ReCon 2010

September 16, 2010
by

1

For years, I have always wanted to attend ReCon. Since about 2005 or so, I’ve read all the slides and papers that came out of ReCon. It is one of the few conferences I really ever cared to follow. This year, the first time I was able to attend, I was actually invited to speak […]

Blackhat Vegas 2010 (PhotoJournal)

September 16, 2010
by

0

At the very last minute (partly due to some conversations on Twitter). Beans was invited to BlackHat Vegas 2010 to speak as an alternate. Having not officially applied to the CFP, it was a huge honor to be considered in this way. (Having already given the talk at Recon 2010 and Syscan helped, along with the […]

Android Scripting Layer (Encrypted SMS communication)

September 15, 2010
by

4

Recently I (Stephen A. Ridley) have been doing quite a bit more security research on embedded systems and mobile platforms like phones. This naturally means more development in these areas. A while back I ran into SL4A or Scripting Layer for Android which was (at the time) called ASE  or Android Scripting Environment. (Apparently they […]

Posted in: Android, phones, tools

Poppa’s Got a Brand New Bag

July 2, 2010
by

1

We finally migrated to a new (hosted) blog system! Hopefully this will alleviate administrative ass-pain, and make posting more easy/fun/frequent. Anyway, Beans was recently at a buncha conferences. We went to EuSecWest Netherlands and SyScan Singapore. These two conferences were only one day apart and on opposite sides of the planet! The only way travel […]

New sh*t.

January 24, 2010
by

0

It has been a long while since we have posted anything here. The two Stephens have been busy. StephenL is always doing amazing things, and StephenR is always doing lame things, we just haven’t been so good about posting it. For what it’s worth, StephenR recently did a post over at Matasano Chargen on the […]

Posted in: goings on

Beans at uCon Brazil.

March 6, 2009
by

0

Last week one of the Stephens (StephenR) from here at DontStuffBeansUpYourNose did a talk at uCon Brazil entitled “Introduction To Kernel Security Stuff“. This presentation was an introduction to driver developing, some cursory driver security issues (fuzzing and reversing), and kernel shellcoding. One of the other neat presentations was Julio Auto’s talk demoing a neat Windbg plugin to help with […]

Posted in: goings on

Disassembling BlackBerry apps, take 2

February 19, 2009
by

51

A couple people brought to my attention that the coddec patch, well, doesn’t work.  And they were right!   I just committed a new  patch which should work.  Also, provided here are hopefully some instructions to get this working: Download coddec.rar from wherever Extract into some directory and cd into the directory patch -p1 < coddec.patch […]

Disassembling Version 6 BlackBerry apps

January 7, 2009
by

13

Now and again I have to disassemble BlackBerry apps.  BlackBerries pretty much run all Java code.  You might think this would mean everything was .class files and you could jad everything, but this is not the case.  Everything gets compiled to “.cod” files, a file format I have found very little information about on the […]

Javascript Malware Deobfuscation

November 23, 2008
by

0

So it turns out that there is a useful trick when working with and deobfuscating quasi-encrypted and obfuscated Javascript (like that seen in malware). The other Stephen observed that the function “COlescript::Compile()” in JSCRIPT.DLL is basically the place in the javascript interpreter that equates to an eval(). If you break here at runtime (like so) […]

Posted in: debugging, tools

reversing the ms08-067 patch…

October 23, 2008
by

1

We are gonna jump right in here: First, let’s download patches. MS has supplied patches for 2K. Since 2K is the older, less featureful of any of the operating systems, we should download those patches in order to gain insight into the vulnerability. First, I grabbed the patch from http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx. I noted that it “replaced” […]

Posted in: exploit dev, reversing