Results 1 to 5 of 5

Thread: research.eeye.com

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915

    research.eeye.com

    Hey Hey,

    This has come across vuln-dev and bugtraq... It's actually quite interesting.. eEye has released all their tools (some previously private) on a new research site.

    The Binary Diffing Suite looks quite interesting... I'll let everyone know how it goes when I test it out.

    Hi,

    I am happy to announce to the first incarnation of http://research.eEye.com. On this site you can find everything from our previously released advisories to our previously unreleased research tools. A lot of these tools are seeing daylight for the first time outside of eEye so we do expect there to be bugs we have not noticed before. We definitely encourage your feedback. You can provide such feedback directly to research via skunkworks@eeye.com.

    Besides the new site, which will continue to be updated, we are also releasing a few new tools today:

    eEye Binary Diffing Suite
    You can probably guess what this is... It is a new set of free tools we are releasing that can be used to perform binary differential analysis. This is obviously very useful in doing patch reverse engineering and related tasks. There are still some bugs to be worked out so expect some more updates over time not only in bug fixes but also as we expand its capabilities as far as function matching etc... We have released this as open source so feel free to send email feedback or questions, and if you so chose, improvements.

    Duster
    Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. The Duster DLL activates automatically upon being loaded into a process. Windows NT 4.0/2000/XP/2003 only.

    We also have done some updates to some classics including BootRoot with the release of the SysRQ.iso so you can subvert the Windows kernel as it loads and spawn a nice SYSTEM command prompt, equally useful for system administrators who forget their password etc... We also have posted the presentation for PiXiE which is a proof-of-concept network boot virus, for those of you moving to thin clients, you might want to double check the security of said systems.

    And there is of course "the blog" with which we finally have joined the masses of teenagers and security researchers alike who want to tell you about every waking moment of their lives. Ours should be a repetitive mix of 0day, Tequila and of course as you would expect, security rap lyrics.

    Lastly while speaking of blogging I am sure there will be some interesting things to "blog about" at this years Blackhat in Vegas.

    We hope to see all of you out there, and for those that can not make it, see you next Tuesday!

    Signed,
    Marc Maiffret
    Founder/CTO
    Chief Hacking Officer
    eEye Digital Security
    Peace,
    HT

  2. #2
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I can not seem to get to the site. I am getting a

    Bad Request (Invalid Host Name)

    error

    Regards,

    m2
    Work... Some days it's just not worth chewing through the restraints...

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Originally posted here by mmelby
    I can not seem to get to the site. I am getting a

    Bad Request (Invalid Host Name)

    error

    Regards,

    m2
    that is because there is a trailing . before the / in the URL linked above.

    just go to http://research.eeye.com and you will be fine

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  4. #4
    Odd, in Mozilla is resolved it for me. Even with the . at the end
    Tachyon

    |-----|Alcohol is my anti-drug |-----|

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Firefox 1.5.0.4 didn't resolve it for me with the ./ even though it should. Trailing . is how it is /supposed/ to be and should be understood by all browsers... think RFC 1738 for fully qualified host names but then RFC 2396 kind of counters that and allows the browsers to not be compliant.

    /shrug

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •