Binary Analysis Mode:
(Page 1 of 3)  1 2 3  Next >
PacSec 2008 CFP  (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/  Oct. 1) 2008-08-26
Dragos Ruiu (dr kyx net)
Spanish url:

Speaker list and Dojos for BA-Con, September 30, October 1st.
(all presentations in both Spanish and English)


WPA/WPA2: how long is it gonna make it - Cédric Blancher & Simon Maréchal,
Security Concerns

[ more ]  [ reply ]
CIAT 1.0 release 2008-08-13
Omar Herrera (oherrera prodigy net mx)
I would like to announce the first release of the Cryptographic
Implementations Analysis Toolkit (CIAT). This Toolkit is a compendium of
command line
and graphical tools whose aim is to help in the detection and analysis
of encrypted byte sequences within files (executable and
non-executable). I

[ more ]  [ reply ]
ekoparty 2008 - [First Round of Selection] - [Argentina] 2008-08-12
ekoparty (no-reply ekoparty com ar)
ekoparty 4th edition -
Information Security | Insecurity Conference.
October 2 and 3, 2008
Ciudad Autonoma de Buenos Aires - Argentina

[*] What is the ekoparty?

It's a one of a kind event in South America; an annual security
conference held in Buenos Aires where security specia

[ more ]  [ reply ]
Binary Analysis tool survey 2008-07-30
Sanjay R (2sanjayr gmail com) (1 replies)
Hi List:
I am starting a state-of-the-art survey in the field of code analysis
(methods and tools) with focus on binary analysis, from security
standpoint. In this regard, I need some input, from your experience
and knowledge. I am basically looking for:
1. any existing article in the similar lines

[ more ]  [ reply ]
Re: Binary Analysis tool survey 2008-07-31
wishi (wishinet googlemail com) (1 replies)
Re: Binary Analysis tool survey 2008-08-01
Sanjay R (2sanjayr gmail com)
BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008) 2008-06-27
Dragos Ruiu (dr kyx net)

BUENOS AIRES, Argentina -- The first annual BA-Con applied
technical security conference - where the eminent figures in the
international and South American security industry will get together
and share best practices and technology - will be held in Buen

[ more ]  [ reply ]
EUSecWest CFP Closes April 14th (conf May 21/22 2008) 2008-04-10
Dragos Ruiu (dr kyx net)
(We've moved the conference this year to the a club
in Leicester Square in the heart of London and SoHo.
We'll be putting speakers up across the square at the
Radisson Edwardian Hampshire, but there are lots of
hotels in the region there in the center of London
for those who want to attend (the ve

[ more ]  [ reply ]
Recon 2008 - Call For Paper 2008-03-03
Recon (cfp2008 recon cx)
Welcome to TeleMate!
DATAPAC: Call connected to XXXX XXXX

This is a private system. Access attempts are logged. Unauthorized
access may result in prosecution.


+ + + +

[ more ]  [ reply ]
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's 2007-11-09
Dragos Ruiu (dr kyx net)
I'd like to congratulate Adam Laurie for winning the second Powerbook
from the Pwn_to_Own contest as the prize for the best speaker rated
by the audience for his presentation on RFID at CanSecWest 2007.
We will have a similar prize for the best speaker at CanSecWest 2008,
prize TBD (but we promise i

[ more ]  [ reply ]
Hacker Challenge 2007 2007-08-16
Hacker Challenge (challenge2007 hackerchallenge org)

I'm not certain if this list is still active, but I thought that the
following announcement might be of interest. Between now and August
27th at 14:00 GMT, we are accepting registrations to participate in the
2007 Hacker Challenge. The challenge is a part of our research into
software sec

[ more ]  [ reply ]
RE: Debugger Detection Functions 2007-05-24
Aleksander P. Czarnowski (aleksander czarnowski avet com pl)
This is great example of very short and simple question which rises long
and complex answer.
First of all you need to dived debugger detection into 2 areas: user
mode and kernel (ring0) ones. Secondly some tricks will not work on
certain lines of systems - for example detection procedures will look

[ more ]  [ reply ]
Debugger Detection Functions 2007-05-24
Gleyson Melo (gleysonmelo gmail com) (4 replies)
Hi Everyone!

Does anyone of you know what are the documented/undocumented ways to
find if there's a debugger running your Windows program?

I know about the IsDebuggerPresent API function, but I don't know about others.

Thanks a lot,
Gleyson Melo

[ more ]  [ reply ]
Re: Debugger Detection Functions 2007-05-24
Dennis (dennis backtrace de)
Re: Debugger Detection Functions 2007-05-24
Greg Hunt (gregory hunt gmail com)
Re: Debugger Detection Functions 2007-05-24
Gerry Eisenhaur (gerrye gmail com)
Re: Debugger Detection Functions 2007-05-24
Steve Coleman (Steve Coleman jhuapl edu)
Rich ASCII string in PE Header 2007-03-09
Don Parker (dparker bridonsecurity com)
Hello all,

My question is as follows;

Why is there the "Rich" ASCII string in the PE Header. It is not in every PE
Header either. At first I thought this was added by the MS VS compiler but
that is not the case. Also read that this was added by the linker, but
wouldn't it then appear in all PE Hea

[ more ]  [ reply ]
Driver circumventing checksum based tamper-resistance in user-space exes.. 2006-11-17
Vinay A. Mahadik (vamahadik fastmail fm)
This is based on Shadow Walker(idea and code both)/"inverse-Pax" applied
to user-space executables instead. Idea can be used to reverse ring3
executables that have self-checksums in place for tamper resistance.
Basically, user-space exes can be code-patched arbitrarily - the exe's
self-checksums do

[ more ]  [ reply ]
RE: [Malware-track] Re: [General-discussion] Secure Science Corporation Malware Case Study 2006-11-16
Alex Eckelberry (AlexE sunbelt-software com) (1 replies)
Really good piece btw.

-----Original Message-----
From: malware-track-bounces (at) mal-aware (dot) org [email concealed]
[mailto:malware-track-bounces (at) mal-aware (dot) org [email concealed]] On Behalf Of Lance James
Sent: Thursday, November 16, 2006 2:48 PM
To: Jose Nazario
Cc: Phish-Net; Malicious Activity Awareness &, Response Discussions;

[ more ]  [ reply ]
Re: [General-discussion] Secure Science Corporation Malware Case Study 2006-11-16
Lance James (lancej securescience net)
Jose Nazario wrote:
> On Thu, 16 Nov 2006, Lance James wrote:
> PDF link yields a Tomcat 404 page:
> URL:

[ more ]  [ reply ]
Secure Science Corporation Malware Case Study 2006-11-16
Lance James (phishing securescience net)
Hello all,

Secure Science Corporation ( and Michael Ligh of put together a paper on an interesting piece of malware.
We include a removal kit, snort signatures, and source code and
decryptor are available by request.

More info and the paper can be found at:


[ more ]  [ reply ]
Call for papers: ARES 2007 submission deadline approaches in 2 weeks: 19-11-2006 2006-11-07
Manh Tho (manhthovn gmail com)
Apologies for multiple copies due to cross postings. Please send to
interested colleagues and students.

Call for Papers
The Second International Conference on Availability, Reliability and

[ more ]  [ reply ]
ELF parsing without a Section Header 2006-11-06
Chris (em386x gmail com)

Im new to this list. I maintain a blog at It
mostly focuses on malware analysis on unix. The most recent post is a
short introduction to analyzing ELF objects with a (s)stripped section
header. The post contains some code (

[ more ]  [ reply ]
UPacked malware samples request 2006-10-20
Don Parker (dparker bridonsecurity com) (1 replies)
Hi guys,

I am still looking for some UPack packed malware samples if any of you out
there would like to send me some. If so please contact me offline.

Many thanks,


[ more ]  [ reply ]
Re: UPacked malware samples request 2006-10-24
ANELKAOS (anelkaos gmail com)
Dynamic decryption procedures in malware 2006-09-24
Omar Herrera (oherrera prodigy net mx)
I wrote a paper on dynamic decryption procedures in malicious software which
can be found here:

Although the use of these techniques might prevent traditional computer
viruses and worms from spreading, they seem particularly u

[ more ]  [ reply ]
Echo Mirage: A Generic Win32 Network Communications Proxy 2006-09-23
Dave (dave bindshell net)

Echo Mirage is a generic network proxy. It uses DLL injection and function
hooking to redirect network related function calls so that data transmitted
and received by local applications can be observed and modified.

Think of it as Odysseus (or Burp, if you prefe

[ more ]  [ reply ]
(Page 1 of 3)  1 2 3  Next >


Privacy Statement
Copyright 2010, SecurityFocus