877.791.9571 |

About the Author:

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here: http://www.proteansec.com/.
GGGoogle-Scan-sized

Google Hacking with GGGoogleScan

When scraping the Google search engine, we need to be careful so that Google doesn’t detect our automated tool as a bot, which will redirect us to a captcha […]

TheBasicsofIDAPro-sized

The Basics of IDA Pro

1. Introduction

IDA Pro is the best disassembler in the business. Although it costs a lot, there’s still a free version available. I downloaded IDA Pro 6.2 limited edition, which […]

120912_1254_CallingConv-sized

Calling Conventions

Introduction

Calling conventions are used by all programs without the user even realizing it. But before saying more about them, we must first make sure we understand what happens when […]

GOOG_Android_Java_sized

Android and Java Native Interface

Java Native Interface (JNI)

JNI is a native programming interface supported by Java and is part of the Java SDK. With JNI, we can write code in other languages like […]

sandbox-sized

Using Sandboxes For Hostile Program Analysis

Sandboxes

Introduction

If you’re reading this article, you have probably heard of a sandbox before. But, in case you haven’t, I’ll provide a quick explanation of what a sandbox really is. […]

malware analysis

Analysis of Malware Samples with the Immunity Debugger API

Introduction

Immunity Debugger is a debugger which is very much like Ollydbg. In this tutorial we’ll present the Python API that Immunity Debugger uses for writing the plugins. Ollydbg has […]

Abstract background with binary code.

API Hooking with Microsoft Detours

Introduction

Microsoft Detours is a library which we can use to build our own DLL that serves as an API monitor when analyzing the results. The best thing about it […]

password

Web Vulnerabilities Explained

Introduction

We all know that vulnerabilities in web pages are quite common these days. They range from SQL injections, XSS vulnerabilities, CSRF, etc. In this article we’ll provide basic examples […]

wordpress-attack

WordPress Plugin Vulnerabilities: From a Developer’s Point of View

1. Introduction

We all know the prevalence of the WordPress blogging system and its share of vulnerabilities in the core system alone over the years. If not, we can take […]

url

Getting Domain Information

1. Introduction

When analyzing malware we can gather a lot of information just by identifying the IP addresses and domains the malware software uses. Most malware software programs use DNS […]

analysis

Environment for Malware Analysis

Introduction

Before trying to analyze any kind of malware, we need to have a proper environment set up, so we can be most efficient and collect the most information from […]

javascript

Analyzing Malicious JavaScript

1. Introduction

Nowdays there are various threats in the wild that want to get malware installed on victim operating systems. Most of them use some kind of social engineering bundled […]

keyboard

PDF File Format: Basic Structure

1. Introduction

We all know that there are a number of attacks where an attacker includes some shellcode into a PDF document, which uses some kind of vulnerability in how […]

network

Wfuzz and WebSlayer

1. Introduction

WfFuzz is a web application bruteforcer that can be considered an alternative to Burp Intruder as they both have some common features. With both Wfuzz and Burp Intruder […]

topology

Network Topology

1. Introduction

Whenever we’re doing a penetration test, it’s good to figure out the topology of the network we’re testing. We can’t figure out the whole topology, because we don’t […]

metsploit.png

Q: A Collection of Metasploit Modules Not Accepted to Main Trunk for Various Policy or Quality Reasons

Introduction

I guess we all know what Metasploit is, so we don’t really need to present to the reader the basics of Metasploit. But it’s still useful if we present […]

abstract binary

Hacking SVN, GIT, and MERCURIAL

1. Introduction

We all know that when programming with a small or large team, having a revision control in place is mandatory. We can choose from a number of revision […]

adobewarning

Hacking PDF: util.prinf() Buffer Overflow: Part 2

For part 1 of this series, click here.

1. Introduction

In the previous part we’ve seen the structure of the PDF document and extracted the JavaScript contained in object 6. We […]

light computer

Filter Evasion: Part 2

For part 1 of this series, please click here.

1. Methods for Bypassing a Filter

There is a number of different attack strings that can be used to bypass a filter […]

light computer

Filter Evasion: Part 1

1. Introduction

First we must talk about vulnerabilities. We know that vulnerabilities that are present in any kind of software can be exploited by accepting the right input data, and […]