ndex

index page the wiki

About - sources & PoCs - posters - order prints

<wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/twitter_corkami.xml" height=400 width=460 border=0/> <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/whenaes_slideshare.xml" width=595 height=497 border=0/>

Posters (prints)

101 walkthroughs

• WAV101 (2014/01/08)

• Happy new year!

• (2013/12/24-2014/01/02) Mach-O (32b+old format, 64b+new format)

• (2013/12/24) ZIP, Java Class, PDF

• (2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM)

• (2013/03/26) COM (also explains PEs' DOS stub)

• (2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish

others

• (2013/07/30) PE102 - a Windows executable format overview

Binary files

• 2014/04/02 When your slides read themselves: a binary inception (follow-up to 44Con 2013 slides)

• 2014/03/30 a JPG/ZIP/PDF binary chimera (the file is a JPG image, a ZIP containing the same image, a PDF showing the same image, but the image data is present only once) - 1 data body, 3 heads of different types.

• (2014/03/17) PoC||GTFO 0x03 is a PDF/ZIP/JPG/Audio (raw AFSK)/PNG (encrypted with AES)

• (2013/12/28) a MBR/PDF/ZIP polyglot + article

• (2013/10/06) a schizophrenic PE + article

• (2013/09/13) 'inception' slides a PE+PDF+HTML+ZIP polyglot and PDF schizophrenic file - the PE file is a PDF viewer, viewing itself.

• (2013/01/02) CorkaM-OsX, a Mach-O+PDF+HTML+Java polyglot file

• (2012/12/13) CorkaMInuX, an ELF+PDF+HTML+Java polyglot file

• (2012/08/01) CorkaMIX, a PE+PDF+HTML(+!JavaScript)+(Jar[^ PY) polyglot file

Crypto

• 2014/03/16 https://corkami.googlecode.com/svn/trunk/src/angecryption AngeCryption getting valid files after (AES) encryption
• 2014/04/03 when AES(☢) = ☠ - a crypto-binary magic trick http://i.imgur.com/eiw0WXb.png
• 2014/02/12 New SHAllenge - aber das ist Skein MD5 Kollision!
• 2014/01/21 on Adobe password security
• 2014/01/21 When cryptographic functions go bad - with Jean-Philippe Aumasson

Presentations

• 2014/03/21 Binary Arts - funky PoCs and visual docs, presented at Insomni'hack, Geneva, Switzerland
• 2014/01/13 on hacking & security a security 101, targeted at (defensive) beginners (released as is, never presented publicly)
• on binary polyglots, first in french at SSTIC, then improved at 44CON
• (2013/06/05) SSTIC, Rennes, France: Polyglottes binaires et implications Slides & PoCs SlideShare
• (2013/09/13) 44CON, London, England: Messing with binary formats 'inception' slides SlideShare
• on the PE file format, first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)

1. (2012/06/22) a bit more of PE (+video)
2. (2012/11/03) Binary Art - byte-ing the PE that fails you

• on x86 oddities first presented and recorded at hashdays, then improved at !BerlinSides

1. (2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
2. (2011/12/28) x86 & PE (+screencasts)

Portable Executable

• article with !PoCs (2011/09/26 - 2013/10/07) the PE format
• PoC a fully working PE in a tweet (encoded in a python string): "MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
• source a rewrite of the PE header of Traceless demo
• !PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, !FreeBasic, !FreePascal, !OpenWatcom, Fasm, !GoAsm...)
• graphics (2010/10) PE file format (file & memory layout, headers, data directories)

misc

• 2014/03/12 HexII an attempt at getting a better generic binary representation
• !PoCs (2013/06/10) valid hand-made GIF/BMP, useable as !JavaScript (commented source + binaries)
• doc (2012/02/22) Opcodes Tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
• article with !PoCs (2012/03/18) Encodings
• Introduction To Virus
• PoC Kernel31, a trampoline DLL to enable >!XpSp3 binaries work on previous OS.
• old crackmes solutions: PredatorPirupiru LilcwXor
• screencast OllyDbg Tracing (easy level) setting !OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
• screencast reJava create a .class from scratch
• PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE

PDF

• article with !PoCs (2011/07/12-2013/03/15) a summary of PDF tricks - encodings, structures, !JavaScript... (Français 日本語)

brainteasers

• page (2013/02/04) notes and hints
• presentation (2013/01/16) Hack Pra

x86/x64 asm

• article (2011/09) x86 oddities
• PoC (2011/08/12) Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.
• article how to get the current IP
• article Initial Values on TLS/!EntryPoint/... of most Windows versions, Wine, etc..
• article (2011/03/22) Calling Conventions
• doc Opcodes (x86 & x64 simplified tables, one-liners)
• related doc: a very nice and simple opcode table, by Daniel Plohmann

packers

• !PoCs categories: patcher, protecter, crypter, compresser, mutater, virtualizer
• !PoCs crypters algos: xor, prng, rc4
• !PoCs architectures of virtualization: standard, stack, SubLeq, TTA
• source a one-file aPLib compression/decompression in python
• !PoCs imports loading obfuscation
• !PoCs string encodings
• toolkit a toolkit to run drivers in user-mode, and unpack them directly from !OllyDbg
• doc anti-debugs
• doc packers (models, categories & features, landscape, detailed features, entrypoints, algorithms)

more

...for more information, check the (old) blog map, and the downloads tab.

wiki:comment

In memory of Cédric 'Sid' Blancher:

friendly, dynamic, inspiring :(

https://www.digdeo.fr/dd-data/files/hackito-ergo-sum-2012-8520.jpg </wiki:comment>