PDF file loader to extract and analyse shellcode

One of the new features in IDA Pro 5.6 is the possibility to write file loaders using scripts such as IDC or Python. To illustrate this new feature, we are going to explain how to write a file loader using IDC and then we will write a file loader (in Python) that can extract shell […]

Casts are bad

Halvar and Dennis Elser recently blogged about a serious vulnerability in the ATL libraries. A few days ago, Microsoft released an emergency “out-of-band” patch. Yes, the bug was that nasty, and since it is in a library, many MS Windows components were affected. Everyone who used the library should review their code and […]

Blackhat USA 2008

Sometimes names just do not reflect the nature of things. Sometimes it is our fault to attribute a wrong meaning to names. I do not know which of the above holds for Windows ASLR. After Alex Sotirov and Mark Dowd’s talk at Blackhat I know that ASLR is not that random despite […]

MRXDAV.SYS and Hex-Rays Decompiler

I wanted to present you a new plugin today. It was about switch idioms (jump tables). I spent a few hours trying to find a problematic x86 sample file but could not locate anything impressive. All jump tables were nicely recognized. This certainly does not mean that IDA handles them perfectly, but rather that my […]

OpenRCE?

What happened to OpenRCE, does anyone know? It would be a pity to lose such a nice resource. This news is not a bright one neither but I hope that the explanation for openrce is purely technical.

ZERT patch

I think you have noticed that the site was down for a while. My web hoster again played the same trick: shut down the site with no notice. I’m leaving them. While I was busy with all this stuff, the ZERT group has created a patch for the VML vulnerability. These guys did a really great […]

IE6 vulnerabilty patch

If you are one of unfortunate users still forced to use the Internet Explorer, consider installing this temporary patch from Determina: http://www.determina.com/security_center/security_advisories/securityadvisory_march272006_1.asp Just do not forget to reboot your computer after applying the patch, the installer seems not to insist on it. If you can not reboot the computer, then at least close all IE6 windows to […]

On uninitialized variables

Quite busy week, sorry for being silent. I wanted to talk about an annoyance I discovered with all my C/C++ compilers. Here is quite interesting presentation from Halvar Flake: Attacks on uninitialized local variables After reading it I wanted to verify my compilers and created a small C file. I wanted to check if the compilers would warn […]

FOSDEM

Each year in Brussels, Belgium there is a conference called FOSDEM. It is organized on the last weekend of February. There seem to be some interesting talks about security and program developement this year. The development track is almost fully dedicated to various CVSes. The choice of CVS is an object of faith like the […]

Back to normal operation

I restored the old configuration and the blog will continue its normal operation now. The hotfix can not be downloaded from the site anymore but its source code is still available. Thank you all for the support! I’d like to say thank you once more to the guys who mirrored the files! P.S. Next week we will […]