Summing up the ShadowBrokers Leak

Nowadays it’s almost impossible to not write about EquationGroup Leak, so I’m going to start my “blog post” pushing the following picture (realised by Kaspersky Lab) which would cut-out every doubts about the leak paternity. EquationGroup VS ShadowBrokers’s Leak The leaked dump contains a set of exploits, implants and tools for hacking firewalls (code name: […]

Read more "Summing up the ShadowBrokers Leak"

From ROP to LOP bypassing Control FLow Enforcement

Once upon a time breaking the Stack (here) was a metter of indexes and executables memory areas (here). Then it came a DEP protection (here) which disabled a particular area from being executable. This is the fantastic story of ROP (Return Oriented Programming) from which I’ve been working for long time in writing exploiting and […]

Read more "From ROP to LOP bypassing Control FLow Enforcement"

Looking For Caves in Windows Executables

Most of my readeres exactly know what code caves are while many other people out there (maybe occasional readers) could wonder why I am writing about codecaves in 2016 since it is a well know technique (published in 2006) to inject a malicious payload inside Windows Portable Executables. Well, today I want to disclouse a […]

Read more "Looking For Caves in Windows Executables"