Parsia's Den

Because no one wants to be the other guy from Wham!

Nov 18, 2014 - 2 minute read - Comments - Memory Forensics

Building memfetch on Kali + Comments

I’ve used Disqus to add comments. At the moment, guests can comment and comments do not need to be approved (unless they have links). Hopefully there won’t be much spam to sink the ocassional comment that I think will be posted.

Note: I just wanted to make it work in a hurry. There are probably better ways of doing this.

I stumbled upon the very useful tool memfetch by the talented lcamtuf. The utility is quite old (from 2003 if I recall correctly) and I could not build it using the provided makefile.

Sep 23, 2014 - 78 minute read - Comments - Reverse Engineering

My Adventure with Fireeye FLARE Challenge

These are my (rather long) solutions to Fireeye’s FLARE challenge. This is just not the solution but other ways that I tried. This was a great learning experience for me so I am writing this post to document everything I tried. As a result, this post is somewhat long.

If you have any feedback, please let me know. I spent a lot of time on this writeup and I am always happy to learn new stuff. My email and twitter handle are in the sidebar.

I am a bit late to the party. There were two are now other three solutions posted (that I know of). Check them out.

Sep 21, 2014 - 1 minute read - Comments - Malware Adventure

Malware Adventure

I finally caved in and started to push some of my code to github bitbucket. It is located at https://bitbucket.org/parsiya and is almost empty ;). This is Malware Adventure. It’s a small adventure game I wrote using PAWS. PAWS is Pyhton Adventure Writing System by Roger Plowman. Get it from http://home.fuse.net/wolfonenet/PAWS.htm. It’s great. The game itself is a Python program. You define objects which can be be rooms, items etc. You can read more about it in the readme file at https://bitbucket.

Sep 2, 2014 - 1 minute read - Comments - Reverse Engineering

Fireeye's FLARE Challenge

It’s been a while. I know I should have updated more frequently but lazyness prevails. Anyway, I was busy doing Fireeye’s FlARE challenges for a month or so (it was depressing to see people finish in 10 hours :). You can find the challenges at http://flare-on.com. I learned a lot doing them. They will release solutions in 2 weeks. I am also working on a writeup which I will release then.

Jul 3, 2014 - 1 minute read - Comments - Crypto

Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided

Today I was writing some guidelines about generating keys for mobile applications at work. While providing code examples in Java and Obj-C for AES encryption I happened to look at Apple’s Common Crypto library . While going through the source code for CommonCryptor.c, I noticed that IV is commented as /* optional initialization vector */. This makes sense because not all ciphers use IV and not all AES modes of operation (e.

Jun 25, 2014 - 2 minute read - Comments - Burp

Piping SSL/TLS Traffic from SoapUI to Burp

Recently I was trying to test a web service. The traffic was over SSL/TLS and everything was fine. As I am better with Burp than SoapUI, I wanted to use Burp as a proxy for SoapUI. This should be an easy matter. Burp will create a custom certificate (signed by its root CA) for each site and effectively Man-in-the-Middle the connection. But this time it was different, I was getting the dreaded Peer not Authenticated error.