If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: checking out GDB with Dtrace support for OS X... (1.9.2). Should be interesting.
- wishinet: RT @bfoo: Worth reading: http://merbist.com/2010/08/22/discussion-with-a-java-switcher/
- wishinet: nächstes Jahr Taikai in Nürnberg (http://www.taikai.de/) - und nu aus Nürnberg total groggy in die Falle! ;)
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
windows
Quickpost: Inspiring Windows software profilers and checkers
Sun, 07/11/2010 - 20:22 | wishi
There’s no Valgrind
One of the particular tools I like on MacOS and Linux to verify an application’s upright memory behavior is Valgrind. On Windows there’s some interesting Microsoft software worth gaining familiarity with. Practically only the Application Verifier is aiming into Valgrinds direction.
Application Verifier
Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities.
Tags: Python, PyQt4 and Rapid Prototyping
Mon, 01/11/2010 - 17:03 | wishi
Beware!
It's dangerous to use prototyping professionally. Sometimes management folks tend to "not realize" the difference between a well done prototype and the result they desire for real. - Therefore use GPL licensed stuff "for compliance reasons" - if you know what I mean. Saves job and time.
There're numerous ways to enhance the following examples. Feel free to do so.
De-Cygwinize Win
Sat, 12/05/2009 - 15:15 | wishi
No more emulation
When it comes to the commandline administrators all over the Windows worlds nowadays think of Cygwin or Powershell. However Cygwin is a special layered environment and Powershell is .Net dependant and not very reactive.
Therefore I tend to turn back to the good old DOS-like commandline and add some stuff to the environment path in order to ease my life. However many people may think that extending your commandline tools doesn't help you in situations where you don't find these tools: on Windows the commandline is just an extra. The following stuff of course doesn't help you to do post-exploitation or to show of at your friends machine. But it helps to save time. My time ;).
UnixUtils
Windows 7 vs. MacBook - I won
Sat, 10/10/2009 - 16:32 | wishi
Usability war
I began to read Windows Internals in the 5th edition by Mark Russinovich and David Solomon. There're experiemnets in there on how to do Kernel mode debugging, or how to include Debug symbols with Sysinternals ProcessExplorer... and lots of fascinating stuff to try in order to explore the architecture of modern NT6 systems. Before I was able to start my explorations, I had to install Windows 7 (NT 6.1) on a MacBook. But there's Bootcamp and Apple officially supports it. So... that shouldn't be a big deal?!
