Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security| blog.k3170makan.com
Previous Post in Series:| k3170
Previous Post in Series:| k3170
In this very brief post I'm going to share a tool I've build that does binary taint analysis using Angr. There really isn't much to talk about since the code is pretty readable and not complex but I will also walk though a quick introduction to the concept and why its cool. The post will include links to all the scripts used. I should mention that the tools used here are research tools they have bugs, they don't always run so smooth and there's a bunch of cases they can't manage; but they do ...| k3170
This post is going to cover some stuff I learned while suffering through some rando keygen style reverse engineering CTFs. Basically, what do you do| k3170
Hi folks, in this post I'm going to walk through how to setup the linux kernel for debugging. I will also demonstrate that the setup works by setting a break-point to a test driver I wrote myself. All the code will be available from my gitlab, all the links to my gitlab will be re-posted at the end. | k3170
Date: 06-21-20| k3170
Hi folks, its been a while! In this post I'm going to talk about getting started with LLVM and I'll discuss writing a basic pass which we will build on as the post series develops.| k3170
Hi folks, in the previous post I covered a simple example showing how Angr can speed up solving keygen / crackme type challenge. In this one I'm covering an explanation of how symbolic modeling of registers works with Angr and throwing in a weird little problem that required argv constraints to solve.| k3170
Hi folks, I just learned a couple nifty tricks with angr, a popular symbolic execution framework with a very slick python front end. Turns out this tool makes solving the odd crack me CTF extremely easy, I've been porting the same script around for a number of CTF challenges and it's knocking em down like nobody's business. So in the following post I'm going to give you folks a quick crash course in using the tool and show you how easy it is to solve a sample crack me.| k3170
In this post I'm going to run through a crash course about UART, and write up some personal notes I use to find them quickly and dump shells on embedded devices. So is going to be a little informal at times but the aim of the post is to get the tips and process across quickly so those who want to can get to dumping shells too! So this focused on supporting the activity of interacting with UART ports as they appear on an average IoT device. | k3170
Hi folks, this post is part of a series in which I try to explore the internals of glibc's implementation ptmalloc2 which is used for managing heap memory. In this post I'm going to specifically pay attention to the main_arena and the malloc_state structure, which is used to store some important pointers for searching heap memory.| k3170
FPGAs are arguably the best way to get into hardware reverse engineering for many reasons. The most obvious one according to me is the experience in what I've to term "raw clockiness" (or the practice of making a real hardware backed clock; do exactly what you want). There is a certain romanticism of freshly broken set theory and deep repressed proof theory sins that comes to bare for me when I'm exposed to this kind of computing. All other kinds tend to veil this shaky, sometimes deeply CO...| k3170
Wiring my board up to an LCD screen on top of a copy of Hegel's Aesthetics. | k3170
This post is part of a series, check out the others in the series here:| k3170
In this post and the others in this series, I will unpack some of the internals to glibc's dynamic heap data structures and associated beasts. This post specifically will start you off with no background insight on the heap (perhaps a little on ELF internals and debugging), and detail some experiments you can perform to learn how the heap works.| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
So I lied a little about what would be the next in the series, I realized there was something I should have added to the previous one - which ironically was the addends about the r_addend field :) So here it is, the section on mangling r_addend fields with some other tricks I left out.| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
Hi folks, this post is part of a series about the ELF format. So far in this series we have:| k3170
Hi folks! This post is part of a series I'm covering on the ELF format. In this one I'm going to discuss the section headers and unpack how they work.| k3170
Welcome back folks! In the previous post I covered pretty much the most trivial parts of the ELF file format. In this post we are actually going to work with one of the most interesting mechanisms in the file - the program headers! I skipped some parts of the ELF header in the previous post and decided to cover them here specifically because they inform on the Program Headers anyway. Lets get started!| k3170
ELF Files are charged with using their magic to perform two holy tasks in the linux universe. The first being to tell the kernel where to place stuff in memory from the ELF file on disk as well as providing ways to invoke the dynamic loaders functions and maybe even help out with some debugging information. Essentially speaking its telling the kernel where to put it in memory and also the plethora of tools that interpret the file where all the data structures are that hold useful information ...| k3170