for dynamic analysis of the binary program at run time. When using Pin framework to build tools, you're actually creating pintools; you can think of Pin as an abstraction layer that abstract away the ...

By Dejan Lukan | Sep 30, 2013 | Reverse Engineering |

Linux Kernel Development Process

Introduction When I was listening to the question and answer session at LinuxCon, there was some interesting discussion going on: some of the latest news information is Linus Torvals's joke about putting a backdoor into the Linux operating system. The reason I started writing this tutorial is because I ...

By Dejan Lukan | Sep 25, 2013 | Reverse Engineering |

Windows Memory Protection Mechanisms

Introduction When trying to protect memory from being maliciously used by the hackers, we must first understand how everything fits in the whole picture. Let's describe how a buffer overflow is exploited: ** ** Finding Input Shellcode Address— When we send input data to the application, we must send data that ...

By Dejan Lukan | Jul 05, 2013 | Reverse Engineering |

Calling NTDLL Functions Directly

Introduction If you're reading this, then you've probably wanted to call some internal ntdll function that isn't exported and easily callable, right? If no, then let me explain what I mean. If we start the Visual Studio Command Prompt, we can use the dumpbin command to display ...

By Dejan Lukan | Jun 06, 2013 | Reverse Engineering |

LUKS and LVM

LVM + LUKS LVM is software that uses physical devices as physical volumes (PVs) in storage pools called volume group (VG). Physical volumes can be a partition, whole SATA hard drive grouped as JBOD, RAID systems, iSCSI, Fibre Channel, eSATA, etc [1]. Whenever we decide we want to enable the LVM ...

By Dejan Lukan | Jun 05, 2013 | Reverse Engineering |

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec .** ** In this tutorial, we'll take a look at the DLL injections by using the SetWindowsHookEx method. I haven't found a good blog post on the subject, which ...

By Dejan Lukan | Jun 03, 2013 | Reverse Engineering |

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. In this tutorial, we'll take a look at various methods that we can use to inject a DLL into the process' address space. For injecting a DLL into ...

By Dejan Lukan | May 31, 2013 | Reverse Engineering |

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. ** ** In this tutorial, we'll talk about how to inject a custom DLL into the process's address space by using the CreateRemoteThread function call. The CreateRemoteThread function creates ...

By Dejan Lukan | May 30, 2013 | Reverse Engineering |

The ASP.NET Internals

ASP.NET Configuration Options The most important configurations in the web.config file will be described in this section: The authentication tag is used at the application level and is used to identify the client. There are four authentication modes we can choose from when setting this element. Those ...

By Dejan Lukan | May 23, 2013 | Reverse Engineering |

1 2 3 4 Next ›