Pigaios
Pigaios (πηγαίος, Greek for ‘source’ as in ‘source code’) is a tool to directly diff C source codes against binaries using IDA. It was released during Hacktivity 2018.
2018Pigaios (πηγαίος, Greek for ‘source’ as in ‘source code’) is a tool to directly diff C source codes against binaries using IDA. It was released during Hacktivity 2018.
2018Diaphora (διαφορά, Greek for ‘difference’) is a program diffing plugin for IDA Pro and Radare2, similar to Zynamics Bindiff or the FOSS counterparts DarunGrim, TurboDiff, etc… It was released during SyScan 2015.
2014Book co-authored with Elias Bachaalany about how to reverse engineer, analyse, bypass, interface with, find vulnerabilities in and exploit antivirus software.
2015A tool for indexing binaries using graph based techniques and help attribute malware campaigns.
2017MyNav is an Open Source plugin for IDA which aims to help reverse engineers doing the most typical tasks. Winner of the Hex-Rays plugins contest on 2014.
2014A distributed fuzzing testing suite with web administration. It was released during the conference T2 (Finland) around October 23 (2014).
2014A python library and a tool to clusterize similar files using fuzzy hashing techniques.
2009Documentation for my Oracle TNS Poison (CVE-2012-1675) vulnerability and exploit for Oracle 9i, 10g and 11i.
2008Slides explaining various design failures I found in Oracle Database Vault as soon as it was published.
2007Proof of concept for the Oracle TimesTen evtdump Remote Format String Vulnerability (CVE-2008-5440).
2007Inguma module for the Oracle Secure Backup command injection vulnerability (CVE-2008-5448) fixed in 2009.
2007Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, etc...
2008A broken-english document explaining various IDS evasion techniques for Oracle Database 9i and 10g.
2006Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python.
2006A FrameWork to develop Pascal Applications. This included and Integrated Development Environment for Rapid Application Development (RAD), a Virtual Machine, Web Services, Pascal Server Pages (PSP) and many other tools.
2004Sometimes, I receive so many malware samples that it turns out to be imposible (or...
2010, Mar 08 — 4 minute readFrom time to time, when reversing malware, I find new antiemulation techniques as they are...
2010, Feb 23 — 10 minute readSomething I really hate to do when analyzing PDF malware exploits is to manually extract...
2010, Feb 21 — 7 minute readConference | Year | Language(s) | Talk | Materials |
---|---|---|---|---|
Zeronights | 2018 | EN | Pigaios: Diffing C source codes against binaries | Soon! |
Hacktivity | 2018 | EN | Pigaios: Diffing C source codes against binaries | |
EuskalHack | 2018 | EN | Using Binary Instrumentation for Vulnerability Discovery (Or even mitigation!) | |
EuskalHack | 2017 | EN | Call Graph Agnostic Malware Indexing | |
Hack & Beers Bilbao | 2017 | ES/EN | Cosa Nostra: A Graph Based Malware Clustering Toolkit | |
SyScan360 | 2017 | EN | Cosa Nostra: A Graph Based Malware Clustering Toolkit | |
EuskalHack | 2016 | ES | La gran mentira: Seguridad como producto | |
Hack & Beers Bilbao | 2016 | EU | AV: Additional Vulnerabilities | |
Hack & Beers Donostia | 2015 | EU | Malware-multzokatze Teknikak (Malware Clustering Techniques) | |
BSides Lisbon | 2015 | EN | Diaphora, reviving binary diffing | |
T2.FI | 2014 | EN | Blind Code Coverage Fuzzing | |
44CON | 2014 | EN | Breaking AV Software | |
KiwiCON | 2014 | EN | Breaking AV Software | |
SyScan360 | 2014 | EN | Breaking AV Software | |
WhiskeyCON | 2014 | EN | Diaphora: Upcoming Features | |
SyScan | 2014 | EN | Breaking AV Software | |
RootedCON | 2013 | EN/ES | Interactive Static Analysis Tools for Vulnerability Discovery | |
RootedCON | 2011 | EN | Databases Security Paradise | |
RootedCON | 2010 | EN | Hackproofing Oracle Financials |
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (GNU/Linux) mQGiBEEkYTwRBADCKgyMSJu+E/hGPAtfteAAYkXLf9Pczzp/XcOjz1uqHe0kp/xg gy9ylLDvyj9raWHdLVTrBA7KVy/SgfMGRE+cRg5IE4OXjVMuFNiYU6A77etKfOuU oiiaxdb7zfXEN+ZTu5nxcnPffq1KadYfqzahxB+pOGmaHcSbOX9vnMbYJwCgpRb+ ww3QoWn7j8v0IdIu7OuWeCMEALphzDk2BGVvOvEIxn2eBEND6P2+UaJ+PTVzjKuC /zVIOa1DIRBjnLUA+Q2JOIPrBnBKCbAOxuEk2yOEykRQw9L4of5hlQfolrXfiQTN kincYatWCMmT4eJkefwqAVyd1rqXNo/46gsQIHe2g8bGh/PXtKKWSDIHsTwz3Ekx q4rOA/wNLAQCPZl89GfAr4U7irt3Qu5vW1pomxtamznN4EABgb2dUpiORBD3QOEx kwZvlPJPXOaJaod69360+E1KwLWREyEJsvBjClIV3BHgHl1ekat+U5tnhN69EDZ4 ehe01watosby5HVsfzPFeHyRE5xlc6CJm0WXTXW5DY1TG5S+o7QxSm9zZSBBbnRv bmlvIENvcmV0IEJhcm5ldG8gPGpveGVhbmtvcmV0QHlhaG9vLmVzPoheBBMRAgAe BQJBJGE8AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFOqxTBGA65RiIAAn3MK RhWDjs/t6SPUshR1/ksm7R2cAJsErtfd43Xfwtw0IHMsePLHBvgMkbQdQWRtaW4g PGFkbWluQGpveGVhbmtvcmV0LmNvbT6IYAQTEQIAIAUCSTfRXgIbAwYLCQgHAwIE FQIIAwQWAgMBAh4BAheAAAoJEFOqxTBGA65RZ3QAn1BeQ6XXafls4naW5/5meF9E JTXkAKCY/Fv2UdiBsUKlBBCeCCYEog31erkCDQRBJGGPEAgAot7ukxGNGVlDpPSi S/m+/p190hKUFzSQNPO7pVEWZYP1LYMIDWxMkpDr7YK2eMxlAvvdwHS97oW2A2Yr bstQAeMDi/tJwFsZ4WIDtUAvoqxPL7HsbvoDvkK6lXduxHtkDlhQbvFl+BGd9us5 seAK1fBpXLMMjKFRiCRcAKOOu4GjxfEXcwZovtW4W5gdpH5T/C0OSsZZcRWQYlFX gFJJZyHBAaHPVwK+YJoQGBN8J+iyt0ASj5fED9+sS4DYPr8g7KpYSvaudtxPr2zx hYvDWT1BXtpTFbuDILRIJt9eJHy5kf9R6s+ZJjfsoVWkOyedpspniiElrpj6R7Pf pRdJWwADBgf/SJlEigs7UEKMH54Pds/rlCMFFz0PVHZLmYx6thV5WaHsSe7R3iFg C0MYNGbFb5wbTfaH9fYQ5F2yJLF2x2h2qonz/OeTcj8XkbEvZfDCzgsyY/gs3GXh mj5/hi6Ig+TJmNws+bdFIhTyJtzy6C1rUH4E06BJmWeq3Tg9izPfs3M0mlHF3KJ4 58k+R2egtaAtEdNHuuVuV+CvLI0wvUQ+8Q9G/X1mi4Q1dto3sk/dkBX/TXtw9W3g wbWgaUDcZ49bd5XeVDAdFjeJWqCOST5lu63CsAhuw9LrbQwM+M2RXf8JCiJfUNhW bvvMqOTyz+uRMvmnYmBgfYgFaGlz8Z/EPIhJBBgRAgAJBQJBJGGPAhsMAAoJEFOq xTBGA65R2qYAoI63iwOL0GNLgaJlLROdgP757PmuAJ9VlemIES9st8/w1nyzAMhS +lygfQ== =7ksy -----END PGP PUBLIC KEY BLOCK-----
All of my public photographies are licensed under the Creative Commons Attribution-ShareAlike license and can be found in Flickr or 500px. Enjoy them!