During Black Hat USA 2012, ESET released a challenge, in which you need to build a key generator that passes 2 stages. Only one person managed to solve the crackme, and he did it in 10 hours. He later submitted another solution. Feel free to download the crackme and see if you can solve it yourself.
We are proud to present a new, growing collection from IBadishi Digital Art (the sharpest of you might note the family relationship 
). The collection features hack-me shirts (try to hack them!), ASCII art, geek chic, and simply cool gear. You can see some samples below. We would also love to hear what you think and what cool designs you would like to see, so feel free to leave your comments below.
Continue reading
While working on Poison Ivy’s communication, one of my students approached me and asked me if the fact that an infected computer can connect to the C&C server means that the compromised host can break into the server. Well folks, it appears that it’s possible. We will now present a fully working exploit for all Windows platforms (i.e., bypassing DEP and ASLR), allowing a computer infected by Poison Ivy (or any other computer, for that matter) to assume control of PI’s C&C server.
Continue reading
Last time, we talked about MS12-024 (CVE-2012-0151), which states that a vulnerability in the way WinVerifyTrust operates could allow an attacker to modify a signed executable so that it runs arbitrary code, but the signature remains verifiable. We now give more details on the patch for Windows XP SP3.
Continue reading
After successfully decrypting Poison Ivy’s communication, we proceed to analyze the way the Poison Ivy (PI) server and client components interact. We prefer not to reverse engineer the components, but rather look at the data they send to each other and deduce what is going on. As you’ll soon see, we are way too optimistic.
Continue reading
Last time, we talked about the solution to part 2 of GCHQ’s challenge. We now have an executable file named keygen.exe, and we need to figure out what to do with it. Of course, you can try to run it (just make sure you have Cygwin with the crypt library installed), but I prefer to disassemble it first, or run it in OllyDbg (or both).
Continue reading
Solving step 1 of GCHQ’s challenge got us to a javascript file, with instructions on how to operate a VM:
Continue reading
Recall the image we need to decipher in GCHQ’s challenge:
So, we have an image with bytes written in hex all over it. The first thing that came to my mind is that these are opcodes for a program. Why did I think that? Well, I had several reasons: