Journal Issues
| Vol.5, No.1, 2008 | | Vol.4, No.2, 2007 | | Vol.4, No.1, 2007 | | Vol.3, No.2, 2006 | | RECON2006 Conf. Proc. | | Vol.3, No.1, 2006 | | RECON2005 Conf. Proc. | | Vol.2, No.1, 2005 | | Vol.1, No.2, 2004 | | Vol.1, No.1, 2004 |
Statistics
Members: 1925
News: 292
Web Links: 1
Visitors: 3645385
Who's Online
We have 1 guest online
|
 Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [ CLICK HERE FOR MORE INFOS! ]
|
Featured Conference Video
 OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
|
RECON2006 Conf. Proc.
 The CodeBreakers Journal deals with IT-Security & IT-Anti-Security and Attack & Defense. The CodeBreakers
Journal is publishing articles after full peer review. All articles are
published, without barriers to access, immediately upon acceptance. The
CodeBreakers Journal is published frequently.
| Fuzzing - Brute Force Vulnerability Discovery
| Fuzzing - Brute Force Vulnerability Discovery
This presentation will introduce fuzzing and discuss how it can be
applied to different classes of vulnerabilities. We will begin by
looking at fuzzing from an academic perspective. Most importantly,
newly
developed open source tools will be demonstrated and released publicly.
Two primary audiences will be attracted to this presentation; those
wishing to discover vulnerabilities through fuzzing and those who wish
to protect against them.
Read More >> |
| |
|
|
| Secure Development with Static Analysis
| Secure Development with Static Analysis
Static source code analysis has evolved rapidly in the past few years
into a powerful developmental aid. However, many developers'
perceptions of static analysis are incorrect. Analysis techniques are
more advanced than many people realize, but also not the magic bullet
many hope for. Successful utilization and integration of static
analysis requires understanding its possibilities and limits. This talk
is primarily targeted at security concious software developers and
consultan... Read More >> |
| |
|
|
| OllyBone - Semi-Automatic Unpacking on IA-32
| OllyBone - Semi-Automatic Unpacking on IA-32
The amount of new malware being developed has increased at a staggering
rate over the last couple of years. At the same time, executable
packing technology has grown to provide malware authors with a myriad
of choices in how they pack their malware to evade detection and
analysis. This presents a growing problem to analysts who lack the time
to learn how each packer works and can be unpacked, but still need to
be able to quickly handle anything that comes their way.
...
Read More >> |
| |
|
|
| IDARub
| IDARub
IDAPython has made a big splash, by embedding the python interpreter
as an IDA plugin, and wrapping the IDA SDK for access from python
code.
Read More >> |
| |
|
|
| Fix Bugs in Binaries
| Fix Bugs in Binaries
Don't wait for your vendor to get around to it, fix bugs yourself!
There is no need to wait for patches and new (possibly expensive)
software upgrades. In many cases fixing bugs in binaries is easier and
faster than in the source code. This is especially true considering
the complexity of library dependencies and build environments.
Some consider "cracking" software protection a form of patching bugs,
that is not what this talk is about. It covers straightforward
r...
Read More >> |
| |
|
|
|
|
|
|
|
|
|
|
| Vanilla Skype
| Vanilla Skype
Skype is a free (as in beer) voice over IP application. Many other
VOIP applications exist, but some specific points make Skype very
different, such as its peer-to-peer architecture, its ease to bypass
firewalls and, last but not least, the impressive level of obfuscation
that has been invested to prevent anybody from looking inside the
software and its communications. This last point added to its
increasing success gave birth to many myths on security issues around
it.
This pr...
Read More >> |
| |
|
|
| Insiders View: Network Security Devices
| Insiders View: Network Security Devices
This presentation talks about the fact and fiction of today's security
devices. It explains how to approach testing the validly of their
claims and provides multiple examples of real world products and their
weaknesses.
Rarely do security engineers look at network products from the creation
point of view. Understanding how and why they are created and the
limitations of that process can lead to finding security issues quite
a bit quicker and easier.
...
Read More >> |
| |
|
|
|
|
|
|
|
|
| Advancements in Anonymous eAnnoyance
| Advancements in Anonymous eAnnoyance
This talk will go over advancements in the technology to circumvent
measures put into place to prevent the age old internet pastime of
annoying other people. Methods and tools will be presented for breaking
audio and visual CAPTCHA systems, taking advantage of lazy registrant
authentication, ruining the quality of collaborative content, and
defeating spam filters even better than the spammers do and otherwise
compromising usability, as well as a few other surprise demos.
Read More >> |
| |
|
|
| Disassembling and Patching Hardware
| Disassembling and Patching Hardware
Many security systems are beginning to rely on hardware-based
techniques to raise the difficulty of attacking a system. As a result,
a basic understanding of circuit boards and what they mean can often
times be helpful.
In this session, bunnie will introduce the topic of reading and
understanding circuit boards. We will learn what the basic components
look like, and how to determine their function in a circuit. We will
then quickly ascend to taking a higher-level approach towar...
Read More >> |
| |
|
|
| Social Engineering for Penetration Testers
| Social Engineering for Penetration Testers
In recent years, people have become more familiar with the term "social
engineering", the use of deception or impersonation to gain unauthorised
access to resources from computer networks to buildings. Does this mean
that there are fewer successful social engineering attacks? Probably not.
In fact, because computer security is becoming more sophisticated and more
difficult to break (although this is still very possible) more and more
people are resorting to socia...
Read More >> |
| |
|
|
| PaiMei - Reverse Engineering Framework
| PaiMei - Reverse Engineering Framework
There are a slew of languages, tools, interfaces and file formats for
various reverse engineering tasks. Making tools play nice together and
deciding how to develop new tools is a cumbersome process. The goal of
the framework is to reduce the time from "idea" to prototype to a
matter of minutes, instead of days. PaiMei was created for personal
use and after much debate it was decided to release the majority of
the toolkit to the public. This presentation will introduce PaiMei,
...
Read More >> |
| |
|
|
| Reverse Engineering Microsoft Binaries
| Reverse Engineering Microsoft Binaries
One of the applications of reverse engineering in computer security is
the
analysis of operating systems and software for which no source code is
available. Most commonly the target is Microsoft Windows, and the goal
is to
find new 0-day vulnerabilities or to understand the full impact of old
bugs.
Reverse engineering Microsoft software presents numerous challenges.
Based on
his experience with reversing all Microsoft patches from the last 6
months, the speaker will present a number of...
Read More >> |
| |
|
|
| Tracing for Hardware, Driver, and Binary Reverse Engineering in Linux
| Tracing for Hardware, Driver, and Binary Reverse Engineering in Linux
This paper introduces the new Linux Trace Toolkit Next Generation (LTTng) kernel tracer and its analysis counterpart, Linux Trace Toolkit Viewer (LTTV), a fully extensible text and graphical trace viewer. It will focus on how these tools can be used in the security field, particularly for reverse engineering. Using a tracer to reverse engineer a software "black box" can help understanding its behavior. Such a software can be a either a driver, a library or a multithreaded applicat...
Read More >> |
| |
|
|
|