FEX.NET FEX.NET, hereafter referred to as “FexNet,” is a cloud storage and file transfer service based in Ukraine, offering users the ability to store and share files online. FexNet shares many similarities with typical file-sharing platforms, it provides users with the option to create accounts, purchase storage space, and upload files for a specified duration. Like its competitors, FexNet also offers security features to protect users’ files. However, this blog post will focus on the security aspects of the platform, which, in reality, provide little to no protection at all in majority of cases.

Read more...

Foreword This post is intended for educational purposes only. Denuvo is arguably the most successful digital rights management solution to have ever existed, and is therefore an interest to many. This blog contains a large amount of my personal notes and correspondence with other reverse engineers (see kudos) which contains information about the recent iterations of Denuvo, lots of which I haven’t seen shared publicly before. I mean no harm towards Irdeto and thus certain information will be redacted from this post.

Read more...

The purpose of this post is primarily to explain the technical workings of my tool, BinaryShield, but it can also be treated as an introduction to VM based protections. This is NOT About Hypervisor Technology! To clear up any confusion, I want to first clarify that we are not talking about hypervisors such as VMware. I cannot stress that enough. Although they share similar ideas and terminology, I would argue that the kind of VM, or virtual machine, we will be discussing in the post is completely different to hypervisor technology.

Read more...

This article details the steps I took to discover and exploit an SQL injection vulnerability on the Clemson University website using my own tool, SQLiF (SQL injection Finder). DISCLAIMER This post and the release of my tool, SQLiF, are intended for educational purposes only. I was previously granted permission from Clemson University to document and share my findings with others. I am not responsible for anything you do with the information presented within this post.

Read more...