Total Posts
- Total Posts
- 271
- Posts Per Day
- 0.08
General Information
- Last Activity
- 08-31-2019 12:14 AM
- Join Date
- 07-14-2010
- Referrals
- 3
19 Friends
Showing Friends 1 to 10 of 19
View "vinnu"'s Blog
by
"vinnu" on 11-10-2014 at 12:01 PM
Hesperbot DGA : Everything is Dynamically generated using GA
Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
mutexes etc.
But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates
Read More
by
"vinnu" on 06-14-2014 at 04:05 PM
Namaste
This post discuses the things from the point where reversing of any malware ends.
The analysis of a malware is not enough to satisfy any researcher. There is no point
in analysing a malware and then writing a report on it and forgetting it for eternal times.
Neither just analysing a malware will help stop botnet herders from performing crimes nor it will
help a large population of non technical targets/victims.
If analysing a malware
Read More
by
"vinnu" on 11-18-2011 at 09:11 AM
[ Taken from Forum posts and edited ]
Namaste
This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, a vulnerability, and a debugger, and though notepad + calc also.
So we have Windows 8 : Developer's Preview Edition
Firefox : 3.6.16
Java (JRE) : 6u29
So what is the difference in windows7 and windows8 exploitation.
To achieve code execution in win7
Read More
by
"vinnu" on 09-21-2011 at 11:22 AM
In defeating DEP you atleast need some information that will evade the ASLR.
There are mainly two ways:
1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.
2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.
Read More