RCE-101

Are you there? Say no if you’re not there.

A friend sent me the above over MSN… I found this kind of funny.

I wonder what he/she was thinking before sending that… How am I supposed to say ‘no’ if I’m not there to say ‘no’.

I wont mention any names, but the one who sent it knows who he is :P. Please think about it next time.

This post in way parody’s a post I read not so long ago on the OldNewThing(Ray’s Blog)(see links list on sidebar). In which Ray mentioned that if you sent an email and it wasn’t received, you wont know you didn’t get it. Which followed with a quote of a conversation that went something like this:

Guy1: Hey, did you get my email?

Guy2: Which one?

Guy1: The last one

I just thought I’d post this to add a little humor to the Blog :D.

KOrUPt.

Hi all… I’m back ;P…

…The DefCon Quals kept me awake and busy for 3 days… I didn’t do as well as others but I did OK in my opinion…

It was a fun and at times frustrating experience, I didn’t have much time to prepare(2 days) and it was my first time competing… Next year I’ll be more prepared :D(FreeBSD will be on the priority list ;P).

In my opinion the hardest category’s were Binary Leetness and Forensics.

Thanks go out to my fellow team mates of course… You know who you are ;).

I hope to read a few walkthroughs on the subjects soon, should be fun and educational.

I know some of you may think sitting around a quiz board for hours on end is boring, but in my opinion it was fun, you learn a lot and you’ve got the MUD(Kinda like a scaled down IRC) in which you can discuss challenges.

Congratulations to the top 7 qualifying teams, nice job.

I’m not sure what else to say, I guess this post is just a little ‘rant’ of mine regarding the previous days events.

For those who don’t know much about DefCon read my previous post about it.

Additional info/links:

Results: http://kenshoto.com/results.txt

Generic: http://kenshoto.com/

Info on the quals(now over): http://kenshoto.com/ctf08/quals08.txt

Walkthroughs/answers to past and present DefCon CTF’s: http://nopsr.us

May be useful for some of you :).

Time to catch up on lost sleep. Night.

KOrUPt.

Well, seems Mozilla are trying to set a world record now… I didn’t see this one coming.

So far I’m happy with Firefox2 but I’ve read about quite a few improvements in version 3(I’ve not tried the BETAs/ALPHAs yet). I look forward to reviewing the upcoming release.

Back on-topic… I’ve taken the pledge, why don’t you (See below).

Make your pledge and read more at http://www.spreadfirefox.com/en-US/worldrecord…

KOrUPt.

Ok so as I’m sure some of you may already know the DefCon 08 qualifiers have started… For those who don’t know what this challenge is about, I’ll quote a few parts of the document I’m going to link to in this post.

—–

QUOTE START…

“It’s simple, yo. First, get ya velcros extra tight and an extra layer o’ tape on
da horn-rims, or whatever ya’ll do to prepare for this shit. The competition
itself is a quiz board with hackin’ challenges e’rywhere. You pick one and hack
till you gots da answer. We’ll be all o’er da map like reversin’ bins to land
shellcode, surreptitious data thievery, even a little breakin’ web shit for the
kiddiez. But mostly, some real l33t shit, ya know what I’m sayin’?”
…

“E’ryone who thinks they good should get in on this. If ya don’t win, hell, ya
might learn sumthin’. And that’s it! Jump into ya so-called web browser and check

out kenshoto dawt com to get the sheezy all regeezy.”
…
“Let’s get down to it. Crewz of any
size may register, but must get it done before things get started. Top seven
ninja-squads each get a table at La Fiesta Grande, a.k.a. The Hackin’ Trip on…”
the Strip, a.k.a Defcon 16 held 8/8/08 through 8/10/08 in Vegas.”

…EOF QUOTES
—
I decided to register just to have some fun, I doubt I’ll get through, it would be funny if I did :P.

Registrations close on May the 30th so if you want a chance of qualifying best be quick ;).

I wrote this post as a heads up to anyone who may want to enter this competition. Overall I’m sure it will be fun.

More info and instructions can be found at the following links:

Info: http://www.kenshoto.com/ctf08/quals08.txt

Registration: http://kenshoto.allyourboxarebelongto.us:1337

I hope to see you all there guys ;).

KOrUPt.

Seems my Blog is more active than I would of thought after such a little time period.

1,014 hits in just 18 days of uptime and getting around 100 visits a day :D… I know it isn’t much compared to the more established Blogs out there but it’s pretty good in my opinion.

Thanks for visiting, I’ll continue to keep this Blog up to date ;).

If you’ve any ideas to improve traffic I’d be glad to hear them.

KOrUPt.

Ok so I stumbled across this a few weeks ago…

—————————–
Most crackers…
—————–
# think they are coders just because they do crackme’s.
# think they are good in ASM just because they make offset patchers and keygens in ASM.
# think they’re “reversers” just because they know how to change a few bytes to crack a prog.
# think it’s funny to spend hours making keygens.
# think process patchers are for lamers.
# think VB is shit because it’s hard to admit that anyone can make a prog using this language.
# think VC++ and C++ Builder is shit because they can’t understand what OOP is.
# think they know C++ just because they use ‘cout’ in their progs.
# think Delphi is great because if it didn’t exist, 90% of the “coders” would vanish.
# think it’s fair to spend 4 hours cracking a prog and then say the protection is lame.
# think they are pretty good at making GUI using win32asm just because they use a template.
# think everyone will want to read their last “replace jne with jmp” tut.
# think ‘inc eax, dec eax’ is better that ‘nop, nop’ because most progs “count” the ‘nop’.

So, a typical cracker :
# is a coder.
# is good in ASM.
# spends his time making keygens.
# don’t use process patchers.
# thinks VB, VC++ and C++ Builder is shit.
# knows C++.
# codes in Delphi.
# thinks most protections are lame.
# makes win32asm GUI progs.
# writes very interesting tuts.
# uses “inc eax, dec eax” instead of “nop, nop”.

… by the way, are you a cracker ;)?
——————————-
I found it pretty funny.

Regarding the above points…
—
I am a Coder.
I am fairly good with ASM.
I don’t code much Keygens.
I don’t like VB.
I know C/C++.
I don’t code in Delphi.
I don’t think most protections are lame.
I do code Win32 GUI’s(But in C/C++).
I write the odd tutorial, whether it’s very interesting is down to the reader.
I’ve no preference over NOP and INC/DEC EAX.
—
With the above stated, I’ll leave it to you as to whether I fit into the category of what is a ‘typical cracker’…

So how do you fair against falling into the aforementioned ‘typical cracker’ ‘definition’?. Be honest.

I look forward to reading your responses :P.

KOrUPt.

Hi all.

I’m just curios. What Firewall/Anti-Virus do you use? And why do you like it.

Currently my firewall is Outpost, mainly because from what I’ve read and studied myself it has a good detection rate(given all its kernel hooks it’s expected :P).

My AV is AVG8, not really sure why I like it, it isn’t too resource intensive is the first thing that comes to mind.

Your turn ;).

KOrUPt.

Title says it all…

Here’s mine with a dark theme, I’ve a light version too, but I prefer dark.

Thumbnail screenshot:

So, feel free to post a few screenies of your desktops :D… I look forward to seeing them.

Of course your opinions are also welcome…

KOrUPt.

I decided to make it public :D…

DarkOlly is a modified version of the original OllyDbg(made by myself). changes include modified caption and class name to beat FindWindow() anti-debugging tactics as well as modified visuals and a few tweaks, I’ve posted a screen shot below:

Screenie:

Please let me know of any improvements you think can be made :).

The following package is basically my OllyDbg directory packaged into one archive, just drop the directory from the archive and get started… I’ve included some of the plugins I use most frequently with the package.

http://rapidshare.com/files/116287610/DarkOlly.rar.html

Enjoy.

KOrUPt.

What colour scheme/theme would you like to see applied to this blog? I’m currently expirmenting and feedback would help.

Thanks.

KOrUPt.