Court of Analysis and Testing

Time to get serious Over the last couple of months, we do a lot of ROP exploitation to bypass the anti-exploit mechanism that enforces by many modern OS. This approach is good because it gives us the flexibility to craft our own exploit by reusing a specific part of the program. But it needs a lot of work and relatively hard to get it right since the necessary gadget may not available and ASLR will make it harder, not to mention it cannot be implemented cross-platform so it is not really that flexible. so is there any other approach for ROP to make it more compact and able to run cross-platform? introduces Sigreturn ROP (Signal Return Oriented Programming) What is SigROP? Think SigROP as just like another type of ROP attack that you can do besides the regular one. The attack works by abusing the way in which most UNIX systems return from a signal handler so we can forge the signal context to emulate its own stack frame at runtime. In layman term, if we manage to take c...

In the previous post , we are talking about how we can bypass NX and ASLR at the same time in 32 bit but have you ever think that the same attack can be successfully launched at 64 bit. The answer is "NO!" Even though the concept of launching the attack is almost the same but there are some minor change that we need to apply to our exploit You must be aware that the 32-bit and the 64-bit function call is different. 32 bit use the stack to pass the parameter of the function but 64 bit use the register to passing the parameter and we need to utilize ROP to chain to call the function To make it more clear we are going to solve one of the CTF challenge (babypwn) that come from Rooters CTF you can download the binary at this link: https://github.com/abs0lut3pwn4g3/RootersCTF2019-challenges/tree/master/pwn/babypwn Crash... crash...crash....crash First, like any initial stage of exploit development, we need to crash the program in order to find out how many offset tha...

Have you ever wonder how to do android malware analysis? Do you want to know how to dissect it and understand the mechanism inside the android malware? if yes, in this post we will do so some analysis on one of the samples of android malware from china it cames from Baidu antivirus, you can take a look at the samples from this link: https://github.com/ashishb/android-malware/tree/master/BreakBottleneck  if no, you can just ignore this whole post LOL :) (kudos for the owner of the GitHub page you make my life easier) Please be careful when analyzing the samples, don't install it at your real device but install it at the android emulator or contained environment. I'm not responsible for any incident that happens to your device The idea of this post is to give you some insight on how to do analysis on android malware. We will try to do static analysis and then go to the dynamic analysis. Remember, the result that you will see here is based on my analysis and meth...

In the last post of learning shellcode, we are taking a look at how to create our own simple shellcode in 32-bit intel architecture but this time let's switch to ARM architecture so we have a better understanding of how the program works in more low level. note: this post is heavily based on Azeria labs you guys can check the corresponding post in here . All I do is just reiterating the concept and probably explain a little bit more detail about it Let's start from the beginning "Hello world" in this section, we are going to just create a really simple hello world program from scratch using arm assembly. Type the following code below and save it as "hello_world.s" let's break it down in detail what is this code really doing: 1. ".data" section used to initialized data or constant in memory and remember this section cannot be changed during runtime by default. In the source code, we declare two variable which is "string...