Posts Archive

March 2016

1.

circllu.py: Querying circl.lu API for CVE Information

March 12, 2016

This post demos a few nifty API endpoints from circl.lu that provide information on CVE and the vulnerabilities

February 2016

2.

FireEye FLARE On 2014 Challenges (1-5)

February 18, 2016

The following post is a writeup for FireEye's FLARE On 2014 challenges that I recently attempted.

November 2015

3.

cigma: A Pure Python Filetype Identification Library

November 22, 2015

Cigma is a minimal, pure Python filetype identification library I created as an alternative to various Python ports of libmagic that are floating around.

August 2015

4.

capinfos.py: Pure Python Pcap Statistics Tool

August 2, 2015

This post introduces a pure-Python way of parsing a pcap file and generating statistics like capinfos tool from Wireshark.

May 2015

5.

Eindbazen CTF Challenge: bin100

May 27, 2015

This post is a writeup for the bin100 challenge (Dice Revenge) from Eindbazen CTF 2013.

March 2015

6.

Shellcode Detection Module in ChopShop

March 12, 2015

This post shows a shellcode detection module that I submitted to MITRECND's ChopShop Protocol Analysis/Decoder Framework.

November 2014

7.

Flowinspect: A Network Inspection Tool

November 27, 2014

This post introduces a network inspection tool that I've developed, called Flowinspect. It aims to reassemble network data and scan it via different inspection engines. Results of these scan can be viewed as a HTML report or consumed as a JSON via external applications.
8.

pcapedit: An Interactive Scapy-based Pcap Editor

November 15, 2014

pcapedit is an interactive pcap editor. It provides quick shorthand over Scapy commands and aims to be useful for mundane pcap editing tasks. The interactive mode allows saving of command history to a script which can then be used to edit multiple files together.

September 2014

9.

Little PDF Puzzle from Didier Stevens

September 18, 2014

This is a post on how to solve the Little PDF puzzle from Didier Stevens.

June 2014

10.

PCAP-GenerationTools and Content-Type Identification Patch

June 18, 2014

This post introduces PCAP-Generation-Tools project which allows one to create pcaps using Python and Scapy without touching the network stack. The post also mentions a filetype identification patch that I submitted and which was merged in the master branch.

May 2014

11.

CONFidence DS CTF Teaser: Stegano50

May 6, 2014

This post discusses how I completed the stego50 challenge from Dragon Sector CTF team. It is a simplistic challenge but a good source for learning about PDF internals.

March 2014

12.

Northrop's Online Challenge

March 27, 2014

I came across an interesting challenge posted by someone from Northrop Grumman Cyber Intelligence Division at /reddit/netsec's Q1 2014 Information Security Hiring Thread. This post documents the steps I took to solve it.
13.

Shellcode Analysis Pipleine

March 18, 2014

This post talks about creating an automated shellcode analysis pipeline where in the shellcode is sourced from public portals and tested via multiple analysis engines. It provides an automated way of testing the accuracy of detection engines like Libemu/Snort/Suricata/Bro against publicly available shellcode.

February 2014

14.

buf1 - Another Buffer Overflow Challenge

February 24, 2014

This is another buffer overflow challenge I found online. I posted a writeup on a similar challenge buf0 earlier and one for this challenge was long due. Finally today I got some time to document the solution.

January 2014

15.

buf0 - A Buffer Overflow Challenge

January 6, 2014

This is a buffer overflow challenge I found online. Although some people might find this to be a pretty easy exploit target, I thought of posting a writeup since it will still be someone's starting point into the jouney of exploitation.

November 2013

16.

Visualizing (non-POSIX) Regular Expressions

November 27, 2013

This post details the steps involved in visualizing a (non-POSIX) regular expression using Finite State Automata.

September 2013

17.

Developing a Minimal IPS from Scratch

September 15, 2013

What do you get when you combine a TCP/IP reassembly/defragmentation library with Python's re module? Read on to know more.

August 2013

18.

reverse Challenge from Coursera's Malicious Software Course

August 29, 2013

This post is a writeup on the reverse-challenge from recently concluded Malicious Software course on Coursera.
19.

reverse-ex Challenge from Coursera's Malicious Software Course

August 24, 2013

The recently concluded Malicious Software course on Coursera had an interesting reversing challenge reverse-ex. This is a writeup on how to complete it.

June 2013

20.

Network Stream Reassembly and Defragmentation

June 18, 2013

Libnids is a library that emulates Linux kernel 2.0.x TCP/IP stack to offer IP defragmentation, TCP reassembly and port scan detection features. This post talks about the Python wrapper and how to use it.

March 2013

21.

x86 Emulation and Shellcode Detection

March 6, 2013

Libemu is a C library for x86 emulation and shellcode detection. Pylibemu is its Python wrapper that provides an easy-to-use API and has additional features compared to the default bindings.

January 2013

22.

Gera's Warming Up on Stack #5 - Solutions

January 5, 2013

Solutions for Gera's Warming up on Stack #5 program.
23.

Gera's Warming Up on Stack #4 - Solutions

January 4, 2013

Solutions for Gera's Warming up on Stack #4 program.
24.

Gera's Warming Up on Stack #3 - Solutions

January 3, 2013

Solutions for Gera's Warming up on Stack #3 program.
25.

Gera's Warming Up on Stack #2 - Solutions

January 2, 2013

Solutions for Gera's Warming up on Stack #2 program.

September 2012

26.

TFM MMPlayer .ppl File Parsing SEH Overflow

September 2, 2012

TFM MMPlayer SEH overflow via a pop-pop-return overwrite and negative jumps.
27.

Shadow Stream Recorder .asx File Parsing Buffer Overflow

September 2, 2012

Shadow Stream Recorder EIP overflow via a jmp esp overwrite.
28.

Millennium MP3 Studio .mpf File Parsing SEH Overflow

September 2, 2012

Millenium MP3 Studio SEH overflow via a pop-pop-return overwrite.
29.

SoriTong MP3 Player .m3u File Parsing SEH Overflow

September 2, 2012

SoriTong MP3 Player SEH overflow via a pop-pop-return overwrite.
30.

Word List Builder .dic File Parsing SEH Overflow

September 2, 2012

Word List Builder SEH overflow via a pop-pop-return overwrite and negative jumps.

August 2012

31.

Gera's Warming Up on Stack #1 - Solutions

August 27, 2012

Solutions for Gera's Warming up on Stack #1 program.

July 2012

32.

Exploit Mitigation Techniques on Linux Systems

July 10, 2012

This post discusses various exploit mitigation techniques like NX, ASLR, PIE and SSP available on modern Linux distributions.