877.791.9571 |

About the Author:

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here: http://www.proteansec.com/.
InjectingDLL-06032013

Using SetWindowsHookEx for DLL Injection on Windows

Introduction

Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec .

In this tutorial, we’ll take a look at the DLL injections by using […]

injection-hooking-feature

API Hooking and DLL Injection on Windows

Introduction

Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec.

In this tutorial, we’ll take a look at various methods that we can […]

CreateRemoteThread-feature

Using CreateRemoteThread for DLL Injection on Windows

Introduction

Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec .

In this tutorial, we’ll talk about how to inject a custom DLL into […]

visual-studio-2010-03072013

Visual Studio and Build Process

Introduction

Each DLL contains various exported functions that can be accessed by other programs. DLLs are being extensively used because the DLL is loaded only once in the physical memory, […]

aspdotnet-internals-feature

The ASP.NET Internals

ASP.NET Configuration Options

The most important configurations in the web.config file will be described in this section:

<authenticaton>

The authentication tag is used at the application level and is used to […]

sysenter-instruc-internals-feature

The Sysenter Instruction Internals

Introduction

In the previous article we’ve seen that whether we’re using the int 0x2e interrupt or sysenter instruction, the same method in kernel is being used. We also identified that […]

debug-Windbg-feature

Introduction to Kernel Debugging with Windbg

Introduction

You’ve probably heard about Windbg before, right? It’s a Windows debugger written by Microsoft that’s used by developers and hackers for debugging the OS. We won’t go into the […]

PE-Header

Presenting the PE Header

Let’s present the whole PE file structure with the picture below (taken from ):

At the beginning there’s a DOS header, which is an MS-DOS compatible executable that always consists […]

The Import Directory

The Import Directory: Part 2

,

You can take a look at the previous article before reading this one. If you already understand the basics of IAT table, then you can skip the first article, but […]

The Import Directory

The Import Directory: Part 1

We know that when the operating system loads the executable, it will scan through its IAT table to locate the DLLs and functions the executable is using. This is […]

The Export Directory

The Export Directory

Simple Example of Export Directory

Let’s take a look at a simple example to understand how the export directory is used by the executables/libraries. Let’s suppose that we’re dealing with […]

Loading the Windows Kernel Driver

In the previous part of the article, we’ve explained how to compile the Windows kernel driver. Now that we know how to compile the driver, we also have to […]

Compiling the Windows Kernel Driver

Introduction

In the previous article, I’ve written and described a kernel mode driver, but I haven’t actually done anything with it. There’s something missing in that picture: it’s the loading of […]

Writing a Windows Kernel Driver

Introduction

If you haven’t read the first two articles yet, here and here, then you probably should, because they are essential to understanding what we’ll be talking about here.

Before we […]

Windows Building Environment for Kernel Driver Development

Details of Driver Development Environment

In the previous article , we saw that upon installing WDK 7.1.0, we got build environments for Windows 7, Windows Server 2003, Windows Vista, Windows […]

Writing Windows Kernel Mode Driver

Introduction

In this tutorial, we’re going to use the Windows Driver Mode (WDM) which provides us greater flexibility than other modes while being harder to use. We’ll take a look […]

windowsBootProcess-04042013

Windows Booting Process

Introduction

In the previous tutorial, we’ve seen how one would go about booting the Linux operating system by using GRUB. We presented the basic overview of the booting process in […]

linuxBooting-04032013

Linux Booting Process

Introduction

In this article, we’ll take a closer look at the booting process of the Linux operating system. We’ve already described the booting process in this article, especially how the […]

kernal-debug-symbol-04012013

Windows Kernel Debugging Symbols and Commands

Introduction
In this tutorial, we’ll introduce a few basic tools that we need to have available when doing kernel debugging on Windows. Besides that, we’ll present Windows debuggers that can […]

Sysenter-03292013

The Sysenter Instruction and 0x2e Interrupt

In this article, we’ll present a couple of examples where we’ll be using the 0x2e int instruction to interrupt the kernel and call some interrupt service routine. We’ll also […]