TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... TippingPoint customers were protected against 0-day exploitation of MS07-017 two years prior to the exploit being discovered in the wild.

EUSecWest Mobile Pwn2Own 2012 Recap

Carnage. Pwnage everywhere. Empty streets, wailing widows, and the smoking remains of a hotel where the sign is barely visible, hanging from a shattered chain and swinging in the wind -- NH Amsterdam Centre Hotel. Something black catches my eye -- it's just a rag, caught on a broken base station arm. On closer inspection I can make out a few words: Zero Day Initiative... EUSecWest... Mobile Pwn2Own... and the famous trio of white X's signifying the Amsterdam coat of arms. What happened here?


Mobile Pwn2Own 2012

We are introducing a new spin on the Pwn2Own competition this year by holding the first Pwn2Own dedicated to the mobile attack surface. The primary goal is to demonstrate the current security posture of the most prevalent mobile technologies in use today; including attacks on mobile web browsers, mobile operating system, Near Field Communication (NFC), Short Message Service (SMS), and the cellular baseband. Along with our sponsors Research in Motion (RIM) and AT&T, HP DVLabs looks forward to highlighting the researchers working to help improve mobile security...


ZDI Update – June 2012

For those that were at REcon last week, you may have met some of our ZDI Security Researchers and no doubt heard them talk about the upcoming Mobile Pwn2Own event at EUSecWest.  We are working with Dragos on the details and you should expect to hear from us regarding the rules and logistics in the coming weeks.  If you’re interested in participating as a contestant drop us an email (zdi@hp.com).Back at the office, we are focused on business as usual - making offers, investiga ...


Thank you Aaron

Thank you Aaron In a recent tweet, some of you may have seen that Aaron Portnoy, the head of our Zero Day Initiative program has decided to move on to other opportunities. During his time with the organization, Aaron led our efforts in Vulnerability Research including managing the Zero Day Initiative and revamping the program to ensure we kept abreast of the threat landscape. His efforts have brought DVLabs many accolades through vehicles such as Pwn2Own and industry c ...


Announcing the IDA Toolbag

Announcing Private Beta Just a quick announcement that Brandon and I will be speaking at Hackito Ergo Sum next week on some of our team's use of IDA. We'll be releasing a private beta (capped at 25 users) of our team's Toolbag code after the talk. For now, you can read our documentation on the ...


MindshaRE: Another Approach To Tracking ReadFile

I. Introduction We often receive fuzzed file submissions, which at times can be agonizing to analyze. Tools help a lot here, as we have shown in previous posts, such as with Peter's awesome write up on hooking ReadFile and MapViewOfFile. This post approaches the same idea of hooking ReadFile for fuzz file analysis, but uses programmatic debugging to hook ReadFile and inspect the input instead of hot patching (hooking is not really the right term to use here, but we will ...


Pwn2Own Challenges: Heapsprays are for the 99%

In case you arent familiar with the Pwn2Own rules this year, we asked people to exploit public bugs... here's one of them. The cve in question (cve-2010-0248) is a use-after-free vulnerability in Internet Explorer 8 found by yours truly back in 2010. This specific bug is triggered by the following poc: <html> <head> <script> ...


Pwn2Own 2012 and Google Pwnium

As you may have heard, Google has withdrawn sponsorship of this year's Pwn2Own contest. They have also announced their plans for a similar contest focused solely on their products. We'd like to clarify why this has occurred and reiterate the reasoning behind why the Pwn2Own contest is designed the way it is. Background on Pwn2Own For those unfamiliar with the history b ...


MindshaRE: Python Syntax Coloring in IDA

MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. In a prior post I showed how if you compile a newer version of PySide you can get acce ...


MindshaRE: Yo Dawg, I heard you like reversing...

...so I reversed your reversing tool to help you reverse better. MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. Update: Igor Skochinsky pointed out that hooking specific actions can be accomplished via the idautils.Proc ...


MindshaRE: Adding Cross References via IDAPython

MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. If there's one thing I've noticed about working with as many reverse engineers as I have, it is that we all use our tools differently. Many of the best reversers I've met barely touch a debugger ...


MindshaRE: IDAception

If you've ever tried collaborating with other people while reverse engineering a vulnerability your process probably includes some tedious steps, like transferring: Your IDB Your notes/readme files Virtual machines Proof of concept files IDAPython scripts PCAPs ... After doin ...