Comments for Spare Clock Cycles

Comment on 1 Flash Gallery: Arbitrary File Upload by Eduardo | Descargar Programas

Eduardo | Descargar Programas — Tue, 21 Feb 2012 05:22:02 +0000

gracias por la informacion, esta muy entrenida

saludos

Comment on Stack Necromancy: Defeating Debuggers By Raising the Dead by supernothing

supernothing — Tue, 14 Feb 2012 15:00:06 +0000

@Mario
Thanks!

Still a bit green when it comes to RE, so it’s nice to hear that I’m probably not blindly repackaging an often used trick. I’ve also used that reference before, one of my favorites as well.

The SEH route sounds interesting, hadn’t considered it yet. I have been wondering if there was a good, predictable way to nudge the stack into different states, and that might be it. I’ll have to poke around with that.

Comment on Stack Necromancy: Defeating Debuggers By Raising the Dead by Mario Vilas

Mario Vilas — Tue, 14 Feb 2012 14:14:05 +0000

Great post!

I don’t recall this being ever documented as an antidebug technique before, and it’s not listed in my favorite reference either: http://pferrie.tripod.com/papers/unpackers.pdf

I did see this mentioned in some assembly programmer forums like the MASM32 forum, but IMHO nobody came up with the idea of using it as an antidebug trick – people simply stumbled upon this behavior when trying to debug their own applications. It’s easy to mess up the stack when you’re coding in pure ASM!

This also happens when an exception is thrown, since the SEH handlers (and the SEH handling mechanism itself) will also use the current thread stack. Possibly usermode APCs do this as well, but I haven’t tested it myself.

Comment on Avoiding AV Detection by Stack Necromancy: Defeating Debuggers By Raising the Dead « Spare Clock Cycles

Tue, 14 Feb 2012 12:23:41 +0000

[...] from being dynamically unpacked in one of these environments. In a previous post, I talked about writing a simple crypter to bypass AV. In it, I used a timing attack to defeat emulation. We can see from these VirusTotal [...]

Comment on Exploiting an IP Camera Control Protocol: Redux by supernothing

supernothing — Thu, 09 Feb 2012 06:00:22 +0000

I will do that from now on, thanks!

Comment on Exploiting an IP Camera Control Protocol: Redux by Mechael

Mechael — Wed, 08 Feb 2012 04:34:15 +0000

Good stuffs man.. you should post some of your finding on http://news.ycombinator.com/.. I think some of the devs out there would appreciate your efforts… I know I do.. Thanks,..

Comment on Explo(it|r)ing the WordPress Extension Repos by luxe annonces

luxe annonces — Sun, 05 Feb 2012 13:00:11 +0000

$author Merci pour l’article

Comment on Exploiting an IP Camera Control Protocol: Redux by Week 4 in Review – 2012 | Infosec Events

Week 4 in Review – 2012 | Infosec Events — Tue, 31 Jan 2012 05:22:58 +0000

[...] Exploiting an IP Camera Control Protocol: Redux – spareclockcycles.org Last May, I wrote about a remote password disclosure vulnerability I found in a proprietary protocol used to control ~150 different low-end IP cameras. The exploit I wrote was tested on the Rosewill RXS-3211, a rebranded version of the Edimax IC3005. [...]

Comment on Exploiting an IP Camera Control Protocol by Exploiting an IP Camera Control Protocol: Redux « Spare Clock Cycles

Exploiting an IP Camera Control Protocol: Redux « Spare Clock Cycles — Mon, 23 Jan 2012 22:59:45 +0000

[...] May, I wrote about a remote password disclosure vulnerability I found in a proprietary protocol used to control [...]

Comment on 1 Flash Gallery: Arbitrary File Upload by Dez

Dez — Wed, 21 Dec 2011 23:29:02 +0000

I just dealt with this. spammers uploaded a file into a tmp directly that executing mailing commands and sent out a shit ton of mail from my server. It was only when I had deleted the plugin and it’s directories that the mailings stopped (and I stopped getting overloaded with Mailer Daemons)