Archive for December, 2013

Unpacking Themida 2.x by Ivinson

Posted: December 26, 2013 in Uncategorized

Author: Ivinson/CLS

Team: CrackLatinos

Download link: https://www.mediafire.com/?582jpo9izrm8s2d

Regards,

m4n0w4r

Advertisements

[Tool] Swf iDentifier

Posted: December 24, 2013 in Uncategorized
Tags:

SWF files analyzer. Detect common SWF protectors, SWF obfuscators, SWF cryptors and SWF compilers.

[Author]: LIZARD
[Features]:
● Signature analysis.
● Both zLib and LZMA compression supported.
● Process scanning with customizable sensitivity and junk filtration. Founded SWFs can be dumped.
● Directory scanning.
● DefineBinaryData tags viewer and extractor.
● Save uncompressed SWF functionality.
● Quick access to your favorite tools.
● Plugin Interface.
● Very simple, intuitive and just superb GUI.
● Shell integration, Command line support, Always on top and Drag’n’Drop capabilities.
● External signatures interface: users can add new and edit existing signatures.

[ChangeLog]:
Update 1.09.2013
* Some bug fixes
Update 31.08.2013
* Bug fixes.
* Added: Entropy for DefineBinaryData.
* Added: Sorting for Process Scan.
* Added: Update tool.
* Changed: Decompression algorithm zLib.
* Fixed: Sensitivity value.
* Fixed: Shell Integration.
* Signature updates.
Update 19.07.2013
* Bug fixes.
* Added icon for favorite tools.
* Added sorting for Tag Parser.
* Signature updates.

[Download]: swfid.je1.ru

Regards,


Course Overview

CS-6V81 is a graduate level, research oriented, system and software security course.

The goal of this course is to explain the low-level system details from compiler, linker, loader, to OS kernel and computer architectures, examine the weakest link in each system component, explore the left bits and bytes after all these transformations, and study the state-of-the-art offenses and defenses.

The learning outcome is students shall be able to understand how an attack is launched (e.g., how an expoit is created), and how to do the defense (e.g., developing OS patches, analyzing the binary code, and detecting intrusions)

In particular, we will cover

  • Memory exploits. We will investigate the unsafe but widely used system programming language C, cover typical vulnerabilities such as buffer overflows, format strings, integer overflows, etc. How to create robust shell code using such as ROP, HeapSpray.
  • OS Kernel Internals. What’s the behavior when a program is running on top of OS. Why we use paging. How virtual to physical address translation is performed. How MMU (e.g., TLB) helps this. How OS manage files, and disks. How can we model the program behavior when sitting at OS layer. We will use both Linux and Windows as working kernel.
  • Linker and Loader Internals. How a program can be dynamically linked, and what an attacker can do to cheat the system and meanwhile what we can do to protect the system.
  • Kernel-level Defense, how can we defend against the common exploits, techniques including such as ASR, and DEP, NX-bits.
  • User-level Defense. Safe library, Compiler extension, Binary Transformation/Rewriting, Runtime Verification.
  • Binary code reverse engineering. Static binary code analysis. Dynamic Binary code instrumentation. Data flow analysis, and control flow analysis. Malware packing and unpacking.

The class will also have a heavy-hands on project. Students could choose either to perform research (will work on a semester-long research topic of their choosing), or perform an engineering project.

Link : http://www.utdallas.edu/~zhiqiang.lin/spring2012.html

Regards,

m4n0w4r


This graphic is a walkthrough of a simple Windows Portable Executable, that shows its dissected structure and explains how it’s loaded by the operating system.

PE

Link: http://code.google.com/p/corkami/wiki/PE101

Regards,
m4n0w4r