Hey Hey,

This has come across vuln-dev and bugtraq... It's actually quite interesting.. eEye has released all their tools (some previously private) on a new research site.

The Binary Diffing Suite looks quite interesting... I'll let everyone know how it goes when I test it out.


I am happy to announce to the first incarnation of http://research.eEye.com. On this site you can find everything from our previously released advisories to our previously unreleased research tools. A lot of these tools are seeing daylight for the first time outside of eEye so we do expect there to be bugs we have not noticed before. We definitely encourage your feedback. You can provide such feedback directly to research via skunkworks@eeye.com.

Besides the new site, which will continue to be updated, we are also releasing a few new tools today:

eEye Binary Diffing Suite
You can probably guess what this is... It is a new set of free tools we are releasing that can be used to perform binary differential analysis. This is obviously very useful in doing patch reverse engineering and related tasks. There are still some bugs to be worked out so expect some more updates over time not only in bug fixes but also as we expand its capabilities as far as function matching etc... We have released this as open source so feel free to send email feedback or questions, and if you so chose, improvements.

Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. The Duster DLL activates automatically upon being loaded into a process. Windows NT 4.0/2000/XP/2003 only.

We also have done some updates to some classics including BootRoot with the release of the SysRQ.iso so you can subvert the Windows kernel as it loads and spawn a nice SYSTEM command prompt, equally useful for system administrators who forget their password etc... We also have posted the presentation for PiXiE which is a proof-of-concept network boot virus, for those of you moving to thin clients, you might want to double check the security of said systems.

And there is of course "the blog" with which we finally have joined the masses of teenagers and security researchers alike who want to tell you about every waking moment of their lives. Ours should be a repetitive mix of 0day, Tequila and of course as you would expect, security rap lyrics.

Lastly while speaking of blogging I am sure there will be some interesting things to "blog about" at this years Blackhat in Vegas.

We hope to see all of you out there, and for those that can not make it, see you next Tuesday!

Marc Maiffret
Chief Hacking Officer
eEye Digital Security