The Knotter

Hi! This is a fluffy one but hopefully interesting. The idea is to implement a botnet that is completely client side and does not need an 0day to spread. To achieve this I implemented the botnet in Javascript and used well-known techniques to get the code running on the victims’ browsers. The bots communicate through an existing web site so the botnet master only needs to upload a file to trigger new actions. The most immediate application of these botnets is performing DoS attacks.
»Read More

Not a long time ago most web applications did not have any kind of protection against Cross-site Request Forgery attacks and life was easy for pen-testers. Using a tool like the Burp Suite a tester could locate all the forms in an application and use the automated fuzzer to look for low-hanging fruit like simple XSS instances, SQL injections and all sorts of information disclosure and problems with cookies. This situation has changed lately and nowadays many frameworks give you the possibility of embedding single-use tokens into hidden form fields and URLs. Most automated fuzzers do not have any notion of tokens and they are of little or no use in this new scenario. Using a dumb fuzzer all we get is a redirection to a default page and the potentially hazardous parameters are never retrieved.
»Read More

Hi all! I know it’s been some time since my last post but now I’m back with some hopefully good stuff for ARM microprocessors
»Read More

Ok, this one is on a really old topic. As you may already know, x86-based machines have several different modes of operation. When engineers had to make the leap from 16 to 32 bits they had to figure out a way to avoid breaking old software and came up with what we call protected mode. From then on the old 16 bit mode was called real mode.
»Read More

Recently I have been experiencing some problems with VMWare. It looks like they are not maintaining the free version as well as they are ought to and bugs start to arise. With some of my VMs the mouse pointer was completely unresponsive so I decided to switch to VirtualBox. After installing the software and porting my VMs I gave VirtualBox a try and it worked like a charm. It was only when I started my first bug-hunting project after the change that I noticed there was no support for physical memory dumps.

Time ago I started using qemu for development. It had support for a gcc stub out of the box which allowed me to debug real and protected mode code as well as to dump the physical memory of a VM after a hard kernel crash. At some point a friend of mine told me that VMWare could do exactly the same and it was way faster so I tried it. Now I’m playing with VirtualBox. It has an integrated debugger that works pretty well but there is no “dump memory” command.
»Read More

If you’ve ever had a look at an application from the point of view of a reverse engineer you know that there are many tools out there capable of doing a pretty good static analysis. Things get a bit trickier when we move on to dynamic analysis though. When you first give your binary file to IDA it will locate the entry point and try to analyse the whole binary using a flooding-like algorithm. What IDA can’t do is guessing the possible values of the registers in each step of the process. This can cause all sorts of trouble when we come across some self-modifying code or any other binary obfuscation mechanism. In this post I’ll go through one of these problems, possibly the most common and one of the easiest to overcome; virtual functions.
»Read More

Information leaks are pretty common in today’s software. For some reason people get really scared when they are told they have a buffer overflow -even if it’s not exploitable- but they don’t care at all where the data goes when their program dies.

Well, if you know a bit about OS development you know that memory doesn’t just disappear when a program finishes its execution. RAM is an expensive and scarce resource and, as such, it gets reused much more aggressively than other resources.
»Read More

I’ve never had a blog before so I’m not going to tell you this is the most interesting site on the Internet. Instead I think I’ll just introduce myself and let you make up your mind.

I have been interested in computers and technology since I can remember. I’ve worked in the IT security industry for some years now and I think it’s time to share some of the things I learnt. Most of what I know I owe to my friends and colleagues so here goes a big thanks to all of you, you know who you are.

In this blog I will write about things I found specially challenging or interesting and also about the problems I have not been able to solve. Maybe someone who reads this can get the bits that I missed and post a comment back. I will try to write something every week but you never know how things will come off so I will make no promises.

I hope you find this site useful.
Take care and happy hacking!