Search found 17 matches

Return to advanced search

Re: Setup Installer with hidden files

You can either do process hollowing as was previously explained where you overwrite the OEP to an empty section of the binary that runs some shellcode that simply loads your dll that you've placed at the end of the binary. Or you can see if the binary loads anything from a non absolute path, has an ...
by sysopfb
on Fri Oct 16, 2015 6:52 pm
 
Forum: Malware
Topic: Setup Installer with hidden files
Comments: 3
Views: 9854

Re: X-1803

Apparently I didn't read the problem correctly. New version adds each number from the file instead of each digit in the file import System.IO import System.Environment import Control.Monad import Data.Char main = do --putStrLn "Filename?" xargs <- getArgs let fname = hea...
by sysopfb
on Wed Jun 10, 2015 7:05 pm
 
Forum: User Submitted
Topic: X-1803
Comments: 5
Views: 5158

Re: X-1803

import System.IO import System.Environment import Control.Monad import Data.Char main = do xargs <- getArgs let fname = head xargs contents <- readFile fname (putStr . show) $ sum' contents where sum' = sum . (map digitToInt) . (filter (/= '\n')) ghc -O2 -o out out...
by sysopfb
on Wed Jun 10, 2015 4:39 pm
 
Forum: User Submitted
Topic: X-1803
Comments: 5
Views: 5158

Re: Since I messed up the last one

removed link and posted base64 versions of all files
by sysopfb
on Mon Jun 01, 2015 9:38 am
 
Forum: User Submitted
Topic: Since I messed up the last one
Comments: 7
Views: 11250

Re: A cute little stego challenge for you :D

I did it last night

I apparently need to reupload my binaries somewhere for mine
by sysopfb
on Mon Jun 01, 2015 9:24 am
 
Forum: User Submitted
Topic: A cute little stego challenge for you :D
Comments: 4
Views: 4676

Re: Very Simple Programming Challenge

Same numbers as logic, in haskell splitupRun d = splitup (d `div` 10) (d `mod` 10) splitup 0 m = [m] splitup d m = m : splitup (d `div` 10) (d `mod` 10) getSum p = sum . map (^p) isPowNumRun num = isPowNum num numlist (length numlist) where numlist = splitupRun num isPowNum n nl len ...
by sysopfb
on Sun May 31, 2015 10:13 pm
 
Forum: User Submitted
Topic: Very Simple Programming Challenge
Comments: 13
Views: 16384

Re: A cute little stego challenge for you :D

If you can do this one you should be able to attempt the crypto one I posted :p
by sysopfb
on Sun May 31, 2015 9:03 pm
 
Forum: User Submitted
Topic: A cute little stego challenge for you :D
Comments: 4
Views: 4676

Re: M3 Algorithm, can you break it?

Can you post the math proof?
by sysopfb
on Sat May 30, 2015 12:32 pm
 
Forum: Crypto
Topic: M3 Algorithm, can you break it?
Comments: 2
Views: 9102

Re: My latest exploit POC for detecting hypervisors

You can do some vm and most sandbox detection by checking the number of processors set in PEB

Code: Select all
mov eax, FS:[30]
cmp dword ptr DS:[eax+064h], 2  ;if number processors is <2 then we can assume we can assume we're in a sandbox and possibly a VM
by sysopfb
on Tue May 26, 2015 6:14 pm
 
Forum: Custom Code
Topic: My latest exploit POC for detecting hypervisors
Comments: 2
Views: 3522

Binary code flow obfuscation through ROP

Before I begin: 1. If you have questions, ask. Odds are I won't answer but you can find me on IRC and maybe I'll respond when I have time. 2. This is a personal POC, if it doesn't work for you or if you don't know what POC is.. well either way I don't care. 3. If you're a binary or assembly guru and...
by sysopfb
on Sun May 10, 2015 9:01 pm
 
Forum: Programming
Topic: Binary code flow obfuscation through ROP
Comments: 0
Views: 2906
Next

Return to advanced search