Open Source Projects, Books, Exploits, Proof-Of-Concepts and Other Research Materials

I have developed many open source projects since I started coding, I have also discovered and exploited a number of vulnerabilities and written a book about reverse engineering, vulnerability research and exploitation. Bellow is a non extensive list of some open source projects, research materials, exploits and proof-of-concepts I have written:

Pigaios

Pigaios (πηγαίος, Greek for ‘source’ as in ‘source code’) is a tool to directly diff C source codes against binaries using IDA. It was released during Hacktivity 2018.

2018

Diaphora

Diaphora (διαφορά, Greek for ‘difference’) is a program diffing plugin for IDA Pro and Radare2, similar to Zynamics Bindiff or the FOSS counterparts DarunGrim, TurboDiff, etc… It was released during SyScan 2015.

2014

Book: The Antivirus Hackers Handbook

Book co-authored with Elias Bachaalany about how to reverse engineer, analyse, bypass, interface with, find vulnerabilities in and exploit antivirus software.

2015

MemBugTool

MemBugTool (call me original) is a DBI tool to discover heap memory related bugs.

2018

Exploit for CVE-2017-7494

A remote root exploit for CVE-2017-7494.

2017

MalTindex

A tool for indexing binaries using graph based techniques and help attribute malware campaigns.

2017

Cosa Nostra

A graph based malware clusterization toolkit.

2016

MyNav

MyNav is an Open Source plugin for IDA which aims to help reverse engineers doing the most typical tasks. Winner of the Hex-Rays plugins contest on 2014.

2014

Nightmare

A distributed fuzzing testing suite with web administration. It was released during the conference T2 (Finland) around October 23 (2014).

2014

MultiAV

Multi-antivirus scanner library for Python with JSON API.

2014

Pyew

Pyew is a (command line) python tool to analyse malware.

2009

DeepToad

A python library and a tool to clusterize similar files using fuzzy hashing techniques.

2009

ZeroWine

Zero Wine is a malware's behavior analysis tool.

2009

Oracle TNS Poison

Documentation for my Oracle TNS Poison (CVE-2012-1675) vulnerability and exploit for Oracle 9i, 10g and 11i.

2008

Oracle Database Vault Design Failures

Slides explaining various design failures I found in Oracle Database Vault as soon as it was published.

2007

Proof-of-concept for CVE-2008-5440

Proof of concept for the Oracle TimesTen evtdump Remote Format String Vulnerability (CVE-2008-5440).

2007

Exploit for CVE-2008-5448

Inguma module for the Oracle Secure Backup command injection vulnerability (CVE-2008-5448) fixed in 2009.

2007

Inguma

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, etc...

2008

Oracle Database IDS Evasion Tecniques for SQL*Net

A broken-english document explaining various IDS evasion techniques for Oracle Database 9i and 10g.

2006

Kojoney

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python.

2006

Nemesis Pascal

A FrameWork to develop Pascal Applications. This included and Integrated Development Environment for Rapid Application Development (RAD), a Virtual Machine, Web Services, Pascal Server Pages (PSP) and many other tools.

2004

Latest Blog Entries

A new Control Flow Graph based heuristic for Diaphora

Some weeks ago I decided to code a new heuristic based on one of the...

2018, Nov 04   —  6 minute read

Histories of comparing binaries with source codes

Hi all! Some months ago I started designing and writing a tool to do a...

2018, Aug 12   —  15 minute read

Diaphora, a program diffing plugin for IDA Pro

UPDATE: The plugin is now published in GitHub. Some weeks ago I started developing a binary diffing plugin...

2015, Mar 13   —  17 minute read

Conferences

Conference	Year	Language(s)	Talk	Materials
Zeronights	2018	EN	Pigaios: Diffing C source codes against binaries	Soon!
Hacktivity	2018	EN	Pigaios: Diffing C source codes against binaries
EuskalHack	2018	EN	Using Binary Instrumentation for Vulnerability Discovery (Or even mitigation!)
EuskalHack	2017	EN	Call Graph Agnostic Malware Indexing
Hack & Beers Bilbao	2017	ES/EN	Cosa Nostra: A Graph Based Malware Clustering Toolkit
SyScan360	2017	EN	Cosa Nostra: A Graph Based Malware Clustering Toolkit
EuskalHack	2016	ES	La gran mentira: Seguridad como producto
Hack & Beers Bilbao	2016	EU	AV: Additional Vulnerabilities
Hack & Beers Donostia	2015	EU	Malware-multzokatze Teknikak (Malware Clustering Techniques)
BSides Lisbon	2015	EN	Diaphora, reviving binary diffing
T2.FI	2014	EN	Blind Code Coverage Fuzzing
44CON	2014	EN	Breaking AV Software
KiwiCON	2014	EN	Breaking AV Software
SyScan360	2014	EN	Breaking AV Software
WhiskeyCON	2014	EN	Diaphora: Upcoming Features
SyScan	2014	EN	Breaking AV Software
RootedCON	2013	EN/ES	Interactive Static Analysis Tools for Vulnerability Discovery
RootedCON	2011	EN	Databases Security Paradise
RootedCON	2010	EN	Hackproofing Oracle Financials

Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)

mQGiBEEkYTwRBADCKgyMSJu+E/hGPAtfteAAYkXLf9Pczzp/XcOjz1uqHe0kp/xg
gy9ylLDvyj9raWHdLVTrBA7KVy/SgfMGRE+cRg5IE4OXjVMuFNiYU6A77etKfOuU
oiiaxdb7zfXEN+ZTu5nxcnPffq1KadYfqzahxB+pOGmaHcSbOX9vnMbYJwCgpRb+
ww3QoWn7j8v0IdIu7OuWeCMEALphzDk2BGVvOvEIxn2eBEND6P2+UaJ+PTVzjKuC
/zVIOa1DIRBjnLUA+Q2JOIPrBnBKCbAOxuEk2yOEykRQw9L4of5hlQfolrXfiQTN
kincYatWCMmT4eJkefwqAVyd1rqXNo/46gsQIHe2g8bGh/PXtKKWSDIHsTwz3Ekx
q4rOA/wNLAQCPZl89GfAr4U7irt3Qu5vW1pomxtamznN4EABgb2dUpiORBD3QOEx
kwZvlPJPXOaJaod69360+E1KwLWREyEJsvBjClIV3BHgHl1ekat+U5tnhN69EDZ4
ehe01watosby5HVsfzPFeHyRE5xlc6CJm0WXTXW5DY1TG5S+o7QxSm9zZSBBbnRv
bmlvIENvcmV0IEJhcm5ldG8gPGpveGVhbmtvcmV0QHlhaG9vLmVzPoheBBMRAgAe
BQJBJGE8AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFOqxTBGA65RiIAAn3MK
RhWDjs/t6SPUshR1/ksm7R2cAJsErtfd43Xfwtw0IHMsePLHBvgMkbQdQWRtaW4g
PGFkbWluQGpveGVhbmtvcmV0LmNvbT6IYAQTEQIAIAUCSTfRXgIbAwYLCQgHAwIE
FQIIAwQWAgMBAh4BAheAAAoJEFOqxTBGA65RZ3QAn1BeQ6XXafls4naW5/5meF9E
JTXkAKCY/Fv2UdiBsUKlBBCeCCYEog31erkCDQRBJGGPEAgAot7ukxGNGVlDpPSi
S/m+/p190hKUFzSQNPO7pVEWZYP1LYMIDWxMkpDr7YK2eMxlAvvdwHS97oW2A2Yr
bstQAeMDi/tJwFsZ4WIDtUAvoqxPL7HsbvoDvkK6lXduxHtkDlhQbvFl+BGd9us5
seAK1fBpXLMMjKFRiCRcAKOOu4GjxfEXcwZovtW4W5gdpH5T/C0OSsZZcRWQYlFX
gFJJZyHBAaHPVwK+YJoQGBN8J+iyt0ASj5fED9+sS4DYPr8g7KpYSvaudtxPr2zx
hYvDWT1BXtpTFbuDILRIJt9eJHy5kf9R6s+ZJjfsoVWkOyedpspniiElrpj6R7Pf
pRdJWwADBgf/SJlEigs7UEKMH54Pds/rlCMFFz0PVHZLmYx6thV5WaHsSe7R3iFg
C0MYNGbFb5wbTfaH9fYQ5F2yJLF2x2h2qonz/OeTcj8XkbEvZfDCzgsyY/gs3GXh
mj5/hi6Ig+TJmNws+bdFIhTyJtzy6C1rUH4E06BJmWeq3Tg9izPfs3M0mlHF3KJ4
58k+R2egtaAtEdNHuuVuV+CvLI0wvUQ+8Q9G/X1mi4Q1dto3sk/dkBX/TXtw9W3g
wbWgaUDcZ49bd5XeVDAdFjeJWqCOST5lu63CsAhuw9LrbQwM+M2RXf8JCiJfUNhW
bvvMqOTyz+uRMvmnYmBgfYgFaGlz8Z/EPIhJBBgRAgAJBQJBJGGPAhsMAAoJEFOq
xTBGA65R2qYAoI63iwOL0GNLgaJlLROdgP757PmuAJ9VlemIES9st8/w1nyzAMhS
+lygfQ==
=7ksy
-----END PGP PUBLIC KEY BLOCK-----

Public Photographies

All of my public photographies are licensed under the Creative Commons Attribution-ShareAlike license and can be found in Flickr or 500px. Enjoy them!