SecDocs Feed for author Colin Ames

[Paper] Balancing the Pwn Trade Deficit

Tue, 27 Sep 2011 20:52:19 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: exploiting
Event: Black Hat USA 2010
Abstract: China has become a major player in the security community in recent years. From numerous news articles regarding government, military and commercial spying, to high profile cases such as the recent attack on Google, the tools, research and hacking groups coming out of China are are high on everyone's radar. This talk will provide an analysis of the Chinese hacking community, including its capabilities, goals, and cultural differences as well as similarities. A deep technical analysis and reverse engineering of prominent Chinese tools and techniques will be provided as well. We will highlight specifics such as binary obfuscators, encryption, and specific stealth techniques in order to round out an, up til now, spotty picture about this formidible member of the security community.

[Video] Balancing the Pwn Trade Deficit

Sun, 03 Apr 2011 13:07:58 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: malware
Event: DEFCON 18

[Audio] Balancing the Pwn Trade Deficit

Sun, 03 Apr 2011 12:23:45 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: malware
Event: DEFCON 18

[Audio] Dissecting Web Attacks

Fri, 13 Aug 2010 11:08:00 +0200

Authors: Colin Ames Val Smith
Tags: malware web malware analysis
Event: Black Hat DC 2009

[Video] Dissecting Web Attacks

Fri, 13 Aug 2010 11:08:00 +0200

Authors: Colin Ames Val Smith
Tags: malware web malware analysis
Event: Black Hat DC 2009

[Video] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:37 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Slides] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:36 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Audio] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:34 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Video] Temporal Reverse Engineering

Tue, 27 Jul 2010 06:11:44 +0200

Authors: Colin Ames Danny Quist
Tags: reverse engineering
Event: Black Hat USA 2008

[Slides] Temporal Reverse Engineering

Tue, 27 Jul 2010 06:11:42 +0200

Authors: Colin Ames Danny Quist
Tags: reverse engineering
Event: Black Hat USA 2008

[Audio] Temporal Reverse Engineering

Tue, 27 Jul 2010 06:11:41 +0200

Authors: Colin Ames Danny Quist
Tags: reverse engineering
Event: Black Hat USA 2008

[Paper] Neurosurgery With Meterpreter

Wed, 12 May 2010 10:25:00 +0200

Authors: Colin Ames David Kerb
Tags: Metasploit meterpreter
Event: Black Hat DC 2010
Abstract: A crucial step in post-exploitation technology is memory manipulation. Metasploit's Meterpreter provides a robust platform and API on which to build memory exploitation tools to assist the attacker in post-exploitation tasks. This talk will cover several examples of memory manipulation using meterpreter and introduce an extension to aid post-exploitation activities. We will demonstrate the extraction of unique process memory to analyze for valuable information such as passwords. We will also demonstrate the injection of utilities into a processes memory in order to alter execution flow to provide new "features" like Putty Hijack. Another example that will be covered is interacting with the lsass process memory in order to steal windows session hashes required for pass the hash. Finally we will discuss the use of meterpreter to patch process memory in order to introduce vulnerabilities which can be leveraged for things such as persistence. Another form of "memory" is the knowledge a host has about its network environment. This presentation will discuss the utilization of a meterpreter extension to automate and facilitate passive network reconnaissance over time, allowing for smart network data acquisition and analysis.