So one day you wake up and you think…why should I buy an alarm installation if I can just make my own. The normal answer is because you usually don’t have the skills nor the time for it. In my case I preferred the answer, because you can learn new skills and do cool stuff. Well that motivated me so here I am writing about how I build my first amateur laser alarm(which is far from finished). Keep on reading if you are curious about my first steps into the hardware world.
The process of a successful stack based BOF-Part 2
The previous post explained how to setup the environment so that we would be able to actually debug the crashing process. In this post I will try to explain the process of analyzing it and building a working exploit. So the first step is to identify why it crashed in the first place.
Continue reading “The process of a successful stack based BOF-Part 2”
The process of a successful stack based BOF-Part 1
n0limit his legend preceeded him but the real deal is way better then the legend! No, really this dude really helped me out in the process to making it work. When doing BOF bugs there is a HUGE difference between reading about it and putting it to practice. Another big thanks go out to KD he got me interested in this stuff again. I mean with all the web exploiting going on these days…you’d almost forget about the giant of all times. The infamous Buffer Overflow!
Continue reading “The process of a successful stack based BOF-Part 1”
Geographically locating phone numbers
Well this isn’t as nice as my last post about Geographically locating ip addresses but still this is highly interesting specially with all the LBS(Location Based Services) that are going on. LBS are usually based on companies and/or software which has extreme access to information able to pin point the location of a person. These techniques are often used when performing somebody is beeing investigated or when someone makes a distress call to 911(112 in europe). Before you carry on reading I highly apreciate feedback about my english writing :) so don’t be ashamed to correct me or tell me about any errors in my postings. I regret that this post isn’t as detailed as I wanted it to be…but then again I hate keeping information to myself for ages. So here is a first glance at this topic.
Backerdie
Well that was a real nasty experience…beeing a while without access to internet. You could call me an addict but oh well. Anyways I had some moving in between houses issues and a little problem with my ISP. I’m on temp internet now with some weird usb stick which is treating me pretty good until now. Anyways I’ll get back to posting some random stuff as usual. It feels good to finally have access to internet again.
[POC] RFI Scanner
Well it certainly is true, why not? That question never has a correct answer imo. It is the same question I asked myself yesterday. I was like thinking what to write on my blog (I was bored and thought that blog writing could help) after a while I just gave up (so lesson learned: only write when you actually have something to write). So today I fired up my browser(for the ones wondering, this is a personal opinion, I use: Opera {FTW!}, IE {nice}, FF {sucks}, I use them depending on what I need) and the first things I saw was this. Which is funny since it’s just a couple of days ago since I posted about python and now I see a nice and small python script to do funky stuff.
Truecrypt, a variety of bruteforcing options
A lot of people ask the question: How can I recover my truecrypt password? Others ask the question: How can I crack a truecrypt container? So out of curiousity I went on a little investigation to know what the current tools are to bruteforce a truecrypt container. So here is a small compilation of the methods I’ve found to bruteforce a truecrypt container.
Continue reading “Truecrypt, a variety of bruteforcing options”
Python hidden love and hate
This is just my little hate/love affair with python. This post will be a bit chaotic but ohwell…
Well when I first read about python my inmediate reaction was: HATE HATE HATE. This reaction was only triggered because of one reason: indentation. This kept going on for a while until I finally decided to try python out and create my opinion based on using the language instead of prejudices. I’ll explain what the word ‘hidden’ does in the title of this blog posting later on.
anti-live-forensic toolkit
Well I’ve been developing this for a while now and still haven’t finished, mainly because I’ve got little time to spare for coding. Previously I wrote about using somekind of ping to see if your computer is still connected to the net. The solution is fun but it will not prevent forensic analysis of your computer. I have expanded upon that previous post and started to write a toolkit which could be used if we assume the following:
You want to prevent live-forensic analyses of your computer at all costs. You don’t care about normal forensic analysis because your harddisk is encrypted and you have used a real long password and a keyfile.
So with that in mind I started to construct something which frustrates live forensics and at the same time is easy to expand. If you are concerned about normal forensic analysis you can always turn to some of the current anti-forensics projects like the one at metasploit.
Untracable connect back
WoW beeing ill really SUCKS. Happy NEW YEAR. That part is also done. Hmmm what’s left…oh yeah the reason I didn’t write too much on my blog. It’s not because I was ill, it’s just because I was lazy ass hell and my my gf was staying over…so busy busy busy.
Only thing I could not switch of during these ‘holidays’ was my brain. It seems to be twisted since my birth and oh well I learned to live with it. So I had a midnight thought the other day. Nothing to funky nonetheless interesting. It’s all about connect back backdoors. If a connect back backdoor is used you always have the question: To where must it connect back?
Old Rootkit Detection
Well in my quest to move my old kd-team.com tools and papers to my new blog here is another one from the old website. Two ways to detect rootkits, one of them doesn’t work anymore (assuming all rootkits hook the function used back then) the other one I don’t know haven’t tested it latley. Here are the readme’s and the source codes.
Geographically locating IP addresses
I always loved this subject. In movies they are all so cool about it. It’s all like:
Sir, his ip is 123.123.123.123.
Go ahead triangulate it so we can nail him.
Sir, we have got him, he is in bla bla bla
Last night a buddy of mine asked me if it was possible to geolocate an IP address, he was interested for fun where the hell his “viagra” spammer lived. So triggered by his question I started investigating the possible methods and resoures to geolocate an IP address and at the same time find out how realistic hollywood is in it’s movies.
Cracking a simple and old cd check
Here we go again, another really old paper from the old kd-team.com archives. This was one of my first real fun encounters with Reverse Engineering. I know it’s not used anymore and it’s old and it’s probably bah…but still :) there are a lot of people who everyday start learning RE and what better way then with some nostalgy and a good laugh.
paper here
ICMP spoof
Here is some sourcecode of an old kd-team post. Sending a ICMP packet where you can specify all you want yourself. This source can be used for a variaty of stuff and well…just use your imagination.
The .c
JavaScript deobfuscation a little start
So I’ve been trying to get more information about the funky world of JavaScript deobfuscation. It’s really fascinating what kind of protective measures and obfuscation JavaScript can reach. So whith what kind of stuff have i been playing around?
SpiderMonkey FTW!
No really, it’s easy, it’s proven and it works. Installing is really easy…lotsa documentation also. The best part of it was that…spidermonkey does not have default support for things like document.write(); After googling I found out about 2 ways to achieve it. The first method involved changing the C files and recompiling and such…the other method was so much easier. Have a look:
part1 for a nice introduction
part2 with the solution to add document.write(); support.
For the ones interested here is the method where you need to recompile spidermonkey and such.
There are a lot more of interesting deobfuscation tools out there to play with though.
So this has been my little introduction to javascript deobfuscation I will certainly keep playing it’s fun, I never thought javascript could be used for so much evil but fun things.
DiabloHorn 