Parsia's Den

Because no one wants to be the other guy from Wham!

Sep 23, 2014 - 78 minute read - Comments - Reverse Engineering

My Adventure with Fireeye FLARE Challenge

These are my (rather long) solutions to Fireeye’s FLARE challenge. This is just not the solution but other ways that I tried. This was a great learning experience for me so I am writing this post to document everything I tried. As a result, this post is somewhat long.

If you have any feedback, please let me know. I spent a lot of time on this writeup and I am always happy to learn new stuff. My email and twitter handle are in the sidebar.

I am a bit late to the party. There were two are now other three solutions posted (that I know of). Check them out.

Sep 21, 2014 - 1 minute read - Comments - Malware Adventure

Malware Adventure

Update 28 Oct 2017: I have moved most of my code under one repository. Malware adventure is at two places: A fork of PAWS is here: I finally caved in and started to push some of my code to github bitbucket. It is located at and is almost empty ;). This is Malware Adventure. It’s a small adventure game I wrote using PAWS.

Sep 2, 2014 - 1 minute read - Comments - Reverse Engineering

Fireeye's FLARE Challenge

It’s been a while. I know I should have updated more frequently but lazyness prevails. Anyway, I was busy doing Fireeye’s FlARE challenges for a month or so (it was depressing to see people finish in 10 hours :). You can find the challenges at I learned a lot doing them. They will release solutions in 2 weeks. I am also working on a writeup which I will release then.

Jul 3, 2014 - 1 minute read - Comments - Crypto

Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided

Today I was writing some guidelines about generating keys for mobile applications at work. While providing code examples in Java and Obj-C for AES encryption I happened to look at Apple’s Common Crypto library . While going through the source code for CommonCryptor.c, I noticed that IV is commented as /* optional initialization vector */. This makes sense because not all ciphers use IV and not all AES modes of operation (e.

Jun 25, 2014 - 2 minute read - Comments - Burp

Piping SSL/TLS Traffic from SoapUI to Burp

Recently I was trying to test a web service. The traffic was over SSL/TLS and everything was fine. As I am better with Burp than SoapUI, I wanted to use Burp as a proxy for SoapUI. This should be an easy matter. Burp will create a custom certificate (signed by its root CA) for each site and effectively Man-in-the-Middle the connection. But this time it was different, I was getting the dreaded Peer not Authenticated error.

May 25, 2014 - 2 minute read - Comments - Python

Pasting Shellcode in GDB using Python

A few days ago I was trying to write an exploit for a buffer overflow with GDB. This was a console application and pasting shellcode would mess with it. There are a few options: Writing shellcode to a file and then using it as input for GDB. # you can also include GDB commands like setting up breakpoints (e.g. b * 0xDEADBEEF) # remember to include a new line after each command $ python -c 'print "b * 0xDEADBEEF" + "\n" + "\x41"*1000 + "\n"' > input # $ perl -e for perl # start debugging with GDB # -q (quiet mode): no text at startup $ gdb executable1 -q (gdb) run < input After this you can manually debug in GDB.