Thank you Aaron
Thank you Aaron In a recent tweet, some of you may have seen that Aaron Portnoy, the head of our Zero Day Initiative program has decided to move on to other opportunities. During his time with the organization, Aaron led our efforts in Vulnerability Research including managing the Zero Day Initiative and revamping the program to ensure we kept abreast of the threat landscape. His efforts have brought DVLabs many accolades through vehicles such as Pwn2Own and industry c ...
Announcing the IDA Toolbag
Announcing Private Beta Just a quick announcement that Brandon and I will be speaking at Hackito Ergo Sum next week on some of our team's use of IDA. We'll be releasing a private beta (capped at 25 users) of our team's Toolbag code after the talk. For now, you can read our documentation on the ...
MindshaRE: Another Approach To Tracking ReadFile
I. Introduction We often receive fuzzed file submissions, which at times can be agonizing to analyze. Tools help a lot here, as we have shown in previous posts, such as with Peter's awesome write up on hooking ReadFile and MapViewOfFile. This post approaches the same idea of hooking ReadFile for fuzz file analysis, but uses programmatic debugging to hook ReadFile and inspect the input instead of hot patching (hooking is not really the right term to use here, but we will ...
Pwn2Own Challenges: Heapsprays are for the 99%
In case you arent familiar with the Pwn2Own rules this year, we asked people to exploit public bugs... here's one of them. The cve in question (cve-2010-0248) is a use-after-free vulnerability in Internet Explorer 8 found by yours truly back in 2010. This specific bug is triggered by the following poc: <html> <head> <script> ...
Pwn2Own 2012 and Google Pwnium
As you may have heard, Google has withdrawn sponsorship of this year's Pwn2Own contest. They have also announced their plans for a similar contest focused solely on their products. We'd like to clarify why this has occurred and reiterate the reasoning behind why the Pwn2Own contest is designed the way it is. Background on Pwn2Own For those unfamiliar with the history b ...
MindshaRE: Python Syntax Coloring in IDA
MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. In a prior post I showed how if you compile a newer version of PySide you can get acce ...
MindshaRE: Yo Dawg, I heard you like reversing...
...so I reversed your reversing tool to help you reverse better. MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. Update: Igor Skochinsky pointed out that hooking specific actions can be accomplished via the idautils.Proc ...
MindshaRE: Adding Cross References via IDAPython
MindshaRE is our periodic look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries by going through our blog history or querying a search engine for dvlabs mindshare. If there's one thing I've noticed about working with as many reverse engineers as I have, it is that we all use our tools differently. Many of the best reversers I've met barely touch a debugger ...
MindshaRE: IDAception
If you've ever tried collaborating with other people while reverse engineering a vulnerability your process probably includes some tedious steps, like transferring: Your IDB Your notes/readme files Virtual machines Proof of concept files IDAPython scripts PCAPs ... After doin ...
