877.791.9571 |

About the Author:

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here: http://www.proteansec.com/.
decrypted-code-02252013

Cracking the Defender: The Deobfuscated Code

Introduction

So far we’ve taken a look at the obfuscation routine and how it deobfuscates the instructions in the loc_4033D1. At the beginning point, the overview navigator will look like […]

ReversingLoops-02212013

Reversing Loops

Introduction

Every program nowdays contains branch statements where the decision making happens and loops where we’re repeating some piece of code. Obviously, we could write a program that wouldn’t use […]

IdaProgramP4-02202013

IDA Program Patching

Introduction

It’s not a rare occurrence when we want to load a binary executable in a debugger, change some bytes and then save the changed binary to a hard drive, […]

pass1-02192013

Cracking the Defender: Deobfuscation Routine

Introduction

In the previous tutorial we discussed a basic introduction to the Defender program. We’ve also looked at the sub_402EA8, which returns the base address of the ntdll.dll library in […]

LinearSweep02182013

Linear Sweep vs Recursive Disassembling Algorithm

Introduction

We know that there are two ways of disassembling a binary executable into its assembler instructions. The first technique is linear sweep algorithm and the second is recursive disassembling. […]

defender-exe-02152013

Cracking the Defender: Basic Information and sub_402EA8 Function

Introduction

Defender is an advanced crackme that was written by the Eldad Eilam for the purpose of reverse engineering. It contains several advanced protection mechanisms that a reverse engineer needs […]

Anti-Debugging-02122013

Anti-Debugging: Detecting System Debugger

Introduction

In the previous tutorial, we’ve talked about techniques that harden the reverse engineering of the executable and then we looked at anti-debugging techniques. We’ve mentioned the IsDebuggerPresent function and […]

Anti-Debugging-02122013

Anti-Debugging

Before we begin, we must mention that it’s impossible to completely prevent reversing. What is possible is that we can place as many obstacles on the way as we […]

IDA-Config-02112013

IDA Pro Configuration Options

Configuration Files

We know that some of the Ida’s settings are saved in the .idb archive database files, but are not actually persisted across global Ida settings. Configuration files are […]

IdaIDCSDKa4-02082013

IDA Pro: IDC, SDK and Remote Debugging Overview

In this article, we won’t be going too deep into Ida scripting. Instead, we’ll present what an IDC is and how it can be used to enhance the capabilities […]

Facebook_Hacker_3-sized

Facebook Hacker Cup 2013 Qualification Round: Find the Min

In the last two days, I described on this page my efforts at cracking the Facebook Hacker Cup 2013 challenge – three separate puzzles. Today we will examine the […]

Facebook_Hacker_Cup2-sized

Facebook Hacker Cup 2013 Qualification Round: Beautiful strings

Here’s my follow-on to the Facebook Hacker Cup. Yesterday, I told you about my take on the Balanced Smileys puzzle. Today, we’ll discuss the easiest challenge, Beautiful Strings. The […]

Facebook_Hacker_Cup-sized

Facebook Hacker Cup 2013 Qualification Round: Balanced Smileys

I must admit that I was a little bit hesitant whether or not I should enter the Facebook Hacker Cup, but I did it anyway just for the fun […]

EMET-sized

Enhanced Mitigation Experience Toolkit (EMET)

Defining the problem

First, we must define the problem before we try to find the solution. The problem with Windows systems is that they can easily be exploited. There are […]

ASP.NET_Logo-sized

The Basics of ASP.NET

Introduction

In this article we’ll talk about unicode support in various elements of the HTTP protocol, but first let’s say a few words about HTTP. We won’t go into depth […]

LUKS-formatting-sized

LUKS and Initramfs

Initramfs Introduction

Before we can continue with configuring the kernel when installing a new gentoo system, we need to create an initramfs.

Since the root partition is encrypted, it has to […]

LUKS-formatting-sized

LUKS: Swap, Root and Boot Partitions

The /swap Partition

We need to encrypt the swap partition, since we don’t want encryption keys to be swapped to an unencrypted disk. To do that we can first use […]

wordpress-security-sized

WordPress Security for Users

,

Introduction

We all know that WordPress is the primary CMS system used on the Internet. We also know that security in WordPress is not always taken for granted. The WordPress […]

LUKS-formatting-sized

LUKS: Formatting the Partition

Introduction

When writing this tutorial, I’ve referenced the Gentoo Linux guide and added some of my own observations and scripts. This guide should provide you with steps of how […]

IDAJumpingS-sized

IDA: Jumping, Searching and Comments

Introduction

In this tutorial, we will describe the Jump Menu option in Ida Pro. Using the Jump command when analyzing an executable can prove to be a valuable trick in […]