TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... Most phishing sites are hosted on compromised Apache + PHP + MySQL servers located in the US. Our Digital Vaccine service includes filters specifically designed to prevent potential victims from reaching many of these malicious sites.

MindshaRE: Using Symbols

I've mentioned in a previous posting that cross references are the crux of reverse engineering. Exploring the connections between blocks of code and from function to function will reveal large quantities of information about your target. Those cross references however are useless without symbolic information, which can include names generated by the reverse engineer as well as names applied through a symbol file. Symbol files are easy to use, yet I still see people that are unaware of them, or d ...


MindshaRE: Cross References in IDA

I would say besides the navigation keys (Esc, Enter, Ctrl-Enter, Arrows), the most often sequence I use is X / Ctrl-X.  That's right, cross references.  Okay, maybe I use others just as much, but for today's MindshaRE we will be discussing cross references in IDA (I wanted to add some impact to the topic).  I will briefly cover what they are, the different types of references, and share some scripts utilizing xrefs that hopefully make your day easier.MindshaRE is our w ...


Building a Better Mousetrap: This Year at Black Hat

Are you interested in joining the exalted ranks of vulnerability analysts? Are you responsible for your organization's IPS/IDS deployment? Would you like to use those IPS/IDSes to the fullest of their potential?Well, you're in luck! Rohit and I are presenting a class at this year's Black Hat information security conference! ...


Line Noise

Hello to all of my delicious readers of the blogosphere!  It's time for another wacky installment of Line Noise, so you can walk a mile in our shoes, if our shoes weren't for walking and consisted solely of stories passed back and forth on an IRC server!First up is a link to bitdefender's new portal with a GTA theme. On a note that probably wouldn't fly in the computer security industry, Japan ...


Everything old is new again (again)!

It's a testimony to the scalability of version 4 of the Internet Protocol that it has scaled from a a network of a few dozen hosts to a globe-spanning network indispensable to hundreds of millions of people.But, like all good things, the reign of IPv4 is coming to an end. It's really an example of necessity - large swaths of the world are running out of IP space. The United States federal government has mandated that all its systems be capable of supporting IPv6 by 2008. Operating sy ...


Firefox 3.0 Vulnerability Patched

In less than a month after its official release, Mozilla fixed the vulnerability we reported to them in Firefox 3.0.  This vulnerability was acquired through our Zero Day Initiative and reported responsibly to Mozilla on June 17th, 2008.  Mozilla was able to fix this issue in a timely mann ...


MindshaRE: Hit Tracing in WinDbg

MindshaRE has focused exclusively on static analysis so far.  That is fine and all, but often we need a little dynamic help.  This can be due to virtual function calls, dynamic library calls, or just to speed things up.  So today we will add a little WinDbg to our diet and talk about hit tracing. I will also show a little script that lets us trace a process and import that trace into IDA.MindshaRE is our weekly look at some simple reverse engineering tips and tricks.&n ...


MindshaRE: Strings!

In this week's MindshaRE we will take a look at strings.  We will cover some of the obvious uses for strings as well as helpful application of strings in the binary.MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through our blog history.String examination is a frequent starting point for many reverser engin ...


MindshaRE: Identifying Encryption Functions

Welcome back to another installation of MindshaRE.  This week we will cover identifying a common pattern seen in encryption and compression functions.  The purpose is to quickly identify locations of interest in a binary that may handle this type of activity.MindshaRE is our weekly look at some simple reverse engineering tips and tricks.  The goal is to keep things small and discuss every day aspects of reversing.  You can view previous entries here by going through o ...