most malware stuff etc use relatively simple packers, as @andrewg | I don't know how good vmprotect is, I've never looked @ it |
ms | (http://www.polytech.ural.ru/files/vmprotect.exe) anyone want to run it? ;) |
ms | trulux: is this "bug/feature" in vmware still present in recent vmware implementations, say 5.0, 5.5? |
ms | thanks |
ms | i guess they won't be changing the design of vmware-tools |
ms | (backwards compatible of vm images etc) |
@trulux | right |
ms | is that the same code as on fm? |
@trulux | fm? |
@trulux | yeah@andrewg | it's one I wrote 4am this morning |
ms | oh ;P |
ms | trulux: ^ "written by Andrew" if i'm not mistaken |
ms | regarding cisco: i saw that last month some new heap checking stuff was implemented as a follow up to that lynn@blackhat thing (which would make exploiting heap overflows on ios harder again) but well they release no details about it ofcourse ;)
@pipacs | saw where?
|
ms | some advisory they put out for it last month
|
ms | apparently they had just finished compiling all new ios firmware since blackhat in july ;)
|
@trulux | ms: :)
|
@trulux | ms: I tried to get some firmware for simulation, I wasn't sucessful on that |
ms | haha :) |
ms | trulux: you mean to simulate what lynn did or ? |
@trulux | ms: simulate Cisco hardware for running IOS |
@trulux | there's a simulator out there |
@trulux | neat stuff but you need specific firmware |
@trulux | I wanted to get something done for the talk@andrewg | trulux: mode -m and ask for general questions / discussions? |
@trulux | sure |
|
---|
|
---|
|
---|