crazylazy.info

COTS - there's a similar German word

The typical Windows scenario, Common Of The Shelf binary, leads to reverse engineering the target application to gain insight. Finding vulnerabilities can be a time-consuming task. Here're some motivating techniques to save tons of time.

Don't give up, just because...

The general methodology is quite self-explaining - similar for every audit process:

1. behavior analysis:
   • how does the target look like,
   • which dialogues occur,
   • which files are required, what are the paths,
   • installer process,
   • uninstall process,

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

Great new features

Microsoft designed a powerful Debugging Engine, however the offical frontend lacks the useability ollydbg or Immunity Debugger have.
There're only a few useful extensions I know of.

Byakugan is an awesome set of extensions for WinDBG. It's is based on MS Detours.
And there's msecdbg aka "!exploitable".
Both are interesting to speed up writing exploits. Combining the power of these Debugging extensions with the insights IDA offers seems to be promising:

No more emulation

When it comes to the commandline administrators all over the Windows worlds nowadays think of Cygwin or Powershell. However Cygwin is a special layered environment and Powershell is .Net dependant and not very reactive.
Therefore I tend to turn back to the good old DOS-like commandline and add some stuff to the environment path in order to ease my life. However many people may think that extending your commandline tools doesn't help you in situations where you don't find these tools: on Windows the commandline is just an extra. The following stuff of course doesn't help you to do post-exploitation or to show of at your friends machine. But it helps to save time. My time ;).

UnixUtils

All these protocols are belong to Metasploit

If you want to create a network-fuzzer you have to transport your inputs through a specific protocol. Performance in most cases isn't an issue. While I'd prefer to use ICC or at least efficient C for file-fuzzing or other CPU intensive programs, network fuzzing doesn't have this requirement. The Metasploit framework implemented a nice suite of libraries adaptable for network-fuzzing which helps to create a new fuzzer within minutes. Furthermore within ruby 1.9 there're performance enhancements that soon will be supported officially ;). So let's fuzz faster.

There're certain interesting fragments:

A collection of tutorials, videos and fun

I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:

Programming

Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.

Do anti-exploitation strategies displace secure programming?

Rumors say you were able to change the color from blue to red.