WHAT I LEARNT THIS WEEK (#3 – 2017, Global Game Jam Edition)

Standard

I get back to the weekly posts after a small break (damn Christmas). As maybe some of you know, during this week, the Global Game Jam happened. I participated in the Finnish Game Jam, which is contained on it, more specifically in the Finnish Game Jam Joensuu. The main goal of this event is to create a game from scratch in 48 hours. There is much to learn in this event. Here they go my tips and what I have learned.

Continue reading

Reverse Engineering – CrackMe v1.0 by Cruehead/MiB

Standard

This is an old Win32 crackme, but still, has quite a lot of things that we can learn from it. I have solved it on IDA. You can download the target and the commented IDA database of this project. I will try to explain what you need to focus on if you are solving it without totally spoiling it for the people that, like me, are starting into the world of reverse engineering. After the explanation, I will link to the source code of the keygen, which is on Github.

Continue reading

WordPress XML-RPC Based Attacks

Standard

If you inspect the source code of WordPress, you will easily notice that there is a file in the root of the installation called xml-rpc.php. RPC stands for Remote Procedure Call, and it exposes an API that can be consumed by external agents, using XML to format data and HTTP to transfer it. It is the base of the more modern SOAP protocol.

Continue reading