An intersting paper on Virtualization bugs, an intersting field where couldbe produced new Ati-Emulation Techniques:
http://www.scribd.com/doc/953953/Owning-the-cloud-virtualization-software-is-full-of-bugs-
Giuseppe ‘Evilcry’ Bonfa’
Owning the cloud: virtualization software is full of bugs
March 30, 2009
Leave a Comment » | 
(In)Security | 
Permalink
Posted by evilcodecave
Qt labs released source code of Embedded Widgets Demo
March 28, 2009Hi,
Another great new from Qt, recently has been released Embedded Widgets Demo
http://labs.trolltech.com/blogs/2009/03/23/embedded-widgets-source-code-released/
and here the Source Code
Regards,
Giuseppe Bonfa’
Leave a Comment » | C / C++ (Visual Studio Based) Coding | Tagged: Embedded Widgets Demo, Qt, source code | Permalink
Posted by evilcodecave
0ffensiveC0ding updated – Emulation/AV Awareness
March 21, 2009Hi,
Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions, I’ve uploaded these on my OffensiveCOding section:
here a quick list of the functions:
Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver isΒ loaded in memory and by searching Β Β for the window handle.
Here the link:
http://evilcry.netsons.org/OC0/code/EmulationAwareness.c
See you to the next post.. π
1 Comment | (In)Security, C / C++ (Visual Studio Based) Coding | Tagged: 0x564D5868 mov ebx, 0x8685D465, Anti SandBox, Anti-KAV, Anti-NOD32, C:\\InsideTm\\, CWSandBox, Emulation Awareness, mov eax, NormanSandBox, pminsw xmm0, RegMonPresent, sse1 instruction nod32 cannot emulate, SunbeltSandBox, SYSTEM\\ControlSet001\\Services\\Disk\\Enum, VirtualPC, VMware, xmm1, \\\\.\\REGVXD, _emit 0x0F | Permalink
Posted by evilcodecave
Conficker C Analysis
March 20, 2009Here a nice analysis of Conficker C
Leave a Comment » | Uncategorized | Tagged: Analysis, Conficker C | Permalink
Posted by evilcodecave
I’m Alive
March 20, 2009After a long break caused to Work, I restarted to work on three basilar projects:
- Elgamal CryptoReversing Paper
- Gpcode Reversing
- SpyOs – Qt Based
See you to the next post.. π
Leave a Comment » | Blogroll | Tagged: Elgamal Crypto Reversing Paper, Gpcode Reversing, SpyOs - Qt Based | Permalink
Posted by evilcodecave
Netsons Opened
March 7, 2009Problem solved, http://evilcry.netsons.org now Up ‘n Running π
1 Comment | TechLife | Tagged: http://evilcry.netsons.org, running, up | Permalink
Posted by evilcodecave
Netsons killed my website
March 6, 2009Hi,
Netsons ( http://netsons.org ) killed my account, http://evilcry.netsons.org without any advice. I’m now without any website, I has 50% ready Elgamal CryptoReverse Engineering but thanks to Netsons I can’t pubish it.
I strongly recomend any person to use netsons, 0 seriousness.
Regards,
Evilcry
Leave a Comment » | (In)Security | Permalink
Posted by evilcodecave
Evilcodecave's Weblog 