Sebastian Wain – Page 2 – Nektra Blog – Software Development Company

Capturing Unencrypted HTTPS Requests and Responses (As Seen at BlackHat Arsenal)

Today Manuel Fernandez is presenting HookME at Black Hat USA Arsenal 2013. HookME is software designed for intercepting communications which uses the Nektra Deviare Engine for binary instrumentation. HookME can intercept unencrypted HTTPS web traffic. Many different proxy servers are used to intercept HTTP traffic. Fiddler is the most popular one for generic purposes. Burp Proxy is the leader for security testing. […]

Intercepting Direct3D COM Objects and Making Game Walls Invisible

Using Deviare to Cheat on Games This simple Deviare code allows you to to see through game walls. We intercept Direct3D objects and select wireframe mode so the walls are transparent. This code injects a DLL to create an object based on the IDirect3D9 interface and hook the address of the CreateDevice COM method from […]

SQL Server Interception and SQL Injection Attack Prevention

Note: we updated the code on August 23, 2013. The new code includes an “abort” feature, discussed in the article Instrumenting Microsoft SQL Server to Abort Dangerous Queries. Our Deviare hooking engine can be used to hook into Microsoft SQL Server 2012 RTM (11.00.2100.60) and 2014 CTP1 queries at the application level. Tools like WireShark use a […]

How to Identify Virtual Table Functions with the VTBL IDA Pro Plugin

VTBL is an IDA script which identifies all the virtual tables found in any module of a native process. The virtual tables can be related to a COM or a C++ class. Unlike other tools, ours does not depend on a specific compiler to obtain a virtual table. This makes it an essential tool for […]

Benchmarking IE6 Virtualization: VMware ThinApp vs. Symantec Workspace Virtualization

Introduction Our Application Packaging Services team wanted to measure the performance of different virtualization products. Below we use SpyStudio to compare ThinApp and Workspace Virtualization performance. Both Symantec and VMware highlight the use of application virtualization to run legacy web applications. There is a huge number of mission critical web applications that only run correctly on Internet […]

Application Virtualization Testing and Troubleshooting with SpyStudio and Deviare

In Spy Studio: Solving an Issue on IE6 we troubleshot an issue that happens while virtualizing an Internet Explorer 6 (IE6) layer for Japanese using Symantec Workspace Virtualization. IE6 worked when IE8 was installed as the base operating system but not when the base was IE9. In the following screenshot we show how Spy Studio’s trace […]

Improving Deviare Hooking Performance with Custom Hooks

More Binary Instrumentation Alternatives Deviare now has custom hooks to improve hooking performance. With custom hooks, two “OnFunctionCall” events are triggered: one in the SpyMgr process, and the other within the agent. The custom hook can send data, or custom parameters. to the SpyMgr process. The custom Deviare modules running in the agent have access […]

Automating Google’s Doodles: 4.9 Second Record on Hurdles

And now for something completely different. The AutoIt script below will make you run Google’s hurdles doodle faster than Usain Bolt: 4.9 seconds is our automation record. Can you improve it? Surely there is room for more records before the London 2012 Olympics end. We deal with AutoIt on a daily basis since we use […]

Windows Live Mail API Anti-Virus Example

One of the top uses of our Windows Live Mail API is integrating a vendor antivirus to the Windows Live Mail desktop client. For example, Trend Micro’s Titanium Security Solutions uses it to integrate with Windows Live Mail and recognize viruses. The C# code sample below uses the nClam library to interface with an open […]

Windows API Hooking in Python with Deviare

The code below uses Python to intercept the CreateFile function on the kernel32.dll to forbid opening certain files. It hooks the CreateFile function for the notepad.exe application. The Python code is very small and to the point, and you can customize it for your own purposes. For example, it can be used to sandbox an […]