Instruction Pointer Relative Addressing (for position independent code)
So, here’s an interesting trick I’ve been using, that I’ve never seen anyone mention before. One of the new features that AMD added to the x86 instruction set when they did the AMD64/x86-64, was that...
View ArticlePDF Obfuscation using getAnnots()
Since around October 2009, Neosploit¹, a black-market exploit toolkit, has been fabricating PDF files in a slightly new way, but in a way which is difficult for many parsers to analyze for...
View ArticleWin32 API Shellcode Hash Algorithm
1. A Modest Proposal Daylight Saving Time Allegedly, the purpose of Daylight Saving Time is to save energy by manipulating a unit of measurement. Mileage Saving Time I have a similar proposal for how...
View ArticleClik here to view.
Musings on download_exec.rb
Exposition This is not anything new and exciting¹, and should hopefully be familiar to some of you reading this. Some time ago I reversed the shellcode from Metasploit’s download_exec module. It’s a...
View Article
