SecuriTeam - Antidebugging For (M)asses - Protecting the Enviroment

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

2nd Annual Cyber Security

CONFidence 2012 May 23-24

Hack In Paris

The whitepaper linked here provides a few examples for antidebugging techniques that can be used under the Windows operating system.

Credit:
The information has been provided by Piotr Bania.
The original article can be found at: http://pb.specialised.info/all/articles/antid.txt

Free Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Introduction:
The number of computer hackers/crackers have reached a very high level recently. It is very hard to develop a product that will be secure against reverse engineering attacks, to be const-stricto it is surely impossible. However, if we can, why not make their dirty work harder?

The paper discusses several techniques:
* Open CSRSS.EXE to detect SEH debugger
* Use the CheckRemoteDebuggerPresent API provided by Windows XP
* Protect ExitProcess to detect Softice/D*

The whitepaper can be found at: http://pb.specialised.info/all/articles/antid.txt

blog comments powered by Disqus

	'Bypassing Internet Explorer\'s XSS Filter'
	'Apple OfficeImport Framework Excel Memory Corruption Vulnerability'
	'LittleBlackBox Project: Default SSL Keys in Multiple Routers'
	'Why Silent Updates Boost Security'
	'PDF Silent HTTP Form Repurposing Attacks'
	'Frame Pointer Overwrite Demonstration (Linux)'
	'Format String Exploitation Demonstration (Linux)'
	'Hacking SOHO Routers'
	'Reflective Dll Injection'
	'Achieving Persistent HTML Injection via SNMP on Embedded Devices'
	'Lateral SQL Injection: a New Class of Vulnerability in Oracle'
	'Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)'
	'Cold Boot Attacks on Disk Encryption'
	'OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability'
	'Exploiting WDM Audio Drivers'
	'Securing and Hardening Linux Paper'
	'27Mhz Wireless Keyboard Analysis Report aka "We Know What You Typed Last Summer"'
	'Cryptanalysis of the Random Number Generator of the Windows Operating System'
	'Windows Personal Firewall Analysis'
	'Biologger - A Biometric Keylogger'

Featured Articles

	'Apple OfficeImport Framework Excel Memory Corruption Vulnerability'
	'How Shellcodes Work'
	'HTTP Response Smuggling'
	'Security Testing Demystified'
	'UPnP Flawed Application'
	'Database Servers on Windows XP - Unintended Consequences of Simple File Sharing'
	'Advances in Format String Exploits'
	'XSS Virus Whitepaper'
	'NTLM HTTP Authentication is Insecure By Design'
	'Meanwhile - On the Other Side of the Web Server'
	'The Heart of Web Security'
	'The 80/20 Rule for Web Application Security'
	'Data Tastes Better Seasoned: Introducing the ASH Family of Hashing Algorithms'
	'Common Firewall Configuration Errors'
	'Analysis of the Exploitation Processes'
	'Integer Array Overflows'
	'Attacks on Kerberos V in a Windows 2000 Environment'
	'More Advanced SQL Injection Paper Released'
	'SQL Injection Walkthrough'
	'CRLF Injection'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs