Lynn's Blog Security Project

Setting up windows kernel-mode debugging with WinDbg and VMware



Since I have recently managed to learn about Windows Kernel Exploit and reverse Windows Driver, I decided to take notes and write down my experience. The article talks about configuring for VMware and WinDbg, setting Windows Boot, WinDbg Command, and WinDbg theme(todo). If you are also trying to debug Windows Kernel-mode via The Windows Debugger (WinDbg), this may be helpful to you.

Read More ...

2017 Flare-On Challenge 12 missing (APT Attack Analysis)



missing 的情境式是 APT attack 事件,需要透過封包解密以及逆向 Binary,來還原整個攻擊過程,取得 flag。其中包含還原 Malware Protocol,Malware Config,C2 Server 與 Client,受害者資訊,Plugins (加密/壓縮/指令功能),BMP 圖檔等,最後會在附錄附上解密的程式碼與解密後的封包內容。

Read More ...

2017 Flare-On Challenge 5 pewpewboat.exe



Actually, pewpewboat.exe is not a Windows PE file but an x64 ELF binary. When we launch the binary in linux, we can see that is a the Battleship game.

Read More ...

2017 Flare-On Challenge 4 Notepad.exe



Notepad.exe is a Windows x86 executable, it seems to be a modified version of Microsoft’s Notepad.exe. Let’s launch this binary and it looks nothing special.

Read More ...

2017 Flare-On Challenge 3 Greektome.exe



Greek_to_me.exe is a Windows x86 executable. When we launch the binary, we can’t input anything, and we don’t get any output from the binary. It gets stuck waiting for us to do something.

Read More ...

2017 Flare-On Challenge 2 IgniteMe.exe



This is a crack me challenge. IgniteMe.exe expects to run without any command line argument. It asks the player to input the flag and checks whether it’s correct or not.

Read More ...

2017 Flare-On Challenge 1 login.html



Flare-On Challenge is the FireEye Labs Advanced Reverse Engineering (FLARE) team’s yearly reverse engineering contest. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals.

Read More ...

Windows Kernel Exploit - Stack Overflow



本篇以 HEVD 為案例進行實作,HEVD 是由 HackSysTeam 所開發的 Kernel Driver,該專案中包含了許多常見的漏洞,適合想練習 Windows Kernel Exploit 的研究人員練習,藉以用來練習各種漏洞利用方法。本篇以 Windows 7 為範例,本次測試的 Windows 7 沒有 SMEP 與 SMAP 防護機制,相對較簡單,有機會也會在其他版本的 Windows 上練習。

Read More ...

2017 HITCON CMT mini wargame Reverse



今年 HITCON 在 HITCON CMT 研討會期間又舉辦了與前幾年類似的 wargame,相較於 HITCON CTF 是比較簡單的小型競賽。很幸運跟以色列的朋友一起組隊,因為我很 Lazy 而他們是 Hacker,所以隊名就取 Lazyhacker。在團隊中我負責解 Reverse 的題型,這次 Reverse 只有兩題,都是 Windows 題,分別是小算盤跟踩地雷,還蠻有趣的,所以想紀錄一下。

Read More ...