27 January 2014

Whatsapp stores its messages and contact list in plain-text-sqlite database

Last night I was doing some app-forensics on my android device where I was investigating internal files for Whatsapp application 'com.whatsapp'. First I checked shared_preferences directory which I found interesting somehow, next I have checked databases directory where my shock exists !

23 October 2013

27 August 2013

Cairo Security Camp 2013

22 June 2013

[C Tutorial] Course Content

Hello Guys,
I have setup the course content for the new C programming language tutorial. I thought that it will help you to  put your hands on my plan for you for the next weeks. Good luck

23 April 2013

Packetyzer: A step towards future

Long time I didn't write on the blog, but I am back with my latest and first paper on Packetyzer, my first packet analysis C++ library. 

Packetyzer is a high level library for C++ designed to make easier the forging and decoding of network packets. It has the ability to decode packets of most common network protocols, capture them and send them on the wire. This capability allows construction of tools that can probe, scan or attack networks.

It enables the creation of networking tools in a few lines. A packet is described by its where Fields of each layer have useful default values that you can overload. It has the ability to analyze pcap files or captured packets using Wireshark.

Packetyzer has the ability to capture packets, analyze them and send them over the wire. It analyzes the packets and the connection streams ... from the Ethernet header to the Application layer protocols. Packetyzer is in the form of Dynamic Link Library (DLL) that will help to be included in many tools and projects.

13 July 2012

Windows Buffer Overflow Explained - Part 2

Welcome back, in part 1 we talked about the definition of the buffer overflows and how they can occur, also we talked about memory and its relations to buffer overflow. In this part we are continuing our series talking about Registers and Shellcodes.

Processors contain memory known as registers. These registers are very small and are used for very fast processing. Registers can be thought of as variables for assembly. Registers are classified according to the functions they perform. High level registers can be categorised in four sections
  • General purpose 
  • Segment 
  • Control 
  • Other 

Registers EAX, EBX, ECX, EDX, ESI and EDI are used for general purpose variables such as mathematical operations and hold  data for an operation. These are 32 bit registers on a 32 bit processor. The 16 bit registers for EAX, EBX, ECX and EDX are known as AX, BX, CX and DX. Finally 8 bit registers are known as AL, BL, CL and DL which are the low order bits. High order bits are known as AH, BH, CH and DH. These 16 and 8 bit  registers exist for backwards compatibility and are very useful when producing smaller shellcode. The "E" means extended to address the full 32-bit registers.