http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Fri, 24 Dec 2010 02:16:57 -0600 https://www.openrce.org/blog/view/1635/Using_NtCreateThreadEx_for_Remote_Thread_Execution_in_System_Process_for_Vista_&_Windows7 tnagareshwar <email-suppressed@example.com> Some times back I wrote article on using lesser known method, <b>NTCreateThreadEx</b> for remote thread execution. This is better alternative compared to <b>CreateRemoteThread</b> especially for Vista &amp; Windows 7. As you may aware CreateRemoteThread was the popular method used for DLL Injection.<br /> <br /> Here are some of the highlights of this technique<br /> <br /> * Major advantage is that it can work across session boundaries while CreateRemoteThread cannot.<br /> <br /> * User need to have sufficient privileges to perform tasks such as DLL injection using this method.<br /> <br /> * It is <b>UNDOCUMENTED</b>-&nbsp;&nbsp;there is a risk but it is worth it.<br /> <br /> This article explains everything you need to know about NtCreateThreadEx with complete <b>code example</b>.<br /> <br /> Click on the below link to read the full article,<br /> <br /> <a href="http://securityxploded.com/ntcreatethreadex.php">Remote Thread Execution in System Process using NtCreateThreadEx for Vista &amp; Windows7 </a><br /> <br /> <br /> .<br /> <br /> Wed, 24 Nov 2010 11:57:46 -0600 https://www.openrce.org/blog/view/1628/Reversing_PDF_-_Vulnerabilities,_Exploits_and_Malwares tnagareshwar <email-suppressed@example.com> In this tutorial, Dhanesh explains how to use basic PDF analysis tools such as <b>PDFAnalyzer</b> in dissecting the exploit code from malicious PDF files in simple steps with illustrative screenshots. <br /> <br /> Highlights of the Article<br /> <br /> &nbsp;&nbsp;&nbsp;&nbsp;* Throws light on usage of PDF analysis tools such as PDFAnalyzer<br /> &nbsp;&nbsp;&nbsp;&nbsp;* Demonstrates malware analysis of real PDF samples<br /> &nbsp;&nbsp;&nbsp;&nbsp;* Describes in detail dissecting of the exploit code from PDF structures.<br /> <br /> <br /> Read the <a href="http://securityxploded.com/pdf_vuln_exploits.php"><b>complete article here</b></a><br /> <br /> <br /> <br /> <br /> Sun, 14 Nov 2010 01:19:27 -0600 https://www.openrce.org/blog/view/1625/Android_Reverse_Engineering_-_A_Kick_Start tnagareshwar <email-suppressed@example.com> In this article our contributing author Dhanesh <br /> <br /> &nbsp;&nbsp;* explains about basics of Andriod Reverse Engineering with step by step tutorial using simple crackme. <br /> <br /> &nbsp;&nbsp;* throws light on the tools required for reversing and demonstrate how to use them in right sequence with complete pictorial representation.<br /> &nbsp;&nbsp;<br /> &nbsp;&nbsp;* describes dissecting of the Android code package to reveal the secrets. <br /> <br /> <a href="http://securityxploded.com/android_reversing.php">Read More</a><br /> Fri, 29 May 2009 20:00:23 -0500 https://www.openrce.org/blog/view/1467/VistaUACMaker_with_New_Look_&_Feel tnagareshwar <email-suppressed@example.com> Vista has introduced new feature&nbsp;&nbsp; called UAC (User Account Control). In short it basically controls&nbsp;&nbsp; the way in which applications are executed by different users. Due&nbsp;&nbsp; to enforcement of this UAC, by default any application on Vista will&nbsp;&nbsp; run under the context of standard user instead of administrator. As&nbsp;&nbsp; a [...] Fri, 29 May 2009 19:51:16 -0500 https://www.openrce.org/blog/view/1468/SpyDLLRemover_with_Spyware_Scanning_Feature tnagareshwar <email-suppressed@example.com> SpyDLLRemover is the standalone tool to&nbsp;&nbsp; effectively detect and delete spywares from the system. Now It comes with&nbsp;&nbsp; advanced spyware scanner which can quickly discovers hidden Rootkit&nbsp;&nbsp; processes as well suspicious/injected DLLs within all running processes.&nbsp;&nbsp; It not only performs sophisticated auto analysis on process DLLs but&nbsp;&nbsp; also displays them [...]