http://secdocs.lonerunners.net Latest security documents RSS feed for author Jason Raber en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1289-jason-cheatham">Jason Cheatham</a> <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/49-reverse-engineering">reverse engineering</a> <a href="http://secdocs.lonerunners.net/tags/details/85-debugger">debugger</a> <a href="http://secdocs.lonerunners.net/tags/details/86-debugging">debugging</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: This is a brief tutorial of one of the reverse engineering tools (Hardware Emulator) used by the Air Force Research Laboratory to analyze application and driver code on x86 systems. It’s also a neat way to debug hypervisors! Tue, 20 Sep 2011 20:26:13 +0200 http://secdocs.lonerunners.net/documents/details/4034-reverse-engineering-with-hardware-debuggers http://secdocs.lonerunners.net/documents/details/4034-reverse-engineering-with-hardware-debuggers <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <a href="http://secdocs.lonerunners.net/authors/details/915-brian-krumheuer">Brian Krumheuer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/49-reverse-engineering">reverse engineering</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Tue, 17 Aug 2010 06:17:51 +0200 http://secdocs.lonerunners.net/documents/details/2823-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls http://secdocs.lonerunners.net/documents/details/2823-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <a href="http://secdocs.lonerunners.net/authors/details/915-brian-krumheuer">Brian Krumheuer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/49-reverse-engineering">reverse engineering</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Tue, 17 Aug 2010 06:17:50 +0200 http://secdocs.lonerunners.net/documents/details/2821-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls http://secdocs.lonerunners.net/documents/details/2821-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <a href="http://secdocs.lonerunners.net/authors/details/915-brian-krumheuer">Brian Krumheuer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/49-reverse-engineering">reverse engineering</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Tue, 17 Aug 2010 06:17:49 +0200 http://secdocs.lonerunners.net/documents/details/2820-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls http://secdocs.lonerunners.net/documents/details/2820-quietriatt-rebuilding-the-import-address-table-using-hooked-dll-calls <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/85-debugger">debugger</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/22-recon-2008">REcon 2008</a> <br/><b>Abstract</b>: The Linux OS is not immune to malware and viruses. The reverse engineer is faced with fighting though anti-debugging protections when trying to understand these binaries. This can be a tedious and time consuming process. COTS debuggers, such as GDB and IDA Pro, are detected in Linux utilizing a variety of anti-debugging techniques. I have developed a stealthy Linux-driver-based debugger named "Helikaon" that will aid the reverse engineer in debugging a running executables without being detected. Guest Helikaon injects a jump at runtime from kernel land into a user mode running process rather than using standard debugger breakpoints like "INT 3" or DR0-DR7 hardware registers. Find out alternate techniques for dynamic analysis in the Linux environment. Tue, 21 Apr 2009 23:34:00 +0200 http://secdocs.lonerunners.net/documents/details/770-helikaon-linux-debuger http://secdocs.lonerunners.net/documents/details/770-helikaon-linux-debuger <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/274-jason-raber">Jason Raber</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/85-debugger">debugger</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/22-recon-2008">REcon 2008</a> <br/><b>Abstract</b>: The Linux OS is not immune to malware and viruses. The reverse engineer is faced with fighting though anti-debugging protections when trying to understand these binaries. This can be a tedious and time consuming process. COTS debuggers, such as GDB and IDA Pro, are detected in Linux utilizing a variety of anti-debugging techniques. I have developed a stealthy Linux-driver-based debugger named "Helikaon" that will aid the reverse engineer in debugging a running executables without being detected. Guest Helikaon injects a jump at runtime from kernel land into a user mode running process rather than using standard debugger breakpoints like "INT 3" or DR0-DR7 hardware registers. Find out alternate techniques for dynamic analysis in the Linux environment. Tue, 21 Apr 2009 23:34:00 +0200 http://secdocs.lonerunners.net/documents/details/771-helikaon-linux-debuger http://secdocs.lonerunners.net/documents/details/771-helikaon-linux-debuger