Shell-storm - shell-storm.org - shell-storm
General Information:
Latest News:
In-Memory fuzzing with Pin 17 Aug 2013 | 05:23 pm
In my previous blog post, I talked about the taint analysis and the pattern matching with Pin. In this short post, I will always talk about Pin, but this time about the In-Memory fuzzing.
Taint analysis and pattern matching with Pin 8 Aug 2013 | 09:45 pm
Last weeks I played with the Pin API and this post can be considered as my personal bloc note. All examples written in this post are just proof of concept thus not 100% reliable. But it can maybe give...
Untitled 19 Jul 2013 | 01:36 am
Slide LSE Summer Week 2013 - Software testing and concolic execution
Concolic execution - Taint analysis with Valgrind and constraints path solver with Z3 10 Jun 2013 | 02:15 pm
Last summer, with my friends Ahmed Bougacha and Pierre Collet, we worked on a project called Taminoo. Basically, Taminoo is a constraint path solver using Valgrind and Z3. At first, we didn't plan to ...
Trace and debug the Linux kernel functions 27 May 2013 | 02:46 am
Who never wanted to trace and debug its kernel to understand some features or other... It was my case. A few days ago, I needed to know what was the functions which were called and what was these argu...
A binary analysis, count me if you can 2 May 2013 | 09:26 pm
Recently, I analysed a binary using the number of instructions executed to infer the internal binary conception. This will be the subject of this short blog post.
ROPgadget - Gadgets finder and auto-roper - New version - 4.0.1 11 Apr 2013 | 03:59 pm
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. Since version 3.0, ROPgadget has a auto-roper for build your payload automatically with the ga...
Linux runtime unpacker and binary signature 25 Mar 2013 | 10:51 pm
Mach-Os and IOs have implemented a runtime unpacker and signature verification when binaries are exectued. This allows to check if the binary is approved by Apple and make it more complicated to rever...
Physical page frame allocation with bitmap algorithms 3 Feb 2013 | 05:00 am
In this short note, we will see how to an Operating System can manage its physical pages frame...
Linux process execution and the useless ELF header fields 29 Jan 2013 | 05:00 am
When we are in userland calling execve(), the process uses a software-interrupt to call the syscall. You raise a software interrupt via the INT instruction (x86 Arch), then the CPU consults another ta...
