TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... The ZDI has published over 1100 high-risk vulnerabilities since the inception of the program.

MindshaRE: Utilizing PyDbg Within IDA

Previously on MindshaRE we have demonstrated using PyDbg as a companion to IDA. Today I wanted to demonstrate how to use PyDbg from within IDA. With the power of IDA, IDAPython, and PyDbg you can create powerful tools that are extremely helpful when reverse engineering.MindshaRE is our weekly look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries here by going through our blog his ...


MindshaRE: Importing Multiple Modules Into a Single IDB

A question that has no doubt come up for many IDA Pro users in the past is, how can one load multiple modules into a single IDB? The question has been answered a few times on forums such as OpenRCE, and even Ilfak Guilfanov has written a 4 part blog about this. In case all of that information is not enough, today on MindshaRE we are g ...


Using PyMSRPC to Trigger MS08-067

There as been a lot of talk around Microsoft's MS08-067 out of band bulletin. Alexander Sotirov decompiled and annotated the vulnerable routine, Metasploit released a working exploit, in this post I will talk about a method you can utilize to qui ...


MindshaRE: Finding Executable Images in WinDbg

Working with malware often forces us to think outside of the box. The authors of malicious code employ a variety of techniques to keep investigative eyes from prying. To combat this we must also have some tricks up our sleeve. One of these such tricks allows us to dump executables from a binary after it has been unpacked, is ready to be written to disk, or before it is executed. Today we take a look at this very method here on MindshaRE.MindshaRE is our weekly look at some simple reverse ...