:: hiddenillusion :: ... look beyond

Don't Get Locked Out

Scenario

The system had Full Disk Encryption (FDE) via McAfee SafeBoot and I had recently changed my Windows password but apparently fat fingered it from what I thought I had changed it to which left me unable to authenticate to Windows. The OS and SafeBoot were working properly and I...

Continue reading »

NoMoreXOR

Update 04/09/2013 - NoMoreXOR is now included in REMnux as of version 4.

Have you ever been faced with a file that was XOR‘ed with a 256 byte key? While it may not be the most common length for an XOR key, it’s still something that has popped up enough...

Continue reading »

dbmgr reloaded

I recently had a discussion with another coworker regarding scenarios where you can try and determine if something malicious is or was on a system based on mutexes.

Mutexes

For those unfamiliar with what a mutex/mutant is, a definition:

Stands for Mutual Exclusion Object, a programming object that...
          
Continue reading »

SWF-ing away

Disclaimer - the intent of this post is for educational and research purposes only. Don’t be lame and use it to steal copyrighted material.

There’s been quite a bit of chatter lately with the recent discovery of the latest IE 0-day. While reading through one of the other researchers posts...

Continue reading »

Customizing cuckoo to fit your needs

With the talk of the .4 release of cuckoo to be publicly released shortly I figured I should get this post out as some of the things I talk about here are said to be addressed and included in that release. If you don’t want to wait for that release...

Continue reading »