Quantcast
Channel: Casaba Security » Reverse Engineering
Browsing latest articles
Browse All 5 View Live

Microsoft CCI Framework for Deobfuscating .Net binaries.

We had an issue recently crop up with an obfuscated .Net binary. I’ve been meaning to spend more time reversing .Net protected binaries so I start looking in it. Unfortunately everything I was reading...

View Article


Microsoft CCI Framework for Deobfuscating .Net binaries. (Part 2)

So yesterday I talked a about using CCI to remove attributes from .Net binaries. Specifically the SupressIldasm attribute. I promised I’d put up some more code highlighting the framework’s benefits. So...

View Article


Microsoft CCI Framework for Deobfuscating .Net binaries. (Part 3)

Renaming parts of the assembly. So I promised this last week, but I’ve been busy on a new project. Below is some code that shows renaming of methods. This is a solution to renaming classes within...

View Article

Microsoft “Roslyn” based REPL injection.

Microsoft recently released their new Compiler API codename “Roslyn”. If you haven’t checked it out yet you should. Here’s the link: http://msdn.microsoft.com/en-us/roslyn/. I wanted to get my hands a...

View Article

Image may be NSFW.
Clik here to view.

Hot patching WinINET to access HTTPOnly cookies via InternetGetCookie

Preface: by removing these checks for HTTPOnly you are making cookie management less secure within the process. This is for testing/tools only and I DO NOT recommend doing this unless you’re absolutely...

View Article

Browsing latest articles
Browse All 5 View Live