Category Archives: Security

A security proposal to Microsoft, something like UAC, but for the network

Remember UAC (User Account Control)? It is a part of Windows since Vista, but when it was first introduced, it caused quite a bad stir. People did not like because it was way too annoying. It kept pestering users for … Continue reading

Posted in Security

Review for Osanda Malith’s Browser Freak utility

Automation is a practice and a skill that every IT professional should exercise. In penetration testing and security checks, automation is more than that; it is essential. Boring, tiring, repeated tasks, and tasks with many steps, if not left to … Continue reading

Posted in Security

Now with the Gauss malware, the cat is out of the bag

The Gauss malware contains an encrypted payload. This payload is only activated during specific circumstances and those circumstances are not yet known and it is possible that they may not be found in the near future. Come to think of … Continue reading

Posted in Security

Hotmail’s dirty little secret

It has been a few days since I noticed what I am about to describe and since no one (as far as I know) has brought this issue forth, I guess it is up to me to address the elephant … Continue reading

Posted in Security

The purpose of the collision attack used in the Flame malware

Title: The purpose of the collision attack used in the Flame malware Alternative title: Why did the Flame malware use a hash collision? When news about the Flame malware broke out, a lot of information became available, including that Flame … Continue reading

Posted in Security

About the security breach at RSA

Here is what I think about the security breach at RSA: First of all, since no details have been published about what was stolen, it would be wise to assume the worst. And the worst is that not only the … Continue reading

Posted in Security

The need for a POP POP RET instruction sequence

The purpose of this post is to explain the need for a POP POP RET instruction sequence. You often read or hear that exploit writers search for this instruction sequence because it is an essential part of their exploit. But … Continue reading

Posted in Security

ASCII Hex to Binary

I often come across shellcode in the form of ASCII hex, that I want to disassemble in order to find the corresponding assembly instructions, so I can understand how the shellcode operates. Although I can lookup up the assembly instructions for each opcode or set of opcodes, … Continue reading

Posted in Security

Stack-based buffer overflow proof of concept

In this post, I will provide proof of concept buffer overflow exploits. I will create my own programs that have specific mistakes and vulnerabilities in them, in order to exploit these mistakes using stack-based buffer overflow techniques. Of course, since … Continue reading

Posted in Security

Create and test buffer overflow exploits

Notes on the creation of buffer overflow exploits To overflow a buffer, we create an exploit string that will go in the buffer. The exploit code can be either at the beginning or at the end of this string. We … Continue reading

Posted in Security