By
j00ru |
Tue, 27 Jul 2010 21:41:30 +0000 | @domain:
j00ru.vexillium.org
A quick beginning note: My friend d0c_s4vage has created a technical blog and posted his first text just a few days ago. The post entry covers a recent, critical libpng vulnerability discovered by this guy; the interesting thing is that, among others, the latest Firefox and Chrome versions were vulnerable. Feel free to take a [...]
By
Gynvael Coldwind |
Wed, 21 Jul 2010 00:05:36 +0200 | @domain:
gynvael.coldwind.pl
The videos from some CONFidence 2010 lectures have been published. Inter alia, the video from my and j00ru's lecture "Case study of recent Windows vulnerabilities" is available. The video is in a down...
By
j00ru |
Tue, 20 Jul 2010 00:09:11 +0000 | @domain:
j00ru.vexillium.org
Hey there! Today, I would like to post a less-technical text, discussing two issues I have recently came across, or been busy with; don't worry though, as CSRSS Write-Up: IPC (part 2/3) is on the way. The first matter is about recent changes applied to the blog appearance and functionality, while the latter regards the [...]
By
Gynvael Coldwind |
Tue, 20 Jul 2010 00:05:33 +0200 | @domain:
gynvael.coldwind.pl
Yesterday in the night we've published (on j00ru's blog) some old, low severity, PHP advisories (well, they are more research papers than actual advisories). Basically we've done the research to test ...
By
Gynvael Coldwind |
Mon, 19 Jul 2010 00:05:27 +0200 | @domain:
gynvael.coldwind.pl
Looking through my directories I've found some tools that I've kept hidden in my desk, unpublished for some strange reasons. I'm thinking about finalizing the basic functionality of these, and finally...
By
Gynvael Coldwind |
Sun, 18 Jul 2010 00:05:26 +0200 | @domain:
gynvael.coldwind.pl
The evening of 12 December 2006 I've written on my OpenRCE blog a post, in which I've explained that I'm looking for a job as a reverse engineer / programmer. After a few hours I've got an e-mail from...
By
j00ru |
Tue, 13 Jul 2010 16:19:56 +0000 | @domain:
j00ru.vexillium.org
In the second post of the Windows CSRSS Write Up series, I would like to explain how the practical communication between the Windows Subsystem and user's process takes place under the hood. Due to the fact that some major improvements have been introduced in Windows Vista and later, the entire article is split into two [...]
By
Gynvael Coldwind |
Fri, 09 Jul 2010 00:05:25 +0200 | @domain:
gynvael.coldwind.pl
A very short post - the slides from out presentation from RECON 2010 about the Syndicate Wars Port:
recon_swars.pdf (1MB)
I'll write more later ;)...
By
j00ru |
Thu, 08 Jul 2010 20:38:14 +0000 | @domain:
j00ru.vexillium.org
NOTE: The following post entry opens a series of CSRSS-oriented articles, aiming at describing the uncovered CSRSS mechanism internals, present in the Windows OS for more than fifteen years now. Although some great research has already been carried out by a few curious guys (check out the references), no thorough case study is available until [...]
By
j00ru |
Sat, 03 Jul 2010 16:28:00 +0000 | @domain:
j00ru.vexillium.org
NOTE: This post is highly related to the research performed by Alex Ionescu. He is going to present the results of his work on the RECON2010 conference, during his Debugger-based Target-to-Host Cross-System Attacks speech. As it turns out, me and Alex have been working on the same subject concurrently - while I have only managed [...]
By
j00ru |
Fri, 02 Jul 2010 14:09:43 +0000 | @domain:
j00ru.vexillium.org
Sorry, this entry is only available in Polski.
By
j00ru |
Sun, 20 Jun 2010 00:32:45 +0000 | @domain:
j00ru.vexillium.org
Hey! I have recently had some fun playing around with driver signing on Windows x64, and so I like to share some matters that have came into my head Therefore, let me briefly describe some internal mechanisms lying behind well known Driver Signature Enforcement, a significant part of the Code Integrity feature introduced by Microsoft [...]
By
j00ru |
Sun, 30 May 2010 08:18:52 +0000 | @domain:
j00ru.vexillium.org
One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, [...]
By
j00ru |
Sun, 30 May 2010 08:18:52 +0000 | @domain:
j00ru.vexillium.org
One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, [...]
By
Gynvael Coldwind |
Sun, 30 May 2010 00:05:16 +0200 | @domain:
gynvael.coldwind.pl
Just a short (almost copy-pasted from j00ru's blog) post with the original advisories of the vulnerabilities we've talked about on CONFidence (and earlier on Hack In The Box Dubai), with slides used b...
By
Gynvael Coldwind |
Wed, 05 May 2010 00:05:13 +0200 | @domain:
gynvael.coldwind.pl
A few months ago we've (with Unavowed) sent a submission for the CFP for RECON, a Canadian (Montreal) conference that takes place from 9th till 11th July. Yesterday our topic was published on the offi...
By
j00ru |
Mon, 03 May 2010 00:09:52 +0000 | @domain:
j00ru.vexillium.org
Hello! It seems like half a year has passed since I published the Win32k.SYS system call table list on the net. During this time (well, it didn't take so long ) I managed to gather enough information to release yet another API list - this time, concerning an user-mode application - CSRSS (Client/Server Runtime SubSystem). [...]
By
j00ru |
Mon, 03 May 2010 00:09:52 +0000 | @domain:
j00ru.vexillium.org
Hello! It seems like half a year has passed since I published the Win32k.SYS system call table list on the net. During this time (well, it didn't take so long ) I managed to gather enough information to release yet another API list - this time, concerning an user-mode application - CSRSS (Client/Server Runtime SubSystem). [...]
By
Gynvael Coldwind |
Mon, 03 May 2010 00:05:11 +0200 | @domain:
gynvael.coldwind.pl
Just a redirect-post for all you Windows researcher: Matthew has published a CSRSS opcode table on his blog - go and take a look - http://j00ru.vexillium.org/?p=349&lang=en :)...
By
j00ru |
Thu, 22 Apr 2010 14:34:19 +0000 | @domain:
j00ru.vexillium.org
And so it happened ;> As I've written in this post, Gynvael Coldwind has just finished speaking about recent Windows Kernel Vulnerabilities on the Hack In The Box Dubai conference, taking place today. Unfortunately, because of the European air communication being disabled these days, the presentation was held remotely - one way or another, it [...]
By
j00ru |
Thu, 22 Apr 2010 14:34:19 +0000 | @domain:
j00ru.vexillium.org
And so it happened ;> As I've written in this post, Gynvael Coldwind has just finished speaking about recent Windows Kernel Vulnerabilities on the Hack In The Box Dubai conference, taking place today. Unfortunately, because of the European air communication being disabled these days, the presentation was held remotely - one way or another, it [...]
By
j00ru |
Thu, 22 Apr 2010 11:47:32 +0000 | @domain:
j00ru.vexillium.org
Sorry, this entry is only available in Polski.
By
Gynvael Coldwind |
Thu, 22 Apr 2010 00:05:06 +0200 | @domain:
gynvael.coldwind.pl
A few moments ago I've finished my talk at Hack In The Box in Dubai, on which I couldn't of course be in the flesh, since mr.Eyjafjallajökull canceled my flights, hence I've presented by phone and liv...
By
j00ru |
Mon, 19 Apr 2010 23:17:32 +0000 | @domain:
j00ru.vexillium.org
Hello, A few weeks ago, I had the pleasure to take part in a local 24-hour long, programming marathon (greets to my team: Pawel and Wojtek!). Due to the nature of the competition, I was obliged to create a simple class, making it possible to redirect sockets to standard i/o (stdin / stdout), which would [...]
By
j00ru |
Mon, 19 Apr 2010 23:17:32 +0000 | @domain:
j00ru.vexillium.org
Hello, A few weeks ago, I had the pleasure to take part in a local 24-hour long, programming marathon (greets to my team: Pawel and Wojtek!). Due to the nature of the competition, I was obliged to create a simple class, making it possible to redirect sockets to standard i/o (stdin / stdout), which would [...]
By
Gynvael Coldwind |
Mon, 19 Apr 2010 00:05:02 +0200 | @domain:
gynvael.coldwind.pl
Well... it looks like that, due to the mess that the Island volcano Eyjafjoell made, they canceled my flights to Dubai. As a reminder - I was going to give a speech on the Hack In The Box conference a...
By
j00ru |
Tue, 13 Apr 2010 20:20:26 +0000 | @domain:
j00ru.vexillium.org
Today, during the Patch Tuesday, Microsoft has released bits of information regarding the security vulnerabilities present in the Windows kernel - found and exploited (in the Proof of Concept form) by me and Gynvael Coldwind - which are directly connected with a well-known Windows Registry functionality. Five bugs have been described (there is a total [...]
By
j00ru |
Tue, 13 Apr 2010 20:20:26 +0000 | @domain:
j00ru.vexillium.org
Today, during the Patch Tuesday, Microsoft has released bits of information regarding the security vulnerabilities present in the Windows kernel - found and exploited (in the Proof of Concept form) by me and Gynvael Coldwind - which are directly connected with a well-known Windows Registry functionality. Five bugs have been described (there is a total [...]
By
Gynvael Coldwind |
Tue, 13 Apr 2010 00:04:58 +0200 | @domain:
gynvael.coldwind.pl
I've already written, in February, about the first vulnerability found by our team (that would be j00ru and me). Today, Microsoft has published reports about 5 more (well, there were 6 actually, but M...
By
Gynvael Coldwind |
Mon, 22 Feb 2010 00:04:49 -0700 | @domain:
gynvael.coldwind.pl
About a month ago I've sent a CFP submission for the Hack In The Box 2010 Dubai conference, and yesterday I've officially got informed that my lecture was accepted! So, it looks like I'll be speaking ...
By
Gynvael Coldwind |
Mon, 22 Feb 2010 00:04:49 +0100 | @domain:
gynvael.coldwind.pl
About a month ago I've sent a CFP submission for the Hack In The Box 2010 Dubai conference, and yesterday I've officially got informed that my lecture was accepted! So, it looks like I'll be speaking ...
By
Gynvael Coldwind |
Wed, 10 Feb 2010 00:04:44 -0700 | @domain:
gynvael.coldwind.pl
Today is Exploit Wednesday, so it means that yesterday was Patch Tuesday. So, as every month, Microsoft published Microsoft Security Bulletin Summary (for February 2010) and a couple of patches. One o...
By
Gynvael Coldwind |
Wed, 10 Feb 2010 00:04:44 +0100 | @domain:
gynvael.coldwind.pl
Today is Exploit Wednesday, so it means that yesterday was Patch Tuesday. So, as every month, Microsoft published Microsoft Security Bulletin Summary (for February 2010) and a couple of patches. One o...
By
Gynvael Coldwind |
Wed, 27 Jan 2010 00:04:39 +0100 | @domain:
gynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed!
...
By
Gynvael Coldwind |
Tue, 26 Jan 2010 00:04:39 -0700 | @domain:
gynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed!
...
By
Gynvael Coldwind |
Tue, 26 Jan 2010 00:04:39 +0100 | @domain:
gynvael.coldwind.pl
As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed!
...
By
Gynvael Coldwind |
Tue, 26 Jan 2010 00:04:38 +0100 | @domain:
gynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...
By
Gynvael Coldwind |
Mon, 25 Jan 2010 00:04:38 -0700 | @domain:
gynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...
By
Gynvael Coldwind |
Mon, 25 Jan 2010 00:04:38 +0100 | @domain:
gynvael.coldwind.pl
Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators l...
By
j00ru |
Sun, 17 Jan 2010 00:24:38 +0000 | @domain:
j00ru.vexillium.org
Hi there! Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, [...]
By
j00ru |
Sun, 17 Jan 2010 00:24:38 +0000 | @domain:
j00ru.vexillium.org
Hi there! Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, [...]
By
Gynvael Coldwind |
Sun, 17 Jan 2010 00:04:34 +0100 | @domain:
gynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...
By
Gynvael Coldwind |
Sat, 16 Jan 2010 00:04:34 -0700 | @domain:
gynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...
By
Gynvael Coldwind |
Sat, 16 Jan 2010 00:04:34 +0100 | @domain:
gynvael.coldwind.pl
A few weeks ago j00ru has visited me, and, as one can figure out, some more or less interesting ideas came to be. One of such ideas was to use the Call-Gate mechanism in kernel/driver exploit developm...
By
Gynvael Coldwind |
Mon, 11 Jan 2010 00:04:32 -0700 | @domain:
gynvael.coldwind.pl
The Hack In The Box ezine, which was published in the years 2000-2005 (37 issues total) has been revived! The newest issue contains 6 articles (including mine), which gives 44 pages of text, in PDF (l...
By
Gynvael Coldwind |
Mon, 11 Jan 2010 00:04:32 +0100 | @domain:
gynvael.coldwind.pl
The Hack In The Box ezine, which was published in the years 2000-2005 (37 issues total) has been revived! The newest issue contains 6 articles (including mine), which gives 44 pages of text, in PDF (l...
By
Gynvael Coldwind |
Tue, 05 Jan 2010 00:04:29 -0700 | @domain:
gynvael.coldwind.pl
This post will be similar to the previous one, and will be about small, but interesting, details of x86 architecture, that might be (and sometimes are) easily overlooked by creators of emulators and v...
By
Gynvael Coldwind |
Tue, 05 Jan 2010 00:04:29 +0100 | @domain:
gynvael.coldwind.pl
This post will be similar to the previous one, and will be about small, but interesting, details of x86 architecture, that might be (and sometimes are) easily overlooked by creators of emulators and v...
By
j00ru |
Mon, 04 Jan 2010 21:54:54 +0000 | @domain:
j00ru.vexillium.org
What I would like to write about today is a subject I have been playing with for quite some time – Windows kernel vulnerability exploitation techniques. While digging through various articles and other materials, I appeared to find bunches of interesting facts that are worth being described here. The post presented today aims to describe [...]
By
j00ru |
Mon, 04 Jan 2010 21:54:54 +0000 | @domain:
j00ru.vexillium.org
What I would like to write about today is a subject I have been playing with for quite some time – Windows kernel vulnerability exploitation techniques. While digging through various articles and other materials, I appeared to find bunches of interesting facts that are worth being described here. The post presented today aims to describe [...]
By
Gynvael Coldwind |
Tue, 29 Dec 2009 00:04:28 -0700 | @domain:
gynvael.coldwind.pl
In the last few days I've been playing with osdev again (last time I've coded something more than a boot menu (sorry, PL), was in 2003), so expect a few posts about assembler, x86 emulators and simila...
By
Gynvael Coldwind |
Tue, 29 Dec 2009 00:04:28 +0100 | @domain:
gynvael.coldwind.pl
In the last few days I've been playing with osdev again (last time I've coded something more than a boot menu (sorry, PL), was in 2003), so expect a few posts about assembler, x86 emulators and simila...
By
Gynvael Coldwind |
Sat, 28 Nov 2009 00:04:19 -0700 | @domain:
gynvael.coldwind.pl
A few days ago my newest creation was published on the net - VirusTotal Uploader 2.0. Well, it is a different kind of tool that you're used to see from me - it has a window (it's not a console-app), i...
By
Gynvael Coldwind |
Sat, 28 Nov 2009 00:04:19 +0100 | @domain:
gynvael.coldwind.pl
A few days ago my newest creation was published on the net - VirusTotal Uploader 2.0. Well, it is a different kind of tool that you're used to see from me - it has a window (it's not a console-app), i...
By
Gynvael Coldwind |
Mon, 23 Nov 2009 00:04:17 -0700 | @domain:
gynvael.coldwind.pl
Below I present the download links for the slideshow (PDF) from my "Practical security in computer games" lecture, and a 0.0.1 alpha version of SilkProxy. A few more words about that last position: it...
By
Gynvael Coldwind |
Mon, 23 Nov 2009 00:04:17 +0100 | @domain:
gynvael.coldwind.pl
Below I present the download links for the slideshow (PDF) from my "Practical security in computer games" lecture, and a 0.0.1 alpha version of SilkProxy. A few more words about that last position: it...
By
Gynvael Coldwind |
Fri, 13 Nov 2009 00:04:11 +0100 | @domain:
gynvael.coldwind.pl
Just a quick info. j00ru has published on his blog a syscall number/name table for the Win32k syscall shadow table (user32.dll, gdi32.dll and DirectX use it) - http://j00ru.vexillium.org/win32k_syscal...
By
Gynvael Coldwind |
Thu, 12 Nov 2009 00:04:09 +0100 | @domain:
gynvael.coldwind.pl
About two days ago the net started to fill with information about a new programming language, created by people at Google. The language is called Go, and is something between a low-level language (lik...
By
j00ru |
Wed, 11 Nov 2009 17:48:46 +0000 | @domain:
j00ru.vexillium.org
Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers' definitions). As one of the most important part of the communication process between user's applications and kernel, SSDT is commonly used for both clearly [...]
By
j00ru |
Wed, 11 Nov 2009 17:48:46 +0000 | @domain:
j00ru.vexillium.org
Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers' definitions). As one of the most important part of the communication process between user's applications and kernel, SSDT is commonly used for both clearly [...]
By
j00ru |
Mon, 02 Nov 2009 17:30:27 +0000 | @domain:
j00ru.vexillium.org
Today, I would like to write about finding the addresses of non-exported kernel functions (syscall handlers) from user mode. The technique I am going to write about is my very own idea, that occured to me during one of my talks regarding Windows x86 kernel exploitation (greetings to suN8Hclf!). Despite this, I cannot guarantee that [...]
By
j00ru |
Mon, 02 Nov 2009 17:30:27 +0000 | @domain:
j00ru.vexillium.org
Today, I would like to write about finding the addresses of non-exported kernel functions (syscall handlers) from user mode. The technique I am going to write about is my very own idea, that occured to me during one of my talks regarding Windows x86 kernel exploitation (greetings to suN8Hclf!). Despite this, I cannot guarantee that [...]
By
Gynvael Coldwind |
Wed, 14 Oct 2009 00:03:55 +0200 | @domain:
gynvael.coldwind.pl
Seems I'm a little behind on the English side of the mirror, so it's time to fix that with another PHP internals topic! This time I'll tell you the story of the PNG format, of course in the context of...
By
j00ru |
Fri, 09 Oct 2009 02:33:42 +0000 | @domain:
j00ru.vexillium.org
First of all, I would like to point out that my old bootkit presentation related stuff is available since a few weeks now. As the whole event was held in polish language, so are the slides / materials. One way or another, if some of you were interested, just take a look at the Slow [...]
By
j00ru |
Fri, 09 Oct 2009 02:33:42 +0000 | @domain:
j00ru.vexillium.org
First of all, I would like to point out that my old bootkit presentation related stuff is available since a few weeks now. As the whole event was held in polish language, so are the slides / materials. One way or another, if some of you were interested, just take a look at the Slow [...]
By
j00ru |
Sat, 03 Oct 2009 23:28:08 +0000 | @domain:
j00ru.vexillium.org
Since I have recently managed to find some time and come back to TraceHook project development, I decided to mark the result of a-few-hour-long session with the next version number - 0.0.2. Until now, the application has been designed for my own purposes - it was written to handle particular problems and work under certain [...]
By
Gynvael Coldwind |
Thu, 03 Sep 2009 00:03:47 +0200 | @domain:
gynvael.coldwind.pl
And now for something completely different - my first laptop. It wasn't a Pentium as some might suspect. It wasn't even a 386. No, it was something, even older! If you are interested in computer arche...
By
j00ru |
Sun, 30 Aug 2009 11:50:42 +0000 | @domain:
j00ru.vexillium.org
Having some free time, I managed to apply some minor fixed to the TraceHook – I also decided to publish it, by the way. If there will be any bug reports / improvement suggestions, I will be more motivated to return to its development
TraceHook is a tiny application keeping track over processes and [...]
By
Gynvael Coldwind |
Sat, 29 Aug 2009 00:03:44 +0200 | @domain:
gynvael.coldwind.pl
Time has come to write the second part of the PHP getimagesize story (yes, that means that there was a first part *grin*). This time I'll focus more on what getimagesize is supposed to do - on acquiri...
By
j00ru |
Fri, 28 Aug 2009 15:07:54 +0000 | @domain:
j00ru.vexillium.org
I have been recently encountering quite a non-typical problem – playing Starcraft was hard due to the amount of active processes running on my operating system – including a few IDA instances, virtual machines and the most disturbing… Firefox web browser. As we all know, it’s not only about the memory being used by Firefox [...]
By
j00ru |
Thu, 27 Aug 2009 23:02:09 +0000 | @domain:
j00ru.vexillium.org
I have a pleasure to inform the blog readers about the incoming event I am taking part in – the polish SecDay conference (regarding security in a general meaning)!
My presentation’s subject is the practical approach to, so called, bootkit creation. To make things clear, bootkit consists of a number of code blocks [...]
By
Gynvael Coldwind |
Fri, 28 Aug 2009 00:03:43 +0200 | @domain:
gynvael.coldwind.pl
The getimagesize function is, in my humble opinion of course, one of the most interesting functions of the standard PHP library (yes, the standard library, even while it's documentation is placed amon...
By
Gynvael Coldwind |
Wed, 26 Aug 2009 00:03:41 +0200 | @domain:
gynvael.coldwind.pl
Today's post will be about something totally different. Mainly, I have a new SOHO router for a half of year or so at my place - yep, the D-Link DI-524 (rev.B), which replaced my old DI-604 (which I li...
By
j00ru |
Tue, 18 Aug 2009 10:55:36 +0000 | @domain:
j00ru.vexillium.org
Welcome to the blog on my own hosting!
I have recently decided to add multi-language support to the blog, which obviously required the Wordpress system to be moved to my own hosting (the one provided by wordpress.com lacks many important features, like the possibility to install plugins (which turned out to be very useful, by the [...]
By
Gynvael Coldwind |
Sat, 08 Aug 2009 00:03:35 +0200 | @domain:
gynvael.coldwind.pl
(Be sure to checkout the demonstration video at the bottom of the page). Two months ago I've written about banker troyans, that some change DNS settings, other add a list of domains (used by financial...
By
Gynvael Coldwind |
Tue, 14 Jul 2009 00:03:31 +0200 | @domain:
gynvael.coldwind.pl
Today I'll write about an interesting mistake (or misinterpretation in this case) I've spoted in my friends code, and also I'll mention a certain link I found in the referers. I'll start with the link...
By
Gynvael Coldwind |
Sun, 12 Jul 2009 00:03:30 +0200 | @domain:
gynvael.coldwind.pl
For some random reasons my blog became quiet recently, but don't worry, it's only temporary. It's time to catch up, and write about this and that.
PHP as a preprocessor not only for HTML
Recently ...
By
j00ru |
Sat, 04 Jul 2009 16:08:03 +0000 | @domain:
j00ru.vexillium.org
Aww, another month or even more has apparently passed just in front of my eyes. As some of you might have realized, the school time have already ended (something like two weeks ago), thus allowing me to carry out some more research and remember about this blog. I expect some more posts to be written [...]
By
Gynvael Coldwind |
Sun, 14 Jun 2009 00:03:25 +0200 | @domain:
gynvael.coldwind.pl
It happened so that I got back to reversing banker trojans the other day, and celebrated it with a 24-hour marathon with many different foreign malware entities. Looks like that when I played with oth...
By
Gynvael Coldwind |
Mon, 01 Jun 2009 00:03:21 +0200 | @domain:
gynvael.coldwind.pl
Recently while reading some press news / blog posts, a few things came to my attention, which I would like to discuss (as in "rant about them") in this post.
The first thing will be about news/post...
By
Gynvael Coldwind |
Wed, 27 May 2009 00:03:19 +0200 | @domain:
gynvael.coldwind.pl
The previous Sunday I decided to play a little with graphical interpretation of files again. Graphical interpretation, or visualizations as one may call it, is a large topic, there are even some inter...
By
Gynvael Coldwind |
Tue, 26 May 2009 00:03:18 +0200 | @domain:
gynvael.coldwind.pl
At last! A technical post!.. in which, I'll describe the ESET crackme from this years edition of the CONFidence conference. The CONFidence crackme (made especially for the conference - it was NOT thei...
By
Gynvael Coldwind |
Tue, 26 May 2009 00:03:17 +0200 | @domain:
gynvael.coldwind.pl
Time to update the English side of my mirror! As I've written before, I had the opportunity to be present at this years edition of the CONFidence conference, and, starting with a spoiler, I think it w...
By
j00ru |
Wed, 20 May 2009 21:39:17 +0000 | @domain:
j00ru.vexillium.org
It seems like the blog has been dead for more than two months, mainly due to kind of wrong priority hierarchy – there was always something interesting to research, even when I should be busy writing a next interesting post on my blog
The recent weeks haven’t been wasted at all, as the site [...]
By
Gynvael Coldwind |
Mon, 18 May 2009 00:03:12 +0200 | @domain:
gynvael.coldwind.pl
Welcome back after a short break! It looks like that after posting on the Polish side of the mirror about a binary I've received from a friend, the post was posted on wykop.pl - a Polish site like dig...
By
Gynvael Coldwind |
Wed, 13 May 2009 00:03:08 -0700 | @domain:
gynvael.coldwind.pl
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...
By
Gynvael Coldwind |
Wed, 13 May 2009 00:03:08 +0200 | @domain:
gynvael.coldwind.pl
Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came ...
By
Gynvael Coldwind |
Fri, 10 Apr 2009 00:02:57 -0700 | @domain:
gynvael.coldwind.pl
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...
By
Gynvael Coldwind |
Fri, 10 Apr 2009 00:02:57 +0200 | @domain:
gynvael.coldwind.pl
Recently I've been working on a function written in assembly (NASM dialect) that was to be compiled and then loaded and executed at runtime by an Objective C application. The function was to search in...
By
Gynvael Coldwind |
Sat, 04 Apr 2009 00:02:55 -0700 | @domain:
gynvael.coldwind.pl
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...
By
Gynvael Coldwind |
Sat, 04 Apr 2009 00:02:55 +0200 | @domain:
gynvael.coldwind.pl
I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from...
By
Gynvael Coldwind |
Wed, 18 Mar 2009 00:02:52 -0700 | @domain:
gynvael.coldwind.pl
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...
By
Gynvael Coldwind |
Wed, 18 Mar 2009 00:02:52 +0100 | @domain:
gynvael.coldwind.pl
The results of the GDPL compo have been posted (available also here). Seems my predictions were right and Krzysiek K. has won (he earned it ;>). Second was maskl ex aequo with me, and third came Reg. ...
By
Gynvael Coldwind |
Tue, 17 Mar 2009 00:02:50 -0700 | @domain:
gynvael.coldwind.pl
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...
By
Gynvael Coldwind |
Tue, 17 Mar 2009 00:02:49 -0700 | @domain:
gynvael.coldwind.pl
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...
By
Gynvael Coldwind |
Tue, 17 Mar 2009 00:02:50 +0100 | @domain:
gynvael.coldwind.pl
Sunday, from 5pm till 8pm, another gamedev.pl compo took place. This time, it was a 3 hour compo during which one had to create a 'game that has both a cow and a pig' (a strange topic I must say). I d...
By
Gynvael Coldwind |
Tue, 17 Mar 2009 00:02:49 +0100 | @domain:
gynvael.coldwind.pl
Finally has arrived the day when I take a look at creating OS X GUI applications! Applications on Mac are usually created using Objective C language (which I didn't have the pleasure to meet yet) and ...
By
j00ru |
Sun, 15 Mar 2009 21:18:31 +0000 | @domain:
j00ru.vexillium.org
As a loyal standard Windows shell (explorer.exe) user I often encounter some problems with the number of opened Windows on one desktop. Since my current notebook hardly ever goes down, so does the user’s shell. After a few working evenings, I often have difficulty localizing the desired windows. Having something like 40-50 of them, it [...]
By
j00ru |
Thu, 12 Mar 2009 22:02:27 +0000 | @domain:
j00ru.vexillium.org
1. Introduction
The first technical post here is about the process of terminating applications on Windows system. I have been researching this subject for the last few days, during which a number of interesting (yet unknown) facts has appeared. Some of the solution ideas regarding particular problems are presented here, though I am sure there are [...]
By
Gynvael Coldwind |
Thu, 12 Mar 2009 00:02:46 -0700 | @domain:
gynvael.coldwind.pl
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...
By
Gynvael Coldwind |
Thu, 12 Mar 2009 00:02:46 +0100 | @domain:
gynvael.coldwind.pl
As my readers may know, for some time now I have access to a MacBook with OS X. Finally I found some time to test the standard exploiting techniques on OS X. I must admit that OS X surprised me positi...
By
Gynvael Coldwind |
Tue, 10 Mar 2009 00:02:44 -0700 | @domain:
gynvael.coldwind.pl
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...
By
Gynvael Coldwind |
Tue, 10 Mar 2009 00:02:44 +0100 | @domain:
gynvael.coldwind.pl
The story starts as usual. I've been writing a certain application, that generates some test files. The files were very similar in structure, so I took the common factor out, and created a function th...
By
j00ru |
Mon, 09 Mar 2009 18:24:41 +0000 | @domain:
j00ru.vexillium.org
Welcome to my new tech blog!
Seems like I finally decided to create a place to store the ideas that might become forgotten otherwise, so here you are. Even though I had some trouble choosing between polish/english/both versions, I eventually chose the one making the contents readable by a wider people range.
What you will hopefully be [...]
By
Gynvael Coldwind |
Sun, 08 Mar 2009 00:02:42 -0800 | @domain:
gynvael.coldwind.pl
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :)
As one can figure o...
By
Gynvael Coldwind |
Sun, 08 Mar 2009 00:02:42 +0100 | @domain:
gynvael.coldwind.pl
In the previous post I've written about a tool that measures entropy, but, I left the problem of "why the hell should somebody measure entropy" for later. That "later" is now :)
As one can figure o...
By
Gynvael Coldwind |
Mon, 02 Mar 2009 00:02:38 -0800 | @domain:
gynvael.coldwind.pl
There is a tool, created by j00ru and me, that I was supposed to publish online a long time ago. However, I judged that the code is not-pretty, and (one might add "as always") there was no time to pre...
By
Gynvael Coldwind |
Mon, 02 Mar 2009 00:02:36 -0800 | @domain:
gynvael.coldwind.pl
I've written lately about spam in the Referrer field of the HTTP header - bots insert links (some times with BBCode) to shops with viagra, penises, and enlarging your watches. Now it has evolved! The ...
By
Gynvael Coldwind |
Sun, 01 Mar 2009 00:02:35 -0800 | @domain:
gynvael.coldwind.pl
Well, this post in the Polish side of the mirror is much longer, since most of the conferences I'm going to attend (as an participant or a speaker) in this half of 2009 are Polish-language conference....
By
Gynvael Coldwind |
Fri, 13 Feb 2009 00:02:32 -0800 | @domain:
gynvael.coldwind.pl
Recently I didn't have much time to post on my blog, but a few small things came up, and I decided they won't take to much time to publish.
As you may know, I like checking HTTP referrers of people...
By
Gynvael Coldwind |
Tue, 10 Feb 2009 00:02:30 -0800 | @domain:
gynvael.coldwind.pl
I've received another spam message generated with an 'almost' finished spam generator. Take a look:
SUBJECT: {soft_spain_subject_random}
FROM: esamerwin@hfma.org
DATE: 2009-02-02 16:44
Ahora v...
By
Gynvael Coldwind |
Thu, 05 Feb 2009 00:02:29 -0800 | @domain:
gynvael.coldwind.pl
Todays post will be contain some technical security stuff - I'll write about a technique called "return-oriented programming" or "return-oriented exploiting" or "ret-to-libc without returning to funct...
By
Gynvael Coldwind |
Tue, 03 Feb 2009 00:02:28 -0800 | @domain:
gynvael.coldwind.pl
Yesterday I've finally got some time to finish the changes in the new version of ExcpHook. So, version 0.0.5-rc2 (rc2 of alpha ;p) is ready for download, and might be even usable ;D
ExcpHook Except...
By
Gynvael Coldwind |
Fri, 30 Jan 2009 00:02:23 -0800 | @domain:
gynvael.coldwind.pl
As you can see, Xa is a man of his word - he threatened me that he will make a new lay, and he did make it ;>
Some things are still are to be "styled", some require minor polish, but all together, th...
By
Gynvael Coldwind |
Thu, 29 Jan 2009 00:02:21 -0800 | @domain:
gynvael.coldwind.pl
A moment of peace and quite is over. I'm back (after a cold), and it's time for another post ;D
Today I'll write again about CPC464, this time, about the cassettes.
Not long ago (before the cold) ...
By
Gynvael Coldwind |
Tue, 20 Jan 2009 00:02:19 -0800 | @domain:
gynvael.coldwind.pl
I've made a few more compares between exports in DLLs in Windows Vista SP1 and Windows 7 Beta.
kernel32.dll
ntdll.dll
gdi32.dll
user32.dll
advapi32.dll
Thats all for now,
UPDATE: A few ch...
By
Gynvael Coldwind |
Mon, 19 Jan 2009 00:02:12 -0800 | @domain:
gynvael.coldwind.pl
Todays post won't be about cmd.exe and BAT, for the moment, I have exhausted that topic. Instead, I'll write about drawing cool-looking "pictures" using sin and cos functions, in C++.
As always, th...
By
Gynvael Coldwind |
Mon, 19 Jan 2009 00:02:10 -0800 | @domain:
gynvael.coldwind.pl
Long, long time ago, in the DOS times that is, one could configure the command prompt to be colorful, one could echo colorful messages, etc. And one could do all that thanks to the ANSI escape codes -...
By
Gynvael Coldwind |
Sun, 18 Jan 2009 00:02:09 -0800 | @domain:
gynvael.coldwind.pl
Today's post will be, as promised, about OpenGL in .BAT scripts. At the very beginning, I would like to remind you (I was told that the correct form of 'you' is written with a lower 'y') that .BAT scr...
By
xa |
Sat, 17 Jan 2009 08:16:17 -0800 | @domain:
draftspace.art.pl
Date: 17.01.2009
By
xa |
Sat, 17 Jan 2009 08:16:17 -0800 | @domain:
draftspace.art.pl
Date: 17.01.2009
By
Gynvael Coldwind |
Wed, 14 Jan 2009 00:02:06 -0800 | @domain:
gynvael.coldwind.pl
Finally You can download the official Windows 7 Beta release (unofficially You could do it for some time now). So I've downloaded it, installed it (looks cool), and started to play...
The first thi...
By
Gynvael Coldwind |
Mon, 12 Jan 2009 00:02:05 -0800 | @domain:
gynvael.coldwind.pl
Today post is for all You Batmans out there ;>
The .BAT scripts (sometimes called batch scripts) are as old as DOS. First time I've met bats on my old 286 PC, and they were used there very commonly...
By
xa |
Sat, 10 Jan 2009 14:42:51 -0800 | @domain:
draftspace.art.pl
Date: 10.01.2009
By
Gynvael Coldwind |
Fri, 09 Jan 2009 00:02:01 -0800 | @domain:
gynvael.coldwind.pl
I don't know what is it about this week, but I got some new hardware, and I had to spend some time to get it all working, piece by piece.
First, my PCMCIA LPT card arrived, and my STK200 AVR progr...
By
Gynvael Coldwind |
Sat, 03 Jan 2009 00:02:00 -0800 | @domain:
gynvael.coldwind.pl
The night has ended, and so has the data transfer from CPC to PC (if interested, one can download the RAM dump here). I also rewritten the code from CPC to PC - the listing is at the end of this post....
By
xa |
Fri, 02 Jan 2009 10:51:30 -0800 | @domain:
draftspace.art.pl
Date: 02.01.2009
By
Gynvael Coldwind |
Fri, 02 Jan 2009 00:01:58 -0800 | @domain:
gynvael.coldwind.pl
Waiting for my new programmer (which will arrive "at the end of the week") I decided to dump RAM from my new Amstrad to my PC. But there was a problem - how to do it without having any cables to conne...
By
Gynvael Coldwind |
Thu, 01 Jan 2009 00:01:56 -0800 | @domain:
gynvael.coldwind.pl
Frankly speaking it's good to have a wife. Especially a wife that finds an old (but operational) Amstrad-Schneider CPC 464 (64k Colour Peronal Computer) at the bottom of the wardrobe. And so, a new to...
By
xa |
Mon, 29 Dec 2008 04:50:54 -0800 | @domain:
draftspace.art.pl
Date: 29.12.2008
By
xa |
Mon, 29 Dec 2008 04:50:54 -0800 | @domain:
draftspace.art.pl
Date: 29.12.2008
By
xa |
Mon, 29 Dec 2008 04:50:54 -0800 | @domain:
draftspace.art.pl
Trzy muzy z mitologii greckiej: Aoede (śpiew i poezja), Melete (nauka, praca) i Mneme (pamięć, wspomnienia).
Date: 29.12.2008
By
xa |
Mon, 29 Dec 2008 04:50:54 -0800 | @domain:
draftspace.art.pl
Date: 29.12.2008
By
Gynvael Coldwind |
Mon, 29 Dec 2008 00:01:53 -0800 | @domain:
gynvael.coldwind.pl
In menu on the right (under the links to the posts) I've added a link to a section with some code snippets created now and then. They are rather simple, and I think beginner readers will be more inter...
By
xa |
Thu, 25 Dec 2008 09:41:06 -0800 | @domain:
draftspace.art.pl
Date: 25.12.2008
By
xa |
Thu, 25 Dec 2008 09:41:06 -0800 | @domain:
draftspace.art.pl
Date: 25.12.2008
By
xa |
Thu, 21 Jun 2007 14:18:24 -0700 | @domain:
draftspace.art.pl
Date: 21.06.2007
Another marriage (again, lol)
By gynvael.coldwind (2008.12.25)
This time I got got married! (with Arashi). Huh ;D
vx++
By gynvael.coldwind (2008.09.22)
Another person has joined our team - that would be samlis.coldwind. Welcome :D
Just married (again)
By gynvael.coldwind (2008.08.11)
Extremely happy news again! aps and his gf Ewelina got married on 9 of August! Thats the second marriage in our team. Who's next?
Gadu-Gadu and Tlen multiple low/med impact vulns
By gynvael.coldwind (2008.07.06)
Four days ago j00ru published some of his findings in Gadu-Gadu 7.7 [Build 3725] and Tlen IM 6.00.2.69. Inter alia, j00ru writes about GG number registration captcha bypass, remote file storage (this one is very interesting imho ;>), both GG and Tlen's Denial of Service, and Tlen's message sendtime spoofing.
The advisory can be found in the security section, or here (direct link).
unnks 0.1 sees the light of day
By unavowed (2008.06.26)
A few days ago I published the source code for unnks, an extractor
for NKS archives that are used by several programs to store musical samples. It
does what it advertises, and is portable across several operating systems. I
set up a project on sourceforge to host the files permanently.
vx++
By gynvael.coldwind (2008.04.28)
Today oshogbo has joined our team. Welcome m8! =^^=
IGK 2008 Compo results
By gynvael.coldwind (2008.04.22)
Two weeks ago (the news is late, as always) some Vexillium members (me, Xa Hellwing and j00ru) attended at the polish IGK conference (IGK stands for Inzynieria Gier Komputerowych, which can be translated as Computer Game Engineering) in Siedlce (east Poland). As every year, there was an eight-hour-long team game compo at the end of the conference, in which we took part (with naleth being our fourth member - and he did a fine job indeed =^^=). The compo topic was "sewers - paradise underground" (lol ;D), and we decided to code a two-player underground deathmatch with portals, rats, and "cheeze rulz" in the background. After 8 hours of coding, and a very exciting vote counting it was revealed that out game got TOP1 (ypiiii!) =^^=. Some screens from the game can be found in the gamedev section, and the game is planed to be release in near future (a post compo version, since the compo version had some stupid bugs). The game requires two mice to play btw =^^=.
Additionally to the game compo there was an unofficial Quake 3 tournament, which I've manage to win =^^=. My brother, Samlis Coldwind, was TOP2, while TOP3/4 was shared by Krzysiek K. and salvation. Another interesting event on the conference was a game dev knowledge Quiz made by the guys from gamedev.pl - Reg and Xion. The quiz was won by artpoz, while I tied fourth with Charibo =^^=.
Well, the conference was very entertaining and I've really enjoyed it! I hope to see all of the participants next year! It was fun to see You guys again =^^=.
And for a final word... Respect to all the compo teams!
Vexillium.org moved to a new hosting
By gynvael.coldwind (2008.02.24)
Our site became quite popular recently, and we kept exceeding transfer limits at our old hosting, so we had to switch to a new one. The main website has been fully transfered to the new hosting (as You can see =^^=), but there might be some problems accessing our other sites for a few more days - sorry for the inconvenience.
Btw, as You probably have noticed, Xa began to create a comic strip. #1 you can see on the right, and #2 is comming soon (maybe tomorrow even). Go go Xa! FTW =^^=.
Firefox and Opera remote information disclosure advisory publication
By gynvael.coldwind (2008.02.16)
Some time ago (in december 2007) I found a vulnerability in some popular browsers. Today, when the fixed versions are already released, the advisory describing the vulnerability is released. The paper and a demonstration video can be found here.
DLL Spoofing
By gynvael.coldwind (2008.02.15)
Recently I found out that the site Revival.pl has been closed. One of my papers was availible on that site, and only on that site, so I guess it went offline as well. So, I've uploaded it to this site =^^=. The paper is in polish (maybe I'll translate it later). The paper can be found here.
FPU Tracer v0.0.1 release
By j00ru (2008.01.28)
I've added a new tool - Float Tracer program, to the Security section. You can see some screenshots at http://j00ru.vexillium.org/FPU_Tracer/screenshots/. Have fun playing with it ;> And feel free to report any bugs ^^
SDL_Image advisory publication, ExcpHook 0.0.4 release
By gynvael.coldwind (2008.01.23)
In the SECURITY section I've put an advisory regarding SDL_Image 1.2.6 GIF buffer overflow. Additionally I've relased 0.0.4 version of ExcpHook - my exception monitoring application for Windows XP. That's it for now ;>
Filling the black pages
By gynvael.coldwind (2007.12.23)
This news is written mostly to fill the blank pages hehe. I've uploaded an old Virtual PC detection research paper to SECURITY section, and a Opera Remote DoS advisory, also in the SECURITY section. Well, that's it for now.
New website
By gynvael.coldwind (2007.12.21)
Well, what to say. Finally after many many years we have created a website with some more text in it ;>.
By
xa |
Thu, 21 Jun 2007 20:01:35 -0700 | @domain:
draftspace.art.pl
Date: 23.06.2007
By
xa |
Thu, 21 Jun 2007 14:21:52 -0700 | @domain:
draftspace.art.pl
Date: 21.06.2007
By
xa |
Thu, 21 Jun 2007 14:19:59 -0700 | @domain:
draftspace.art.pl
Date: 21.06.2007
Date: 17.01.2009
Date: 17.01.2009
Date: 10.01.2009
Date: 29.12.2008
Date: 29.12.2008
Date: 29.12.2008
Date: 25.12.2008
Date: 25.12.2008
Date: 21.06.2007
Two weeks ago (the news is late, as always) some Vexillium members (me, Xa Hellwing and j00ru) attended at the polish IGK conference (IGK stands for Inzynieria Gier Komputerowych, which can be translated as Computer Game Engineering) in Siedlce (east Poland). As every year, there was an eight-hour-long team game compo at the end of the conference, in which we took part (with naleth being our fourth member - and he did a fine job indeed =^^=). The compo topic was "sewers - paradise underground" (lol ;D), and we decided to code a two-player underground deathmatch with portals, rats, and "cheeze rulz" in the background. After 8 hours of coding, and a very exciting vote counting it was revealed that out game got TOP1 (ypiiii!) =^^=. Some screens from the game can be found in the gamedev section, and the game is planed to be release in near future (a post compo version, since the compo version had some stupid bugs). The game requires two mice to play btw =^^=.
Date: 23.06.2007
Date: 21.06.2007
Date: 21.06.2007
