This blogpost is about the release of a plugin for Binary Ninja that allows you to run a Python Kernel inside the Binary Ninja GUI environment to which you can attach a Jupyer (QT) console, formerly known as IPython shell. The first section is about why this is useful, the second is about some issues I encountered and how to solve them, and the third contains everything you need to know to set it up. Continue reading “IPython Support for Binary Ninja”Continue reading
Lately I’ve been analyzing a .NET binary that was quite interesting. It was a portable binary that shipped without any third-party dependencies. I started looking at the .NET assembly with ILSpy and noticed that there was not that much code that ILSpy found and there were a lot of references to classes/methods that were neither in the classes identified by ILSpy nor were they part of the .NET framework.Continue reading
I am amazed by how this years BlackHoodie unraveled. Three days that included a pre-conference of lightening talks and two parallel tracks with a total of 64 enthusiastic members. The very spirit of BlackHoodie is nothing other than the quest to gain deep knowledge. Reverse engineering is one of the hardest fields in security. It touches on all fields of computing, starting from assembly, programming, file formats, operating systems, networks and what not. This makes it hard but an extremely fulfilling experience to spend time learning it. For me, the very idea of staring at a binary till you understand what it does is a magical feeling.Continue reading
This is the second part in the Autonomic Network series. We have introduced previously in our first part the Autonomic Network (AN), took a look about the needed configuration to run it on Cisco gear and what is the expected communication flow. In this post, we will dive deeper to have a closer look on the packets and how they are composed. Continue reading “Autonomic Networking – Part 2: Analysis”Continue reading
This is a 3-part series which introduces and analyzes Cisco’s implementation for Autonomic Network. In the 1st part, the technology is introduced and we have an overview about communication flow. In the 2nd part, Cisco’s proprietary protocol is reverse engineered 😉 then finally in the 3rd part, multiple vulnerabilities will be disclosed for the first time. If you’re aware of the technology, you can skip directly to part 2 where the action begins! Continue reading “Autonomic Networking – Part 1: Overview”Continue reading
This year’s BlackHoodie workshop rolled out with 28 amazing women from all parts of the world. It was a very vibrant group with students, professionals, engineers, researchers, physicists and what not. This is the second year that Marion Marschalek is running this reverse engineering workshop exclusively for women. There were a variety of topics that were covered. This includes anti emulation tricks, anti debuggers, packers, obfuscation, encryption/decryption functions, and a lot of fun with IDA.Continue reading
Sorry about the larger delay between the previous post and this one, but I was very busy the last weeks.
(And the technology I wanted to show wasn’t completely implemented in radare2, which means that I had to implement it on my own 😉 ). In case you’re new to this series, you’ll find the previous posts here.
As you may already know, we’ll deal with the third challenge today. The purpose for this one is to introduce
some constructs which are often used in real programs.
Last time we’ve used the rabin2 application to view the strings found inside the challenge01 binary to find password candidates. Based on the results we looked into the assembly to find the correct password. In this post, we’ll go through the next challenge and try out some of the features provided by radare2.Continue reading
Welcome back to the radare2 reversing tutorials. If you’ve missed the intro, you can find it here.
The last time you got the challenge01 binary and your goal was to find the password for the login. Let’s see how the application looks like:Continue reading
In a recent assessment, we had to evaluate how Microsoft’s System Management Server (SMS) certificate management solution (CMS) stores and handles certificates. This question came up because sensitive, encrypted user certificates were to be stored in the SMS CMS. Due to the sensitivity of the handled certificates, we assessed the protection capabilities of the certificate management solution against extraction attempts from a local attacker with administrative privileges.Continue reading