TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... DVLabs and our Zero Day Initiative were credited with discovering 17 Microsoft vulnerabilities in 2006 alone.

Line Noise

It's now October, and time for another Line Noise. I have to warn you, this one is full of thrills and chills and massive linkage. Without further ado, here we go!


MindshaRE: Path Finding

How many times have you been at an address in IDA and wanted to know all the ways you could reach that point? A million? Probably not. But its pretty useful to be able to find all the paths leading to a particular location in a binary. That's why today we are going to cover path finding.MindshaRE is our weekly look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries here by going th ...


MindshaRE: Using Marks

Navigating in IDA Pro is generally an easy thing. Following functions, listing cross references, and going back to your previous location are all one key away. The problem is sometimes you can get a little lost and you end up forget where you left off. That's why marks were invented. Today we briefly discuss using marks when reverse engineering. This is a very simple concept but one you hopefully adopt and integrate into your process.MindshaRE is our weekly look at some simple reverse en ...


BA-Con and Ekoparty 2008

Having sufficiently recovered from my week-long trip to Buenos Aires its time to spread the word about some of the innovative research presented at Argentina's two most prominent security conferences. My coworker Ali and I first attended BA-Con, the newest conference venture from Dragos Ruiu (of CanSecWest, PacSec, and EUSecWest fame). Some of the highlights incl ...


MindshaRE: First Things First

This week on MindshaRE we want to share some of the things we do when beginning a reversing project. Some of these are obvious, and some may be new. It all serves the purposes of creating a solid foundation for the hard work to follow.MindshaRE is our weekly look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries here by going through our blog history.It is important to kno ...


ThreatLinQ: Spyware and Executable Packers Revisited

Today marked another large spike in activity in our compressed binary download filters. Today we saw an increase of 420.3% for Filter 4111 that detects UPX compressed binary downloads over HTTP. For those that enabled these filters after my previous post (you did, right?) you might have been surprised in the amount of activity on your particular network over the past few days. In response to this increase in activity, I decided to do some research to further substantiate my claims that these fil ...


MindshaRE: Naming Conventions

It is my belief that reverse engineering is one part patience, one part experience, and a whole lot of organization. OK, maybe that is a bit of an exaggeration, but organization is essential to reversing. Having a decent naming convention you stick to, not only helps you in the short term, but also 6 months down the line when you or your co-workers look at your IDB. There is no "right" naming convention, but everyone should at least have one they use regularly. So today in MindshaRE we will cove ...