TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... Most phishing sites are hosted on compromised Apache + PHP + MySQL servers located in the US. Our Digital Vaccine service includes filters specifically designed to prevent potential victims from reaching many of these malicious sites.

Cellular Interference

Like many others in the world, I've always been a skeptic of the need to disable cell phone antenna's on takeoff and landing. What kind of interference could possibly be caused to an airplane? We've all dealt with the minor nuisance of clicks and beeps when someone on a land line keeps their cell phone too close to the base, but serious interference to a plane? I always figured it was a better safe then sorry measure... Until a couple of weeks ago when I was doing some work in Photoshop on my ol ...


MindshaRE: Adding IDA to Explorer Context Handler

In this weeks MindshaRE we will show you how to add IDA into the right click context menu of windows explorer.  This is handy when quickly disassembling .dll's and .exe's.MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through our blog history.When disassembling binaries in IDA most people will go through a ...


Hacking the Pirates of the Caribbean Online MMORPG

My colleague Ali and I recently presented on Reverse Engineering Dynamic Languages, specifically Python, at RECON 2008. As a case study, we demonstrated hacking cheats into Disney's Pirates of the Caribbean Online game (slides here). The game has receiv ...


Line Noise

One comment and one angry email was all the encouragement we needed to keep Line Noise alive, so it's time again for another one so you can witness the extremely worksafe version of the links the DVLabs research team have been sharing with each other on our internal IRC.RepRap is a 3D rapid prototyper that can be built on the cheap. All of the com ...


MindshaRE: Searching in IDA

MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through our blog history. In this weeks installment of MindShaRE we will take a look at some fun uses for searching in IDA even utilizing IDC/IDAPython to automate this.IDA provides several different search options.  Rangin ...


Mozilla Firefox 3.0 Vulnerability

A number of people who monitor our Zero Day Initiative's Upcoming Advisories page noticed yesterday that we reported a vulnerability to Mozilla (ZDI-CAN-349).  Taking into account the coincidental timing of the Firefox 3.0 release, many are asking us if this is the first reported critical vulnerability in the latest version of the popular open source browser. What we can confirm is that about five hours after the of ...


RECON 08 Day 3

It's Monday and I'm back at our Austin headquarters with the team. We had a great time at RECON and in Montreal. Big thanks to the conference organizers and the high quality speakers. Three more interesting talks to mention on the final day of the conference...Pablo Sole from Immunity gave an overview of how Python scripting within ImmunityDbg can be used to assist in reverse engineer ...


RECON 08 Day 2

Some more interesting talks on the second day of the con. Craig Smith from Neohapsis gave an informative presentation on creating a custom code obfuscation virtual machine. The usage of a custom VM to obfuscate code has mostly been seen in various crackme's though it is starting to gain popularity in malware. There are legitimate commercial code virtualizers like Themida. This was an interesting talk and thought exercise that captured the attention of many at ...


RECON 08 Day 1

RECON is a single-track reverse engineering focused conference held bi-yearly in Montreal. The 2008 showing is the third iteration of the conference with hopefully many more to come. RECON is hands down my favorite conference, a sentiment shared by many other RECON attendees. A number of factors elevate this con above others:The talks. The general technical level of the talks at RECON, I feel, exceed most other cons.The size. RECON feels like t ...


MindshaRE: Looping in Assembly

MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through our blog history.After the entry last week comparing source to disassembly I thought it might be a good idea to cover some basics.  Often when learning how to read assembly is helps to take source code, compile it, and then look at it in your disassembler of ch ...


MindshaRE: Public Toolkits

This entry marks the first in a new weekly post I will be doing about general reverse engineering tips and tricks.  The focus of this blog will be to relay some simple tricks we apply here at TippingPoint that others might find useful while reverse engineering.  My goal is to be short and concise in these examples.  If you have any ideas, or suggestions (possibly to improve on something I posted) please email me, or leave a comment, and I'd be happy to share them in future posting ...