Behrang
Analysis of a UDP worm
From time to time I like to delve into malware analysis as a pastime and post interesting examples, and recently we received a malware sample that had a low-detection rate. Anti-Virus coverage was 15/43 (35.7%) based on a virustotal.com report and Norman sandbox did not detect any suspicious activity as shown in the report below: Norman sandbox report did not show any registry or network activity. This might be due to the…
Decrypting Symantec BackupExec passwords
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon account” password in its backend MS SQL database (LoginAccounts table). These accounts include the “system logon account” which is used to run agent services and an optional number of active directory accounts that are used to access resources over the network. The following scenarios can result in access to encrypted…
QoW: Software Reversing and Exploitation
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge: Step 1- Find the correct “passphrase” format to logon to the server and get the “Access Granted” message. (You may use a debugger like Ollydbg to do Live RE for this step). Step 2- Do vulnerability…
“Hooker” approach to break-in!
Interesting post on cost/benefit analysis of hacker and hooker attacks…. behrang
Adobe APSB08-15 Patch Reversing
APSB08-15 is the latest adobe security advisory regarding a memory corruption vulnerabilty in Acrobat Reader versions <8.1.2 As expected, the advisory does not include technical details about the attack vector, So let’s try to reverse the related Adobe patch to find more about this vulnerability. I’m going to use IDA 5.2 with patchdiff2 plugin (thanks to kris hint on this plug-in). The patch is released as a MSI file. I used Greg Duncan’s Less MSIèrables…
Prev
Page 2 of 2