Microsoft CCI Framework for Deobfuscating .Net binaries.
We had an issue recently crop up with an obfuscated .Net binary. I’ve been meaning to spend more time reversing .Net protected binaries so I start looking in it. Unfortunately everything I was reading...
View ArticleMicrosoft CCI Framework for Deobfuscating .Net binaries. (Part 2)
So yesterday I talked a about using CCI to remove attributes from .Net binaries. Specifically the SupressIldasm attribute. I promised I’d put up some more code highlighting the framework’s benefits. So...
View ArticleMicrosoft CCI Framework for Deobfuscating .Net binaries. (Part 3)
Renaming parts of the assembly. So I promised this last week, but I’ve been busy on a new project. Below is some code that shows renaming of methods. This is a solution to renaming classes within...
View ArticleMicrosoft “Roslyn” based REPL injection.
Microsoft recently released their new Compiler API codename “Roslyn”. If you haven’t checked it out yet you should. Here’s the link: http://msdn.microsoft.com/en-us/roslyn/. I wanted to get my hands a...
View ArticleClik here to view.
Hot patching WinINET to access HTTPOnly cookies via InternetGetCookie
Preface: by removing these checks for HTTPOnly you are making cookie management less secure within the process. This is for testing/tools only and I DO NOT recommend doing this unless you’re absolutely...
View Article