Press "Enter" to skip to content

Posts published in April 2017

A simple c# Trojan Horse example

Sinaei 0

A simple c# Trojan Horse example There were times when I started to learn C# just for creating trojans and this kind of stuffs. It was 4 years ago when I built this Trojan horse to use it for educational purposes but soon I understood that this kind of trojan…

Import Address Table (IAT) in action

Sinaei 0

Did you ever think about how different dll files with different versions and obviously with different addresses of functions work perfectly together ? The answer is Import Address Table (IAT). In the previous post I describe about how to get SSDT. IAT is somehow a User-Mode version of SSDT and…

Bind9 chroot on debian 8

Shahriar 0

From Wikipedia: BIND, or named, is the most widely used Domain Name System (DNS) software on the Internet. On Unix-like operating systems it is the de facto standard. As you know chrooting a process is very beneficial for security as any compromise cannot have effect on the whole system. But…

Change User-Mode application’s virtual address through Kernel Debugging

Sinaei 1

Well, it’s somehow an odd topic but sometimes it could be really helpful in some situations. So what are the situations? Imagine sometimes you need to access windows stuffs that aren’t available from user-mode debuggers like ollydbg or through user-mode debugging (e.g memory after 0x7fffffff). In my experience I see…