http://www.reteam.org/blog Fri, 03 Aug 2007 17:23:14 +0000 http://backend.userland.com/rss092 en Hello, With Vista many Forensics analysis need to be reviewed, so SecurityFocus published a paper where new Vista's features and relative Forensics analysis. http://www.securityfocus.com/infocus/1889 http://www.securityfocus.com/infocus/1890 Useful to learn how to hide/discover "something" in this new Environment Have a nice Day http://www.reteam.org/blog/2007/05/13/notes-on-windows-vista-forensics/ Me and my friend sgrakkyu (ciao sgra ) were talking about this nice feature to go to ring0 from ring3, altough it is not useable for evil or tricky purposes There are some tricks to go to ring0 from ring3 (\device\phisicalmemory, some debug api related overflows etc), unluckily they ... http://www.reteam.org/blog/2007/05/04/ring3-vs-ring0/ A pseudo vulnerability which can be achieved using multi-transfer between two identities on Yahoo Messenger and social engineering.No practical attack but interesting none the less. Attached is a paper describing the attack and an implementation. All the best, bLaCk PoC http://www.reteam.org/blog/2007/02/05/yahoo-messenger-social-engineering-vulnerability/ There is a nice paper about a research on windows vista new networking stack http://www.securityfocus.com/brief/260 by the way, i was working on vmware, i have casually found it uses always the same "physical memory" address ranges to map bios and pci stuff (F0000000 - F0FFF000 and FE000000 - FE1FFFFF) on an emulated ... http://www.reteam.org/blog/2006/07/24/paper-on-vista-networkin-and-a-vmware-detection-trick/ a friend posted me this stuff, which is a snippet of code used to retrieve the eip of the first instruction line. This is a common shellcode used in metasploit D9 EE FLDZ D9 74 24 ... http://www.reteam.org/blog/2006/01/08/metasploit-info/ Reversing applies to everything, not only to software or hardware. What about if we reverse our "reality" to understand how it works? Well usually this is the work of a physicist Let's see some trick! What we can feel with our senses is just information, what about this information? Could ... http://www.reteam.org/blog/2005/08/21/cogito-ergo-sum/ I was working on a small app to hook the keyboard, i used SetWindowsHookEx function to set a WH_KEYBOARD hook. My intent was to hook the "on screen keyboard" usage. So i write my dll with my nice hook procedure, but something goes wrong. Hook seems not to work properly! ... http://www.reteam.org/blog/2005/07/05/hook-now-pray-later/ Here is a nice tutorial on how to completely defeat TheMida Click here to view the link.. Thanks to rce for this link! Enjoy AndreaGeddon http://www.reteam.org/blog/2005/06/28/nice-themida-tutorial/ I was working on execryptor and the relative license manager, based on Hardkey4, an asymmetric algorithm. The packer itself is nice, the polmorphic engine is wonderful, there are several anti-debugging tricks: PEB.BeingDebugged PEB.NtGlobalFlag Static tls callbacks Crc on exe file (not image) CheckRemoteDebuggerPresent (only >xpsp1) FindWindow (searches for ollydebug registered class name) Olly Exe exports (searches in ... http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/ Zeelock recently brought it to my attention the matter of a Hack convention in the Netherlands is currently in discussions with the mayor of the location they wish to use over cancellation of the event. This website is not about hacking but I figure quite a number of visitors will ... http://www.reteam.org/blog/2005/05/29/what-the-hack-event-in-danger-of-cancellation/