Reverse Engineering / StackOverflow
- Excellent OllyDbg tutorials
- Install BackTrack Tools in Ubuntu
- Update a registry key for ALL users on a system
- winexe: a psexec-like client for accessing Windows from Linux
- XCA: Cross platform GUI for creating SSL certs with OpenSSL
- Useful OpenSSL Commands
- Format your Perl scripts using Perl-Tidy and Notepad++
- How to read the manufacturer’s serial number from a Hard Drive with Delphi --- and without WMI
- Free (and legal) SysInternals Source Code....
- Getting the BackTrack menu structure (and tools) in Ubuntu
Category Archives: OS Internals
Some very cool Python to perform in process patching and trampolines to hook Windows API’s. http://www.rohitab.com/discuss/topic/37018-api-hooking-in-python/
There is a reason that the RunAs program doesn’t accept credentials on the command line…because people would embed passwords. Microsoft developer Raymond Chen writes: If this offends you and you want to be insecure and pass the password on the … Continue reading
https://github.com/carmaa/inception Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any machine you have physical access to. Inception aims to … Continue reading
vdebug google code site and more info here: http://visi.kenshoto.com/wiki/index.php/Vdb Essentially, vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it!
Great information on DTrace on OS X. There is a book. And some great scripts from that book.
Great information: http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes_28.html This presentation on WCE Internals is also very good [PDF]
UPDATED April 23, 2013 – The script can now set REG_BINARY keys as long as they are in the format used by a regedit.exe export. For example: To set this binary value using the script, you would modify line 60 … Continue reading
This was news to me. Basically, not every app has to be on your PATH to be launched via executable name only (from anywhere). For example, on my x64 Windows 7 machine, WordPad is located at: <C:\Program Files\Windows NT\Accessories\wordpad.exe> This … Continue reading
The smart people over at Malicious Streams have created a python script to show applications set to auto-start on your Mac at either boot or user login. I have also pasted the current version (0.6a) of the script below:
Like most Unix systems, Windows is a monolithic operating system. Why? Because the kernel mode protected memory space is shared by the operating system and device driver code. But don’t take my word for it, from Microsoft’s Curriculum Resource Kit … Continue reading