64-bit Microsoft Office Applications Do Not Like Stack Walking

Our SpyStudio tool intercepts application system calls and retrieves the called functions by inspecting the call-stack. We were unable to access stack information in the last few 64-bit releases of Microsoft Office products. When we use SpyStudio to intercept an Office installation or most Office applications like Word or Excel, they start normally, but eventually exit silently. […]

Nektra and VMware are Collaborating to Simplify Application Virtualization Packaging

Nektra’s SpyStudio provides tools allowing for application harvesting and simplified packaging for the VMware ThinApp offering Nektra and VMware, Inc. have been collaborating to significantly improve the process of creating and troubleshooting VMware ThinApp application virtualization packages with the SpyStudio application. The video below shows the SpyStudio new ability to harvest applications directly from the […]

Instrumenting Microsoft SQL Server to Abort Dangerous Queries

Hernan has added a new feature to the code offered in our article SQL Server Interception and SQL Injection Attack Prevention. Now it is possible to cancel queries as well as watch them. The code sample uses the Deviare Interception Engine’s call-skipping feature to abort the execution of the CSQLSource::Execute function. The code distribution includes […]

Using Deviare to Create a Temporary Zero Day Patch

Zero day vulnerabilities put organizations at the mercy of vendors. These vulnerabilities are like a ticking bomb: you do not know when someone will exploit them. Writing your own patch for closed source applications is, in most cases, a complex mission that can take even longer than the vendor solution. When you use legacy software […]

Capturing Unencrypted HTTPS Requests and Responses (As Seen at BlackHat Arsenal)

Today Manuel Fernandez is presenting HookME at Black Hat USA Arsenal 2013. HookME is software designed for intercepting communications which uses the Nektra Deviare Engine for binary instrumentation. HookME can intercept unencrypted HTTPS web traffic. Many different proxy servers are used to intercept HTTP traffic. Fiddler is the most popular one for generic purposes. Burp Proxy is the leader for security testing. […]