📚
OpenRCE
is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.
About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
DelightedZuk
's Blog
Created: Saturday, November 6 2010 13:01.59 CDT
Modified: Saturday, November 6 2010 13:29.36 CDT
Direct Link, View / Make / Edit Comments
Remote Code Execution - Android 2.0, 2.1
Author:
DelightedZuk
# Views:
2532
Webkit on Android 2.0, 2.1, is vulnerable to use-after-free vulnerability.
enjoy:
Blog post
Created: Monday, April 19 2010 14:16.55 CDT
Direct Link, View / Make / Edit Comments
Aurora, hooking, advisories, security, RE, life - my blog
Author:
DelightedZuk
# Views:
4357
Hey guys,
When I first posted this blog, it had only 1-2 lame posts, now I got much more security oriented posts.
My blog is about security research (I still got some security advisories I'm going to release after vendor will patch it),
Reverse Engineering, Aurora related original information, Hooking, programming, malware & hacking!
I'm also a member of security group who research malware, so I get very interesting samples! :]
All the content is more-or-less is original, no copying of other posts.
You're all invited to view, comment and sign up as followers.
Thanks!
http://imthezuk.blogspot.com
Cheers!
Created: Sunday, January 17 2010 04:34.28 CST
Modified: Sunday, January 17 2010 04:36.55 CST
Direct Link, View / Make / Edit Comments
Administrator account VS. SYSTEM account
Author:
DelightedZuk
# Views:
5388
Full blog post including a bit sarcasm at :
http://imthezuk.blogspot.com/
I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM.
This is what made me write this post :
Let's say there are 2 programs vulnerable to remote-code-execution bug.
1. One is running as SYSTEM
2. One is running as Administrator.
Little pre-post-information regarding exploitation : If you run your exploit against a process which runs as Administrator, Your payload will run as Administrator. If you run it against SYSTEM account your payload will run as SYSTEM account.
Which one you would want to exploit more?
95% of security people, will say : "the SYSTEM one, off-course SYSTEM is much stronger than admin, it's the strongest user in the OS".
I'd say : it doesn't matter and I might slightly want to run as Admin instead of System. Why? This is what this blog-post is all about.
pre Windows 2008 post. full post @ my blog :
http://imthezuk.blogspot.com/
Created: Friday, December 4 2009 04:07.36 CST
Direct Link, View / Make / Edit Comments
My new security blog
Author:
DelightedZuk
# Views:
3994
http://imthezuk.blogspot.com/
cheers :)
BTW, are there any more guys here @ SANS London event now??
Created: Thursday, September 10 2009 03:32.30 CDT
Direct Link, View / Make / Edit Comments
Python POST command
Author:
DelightedZuk
# Views:
4817
I've built a project for the company I work in, we'll publish it later, but one of the problems of the project was using another proxy which didn't implemented a POST method (and now I know why, it was hell to find about it).
So, I will make your life easier, in-order to get a POST parameters, there's socket fileobject called rfile, that's what you're looking for.
Params = self.rfile.read(int(rinstance.headers["content-length"]))
After that, building a POST (ssl or not) request using raw data is relatively easy.
I hope it will save you a few minutes,
Cheers.
Archived Entries for DelightedZuk
Subject
# Views
Created On
PyFFDebugger - Python inside firefox
3598
Thursday, September 10 2009
There are
31,328
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}