Banker trojans - a return to the past
It happened so that I got back to reversing banker trojans the other day, and celebrated it with a 24-hour marathon with many different foreign malware entities. Looks like that when I played with oth...
Random security thoughts
Recently while reading some press news / blog posts, a few things came to my attention, which I would like to discuss (as in "rant about them") in this post.
The first thing will be about news/post...
Art of file - graphical interpretation of a file
The previous Sunday I decided to play a little with graphical interpretation of files again. Graphical interpretation, or visualizations as one may call it, is a large topic, there are even some inter...
CONFidence 2009 ESET crackme - solution
At last! A technical post!.. in which, I'll describe the ESET crackme from this years edition of the CONFidence conference. The CONFidence crackme (made especially for the conference - it was NOT thei...
CONFidence 2009 - gg plz re :)
Time to update the English side of my mirror! As I've written before, I had the opportunity to be present at this years edition of the CONFidence conference, and, starting with a spoiler, I think it w...
Recent conferences’ reports
It seems like the blog has been dead for more than two months, mainly due to kind of wrong priority hierarchy – there was always something interesting to research, even when I should be busy writing a next interesting post on my blog
The recent weeks haven’t been wasted at all, as the site [...]
RE-Enter teh blog
Welcome back after a short break! It looks like that after posting on the Polish side of the mirror about a binary I've received from a friend, the post was posted on wykop.pl - a Polish site like dig...
ANSI Escape Codes for Windows 7 RC
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...
ANSI Escape Codes for Windows 7 RC
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...
How to make your life simpler - GDB scripts embedded in assembly source code
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...
How to make your life simpler - GDB scripts embedded in assembly source code
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...
SysDay 2009 post conference materials (and the unicorn)
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...
SysDay 2009 post conference materials (and the unicorn)
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...
March GDPL 3h compo - results
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...
March GDPL 3h compo - results
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...
After the march 3h GDPL compo...
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...
OS X, Objective C i RE
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...
After the march 3h GDPL compo...
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...
OS X, Objective C i RE
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...
Extending Total Commander with some minor functionality
As a loyal standard Windows shell (explorer.exe) user I often encounter some problems with the number of opened Windows on one desktop. Since my current notebook hardly ever goes down, so does the user’s shell. After a few working evenings, I often have difficulty localizing the desired windows. Having something like 40-50 of them, it [...]
Process termination issues
1. Introduction
The first technical post here is about the process of terminating applications on Windows system. I have been researching this subject for the last few days, during which a number of interesting (yet unknown) facts has appeared. Some of the solution ideas regarding particular problems are presented here, though I am sure there are [...]
OS X vs Write-What-Where Condition
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...
OS X vs Write-What-Where Condition
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...
Automagical function list in C++
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...
Automagical function list in C++
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...
Hello world!
Welcome to my new tech blog!
Seems like I finally decided to create a place to store the ideas that might become forgotten otherwise, so here you are. Even though I had some trouble choosing between polish/english/both versions, I eventually chose the one making the contents readable by a wider people range.
What you will hopefully be [...]
Entropy
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :)
As one can figure o...
Entropy
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :)
As one can figure o...
Ent v.0.0.3
There is a tool, created by j00ru and me, that I was supposed to publish online a long time ago. However, I judged that the code is not-pretty, and (one might add "as always") there was no time to pre...
Referer spam, episode 2
I've written lately about spam in the Referrer field of the HTTP header - bots insert links (some times with BBCode) to shops with viagra, penises, and enlarging your watches. Now it has evolved! The ...
Conferences, conferences...
Well, this post in the Polish side of the mirror is much longer, since most of the conferences I'm going to attend (as an participant or a speaker) in this half of 2009 are Polish-language conference....
Few random things
Recently I didn't have much time to post on my blog, but a few small things came up, and I decided they won't take to much time to publish.
As you may know, I like checking HTTP referrers of people...
Someone forgot to finish the spam generator. Again.
I've received another spam message generated with an 'almost' finished spam generator. Take a look:
SUBJECT: {soft_spain_subject_random}
FROM: esamerwin@hfma.org
DATE: 2009-02-02 16:44
Ahora v...
Return-oriented exploiting
Todays post will be contain some technical security stuff - I'll write about a technique called "return-oriented programming" or "return-oriented exploiting" or "ret-to-libc without returning to funct...
ExcpHook ver 0.0.5-rc2
Yesterday I've finally got some time to finish the changes in the new version of ExcpHook. So, version 0.0.5-rc2 (rc2 of alpha ;p) is ready for download, and might be even usable ;D
ExcpHook Except...
New layout
As you can see, Xa is a man of his word - he threatened me that he will make a new lay, and he did make it ;>
Some things are still are to be "styled", some require minor polish, but all together, th...
CPC464 and cassettes
A moment of peace and quite is over. I'm back (after a cold), and it's time for another post ;D
Today I'll write again about CPC464, this time, about the cassettes.
Not long ago (before the cold) ...
Windows 7 - a list of change in exports, update
I've made a few more compares between exports in DLLs in Windows Vista SP1 and Windows 7 Beta.
kernel32.dll
ntdll.dll
gdi32.dll
user32.dll
advapi32.dll
Thats all for now,
UPDATE: A few ch...
SIN*COS
Todays post won't be about cmd.exe and BAT, for the moment, I have exhausted that topic. Instead, I'll write about drawing cool-looking "pictures" using sin and cos functions, in C++.
As always, th...
Enter teh ANSI Escape Code support for internal cmd.exe commands and BAT scripts
Long, long time ago, in the DOS times that is, one could configure the command prompt to be colorful, one could echo colorful messages, etc. And one could do all that thanks to the ANSI escape codes -...
Using OpenGL in .BAT scripts
Today's post will be, as promised, about OpenGL in .BAT scripts. At the very beginning, I would like to remind you (I was told that the correct form of 'you' is written with a lower 'y') that .BAT scr...
State of mind (Digital painting)
Date: 17.01.2009Windows 7 - short list of changes in kernel32.dll exports
Finally You can download the official Windows 7 Beta release (unofficially You could do it for some time now). So I've downloaded it, installed it (looks cool), and started to play...
The first thi...
BAT scripts and objective programming
Today post is for all You Batmans out there ;>
The .BAT scripts (sometimes called batch scripts) are as old as DOS. First time I've met bats on my old 286 PC, and they were used there very commonly...
Syndicate Wars Icon (Design)
Date: 10.01.2009Rant: The week of my own private Hardware War
I don't know what is it about this week, but I got some new hardware, and I had to spend some time to get it all working, piece by piece.
First, my PCMCIA LPT card arrived, and my STK200 AVR progr...
Lightsack - code from CPC, conclusion
The night has ended, and so has the data transfer from CPC to PC (if interested, one can download the RAM dump here). I also rewritten the code from CPC to PC - the listing is at the end of this post....
ReverseCraft (Video)
Date: 02.01.2009Lightsack - how to send data from CPC 464 to PC without owning the neccesery cables
Waiting for my new programmer (which will arrive "at the end of the week") I decided to dump RAM from my new Amstrad to my PC. But there was a problem - how to do it without having any cables to conne...
CPC 464
Frankly speaking it's good to have a wife. Especially a wife that finds an old (but operational) Amstrad-Schneider CPC 464 (64k Colour Peronal Computer) at the bottom of the wardrobe. And so, a new to...
Reborn (Digital painting)
Date: 29.12.2008Muzy (Digital painting)
Trzy muzy z mitologii greckiej: Aoede (śpiew i poezja), Melete (nauka, praca) i Mneme (pamięć, wspomnienia).
Date: 29.12.2008Code snippets
In menu on the right (under the links to the posts) I've added a link to a section with some code snippets created now and then. They are rather simple, and I think beginner readers will be more inter...
Apocalypse (Digital painting)
Date: 25.12.2008Another marriage (again, lol)
This time I got got married! (with Arashi). Huh ;D
vx++
Another person has joined our team - that would be samlis.coldwind. Welcome :D
Just married (again)
Extremely happy news again! aps and his gf Ewelina got married on 9 of August! Thats the second marriage in our team. Who's next?
Gadu-Gadu and Tlen multiple low/med impact vulns
Four days ago j00ru published some of his findings in Gadu-Gadu 7.7 [Build 3725] and Tlen IM 6.00.2.69. Inter alia, j00ru writes about GG number registration captcha bypass, remote file storage (this one is very interesting imho ;>), both GG and Tlen's Denial of Service, and Tlen's message sendtime spoofing.
The advisory can be found in the security section, or here (direct link).
unnks 0.1 sees the light of day
A few days ago I published the source code for unnks, an extractor for NKS archives that are used by several programs to store musical samples. It does what it advertises, and is portable across several operating systems. I set up a project on sourceforge to host the files permanently.
vx++
Today oshogbo has joined our team. Welcome m8! =^^=
IGK 2008 Compo results
Two weeks ago (the news is late, as always) some Vexillium members (me, Xa Hellwing and j00ru) attended at the polish IGK conference (IGK stands for Inzynieria Gier Komputerowych, which can be translated as Computer Game Engineering) in Siedlce (east Poland). As every year, there was an eight-hour-long team game compo at the end of the conference, in which we took part (with naleth being our fourth member - and he did a fine job indeed =^^=). The compo topic was "sewers - paradise underground" (lol ;D), and we decided to code a two-player underground deathmatch with portals, rats, and "cheeze rulz" in the background. After 8 hours of coding, and a very exciting vote counting it was revealed that out game got TOP1 (ypiiii!) =^^=. Some screens from the game can be found in the gamedev section, and the game is planed to be release in near future (a post compo version, since the compo version had some stupid bugs). The game requires two mice to play btw =^^=.
Additionally to the game compo there was an unofficial Quake 3 tournament, which I've manage to win =^^=. My brother, Samlis Coldwind, was TOP2, while TOP3/4 was shared by Krzysiek K. and salvation. Another interesting event on the conference was a game dev knowledge Quiz made by the guys from gamedev.pl - Reg and Xion. The quiz was won by artpoz, while I tied fourth with Charibo =^^=.
Well, the conference was very entertaining and I've really enjoyed it! I hope to see all of the participants next year! It was fun to see You guys again =^^=.
And for a final word... Respect to all the compo teams!
Vexillium.org moved to a new hosting
Our site became quite popular recently, and we kept exceeding transfer limits at our old hosting, so we had to switch to a new one. The main website has been fully transfered to the new hosting (as You can see =^^=), but there might be some problems accessing our other sites for a few more days - sorry for the inconvenience.
Btw, as You probably have noticed, Xa began to create a comic strip. #1 you can see on the right, and #2 is comming soon (maybe tomorrow even). Go go Xa! FTW =^^=.
Firefox and Opera remote information disclosure advisory publication
Some time ago (in december 2007) I found a vulnerability in some popular browsers. Today, when the fixed versions are already released, the advisory describing the vulnerability is released. The paper and a demonstration video can be found here.
DLL Spoofing
Recently I found out that the site Revival.pl has been closed. One of my papers was availible on that site, and only on that site, so I guess it went offline as well. So, I've uploaded it to this site =^^=. The paper is in polish (maybe I'll translate it later). The paper can be found here.
FPU Tracer v0.0.1 release
I've added a new tool - Float Tracer program, to the Security section. You can see some screenshots at http://j00ru.vexillium.org/FPU_Tracer/screenshots/. Have fun playing with it ;> And feel free to report any bugs ^^
SDL_Image advisory publication, ExcpHook 0.0.4 release
In the SECURITY section I've put an advisory regarding SDL_Image 1.2.6 GIF buffer overflow. Additionally I've relased 0.0.4 version of ExcpHook - my exception monitoring application for Windows XP. That's it for now ;>
Filling the black pages
This news is written mostly to fill the blank pages hehe. I've uploaded an old Virtual PC detection research paper to SECURITY section, and a Opera Remote DoS advisory, also in the SECURITY section. Well, that's it for now.
New website
Well, what to say. Finally after many many years we have created a website with some more text in it ;>.
Bez nazwy (Traditional painting)
Date: 23.06.2007Oblicza (Traditional painting)
Date: 21.06.2007Medytacja (Drawings)
Date: 21.06.2007Giganci (Drawings)
Date: 21.06.2007
