• Home
• Bootcamps
• Certification
• Consulting
• Contact
• Damn Vulnerable
• Imprint/AGB
• Jobs
• University
• RSS

RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)

IITAC member Sébastien Doucet gave a talk on 64-bit Imports Rebuilding and Unpacking at RECON2008.

• Video Preview here!
• Video here including live demo!
• Training package here (58MB)!

With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process and to make it as trivial as it is now for protected 32-bit executables. I’m proposing two brand-new tools: CHimpREC and CHimpREC-64, allowing the spirit of ImpREC to live on under the best possible compatibility with all the x64 versions of the Windows operating system.

This talk is about explaining the inner-workings of coding a 32-bit imports rebuilder and the problems encountered due to the WoW64 environment and Address Space Layout Randomization. Next, is an overview of the differences between the PE and PE32+ formats and their impact on porting CHimpREC to 64-bit. Finally, 2 or 3 short live unpacking sessions with different examples of 64-bit packers and how trivial it has become to deal with them with the help of CHimpREC-64.

IITAC - Sponsor of the RECON conference! Free IDA Pro training!

RECON is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of three days. RECON also offers a variety of technical training courses that take place just before the conference dates. The conference is 13-15 June 2008.

IITAC is a sponsor of the conference in Canada, Montréal. IITAC will give a free lunch workshop on IDA Pro during the conference!

Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization’s goals or objectives.

The Certified Binary Auditing Professional according to ISO/IEC 17024 now available!

It is located at our certification server or directly here!

Debugger and Sandboxes in Windows

It is not always possible or desirable to set up a Virtual Machine for debugging an application. While useful, it can be boring to work within a VM, and on the other hand it can become an useless complexity.

However, you need administrator’s privilege to debug (seDebugPrivilege turned on). And this means your debuggee will run as administrator too. So? In Windows XP, a good solution is to perform a full sand-boxing of the Debuggee, but there are other solutions too.

One is to make the debuggee and the debugger run on different accounts. So, the debugger runs as administrator and the debuggee as a limited user.

A limited user cannot install drivers, alter executables, Windows stuff, and better- it stays away from our private document folder.

Yes, but how obtain this? A simple yet effective solution is to hook the function responsible for launching the debuggee, and force it to start under another account.

Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

The mirrors for Damn Vulnerable Linux Strychnine+605 1.4 final have been contacted. Over the weekend we might release the download links.

Decompilation with IDA Pro - For free!

Decompilation is the reverse process of compilation i.e. creating high level language code from machine/assembly language code. At the basic level, it just requires to understand the machine/assembly code and rewrite it into a high level language, but things are not as simple as they seem, particularly when it comes to implementing a decompiler. Read more

3 days IDA Pro bootcamp as offline or online Training - Preparation for the Certified IDA Pro Professional according to ISO/IEC 17024

This course is by no means a 3-day powerpoint presentation. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class.

Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Italy, Germany and Canada, take home exercises will be available for the type-A personalities attending the course. Read more

Remote Debugging a DVL crackme by TiGa (Team+)

TiGa (Team+) just has finalized his second training video. In this video he uses the IDA Pro Remote Debugging capabilities to analyze a crackme located at DVL remote from a Windows box.
Team+ consists of people working to receive the famous + sign - the most recognized reputation in Reverse Code Engineering. The + sign is by invitation only and free without any fee.
The video will be published soon.
With this we will open the revamp of the Reverse Code Engineering Portal located at www.reverse-engineering.net. Using several subdomains we will extend our portfolio with a Team+ information website, a training video website and more.
Stay tuned!
Peace! Kind Regards,
Univ.-Doz. Dr. Thorsten Schneider Managing Director / CEO

• News

  • RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
    
  • IITAC - Sponsor of the RECON conference! Free IDA Pro training!
    

• Security Labs Blog

  • Microsoft Security Risk Management Guide - Worth a look?
    

• Damn Vulnerable Linux

  • Download DVL Strychnine+e605 1.4
  • Damn Vulnerable Linux Strychnine+E605 1.5 Alpha started
  • Video: How to setup your own language settings in Damn Vulnerable Linux
  • DVL 1.4 - first mirror up!
  • Damn Vulnerable Linux Strychnine+605 1.4 final - Mirrors contacted!

• Upcoming Bootcamps

  • 10 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Fundamentals Bootcamp (9:00 am)
  • 14 July:
    • BOOTCAMP: Delphi Development Advanced (9:00 am)
  • 17 July:
    • BOOTCAMP: Debugging with IDA Pro Bootcamp (9:00 am)
    • BOOTCAMP: Relational Database Design (9:00 am)
  • 24 July:
    • BOOTCAMP: Reverse Code Engineering / Binary Analysis Advanced Bootcamp (9:00 am)
    • BOOTCAMP: C++ Fundamentals Bootcamp (9:00 am)
  • 7 August:
    • BOOTCAMP: Delphi Development Fundamentals (9:00 am)

• Get in touch

  Get in touch with our sales team! sales@iitac.org

• Get your free copy!

  

• Security Consulting

  IITAC offers additional services such as Secure Software Development, Binary Auditing, Copy Protection, Digital Rights Management, Security Concepts and Security Consulting!

  Scientific Hacking^™

  Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!

  IDA Pro Training

  Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!

  Cognitive Debugging^™

  The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging^™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!

  Action-based Training^™

  IITAC professional bootcamps enhances your qualification. We provide courses, seminars, trainings and workshops in the field of IT Security, Secure Software Engineering and Software Engineering. Online training activities are supported by training videos or live online events.

  Certification acc. ISO 17024

  Get certified according to ISO/IEC 17024 100% online! No need to travel around! Learn whenever you want, where you want! Get certified home exercise like… without time pressure!