WALEEDASSAR.BLOGSPOT.COM

waliedassar

Searching for professional challenges. Saturday, April 4, 2015. VirtualBox Detection Via WQL Queries. Here i have tried to group most of the WMI classes that can be used to detect VirtualBox Virtual Machine. They are as follows:. 1) Win32 NetworkAdapterConfiguration (Alias: NICCONFIG). 2) Win32 SystemDriver (Alias: sysdriver). 3) Win32 NTEventLog (Alias: NTEventLog). 4) Win32 BIOS (Alias: bios). 5) Win32 DiskDrive (Alias: diskdrive). 6) Win32 StartupCommand (Alias: Startup). Posted by Walied Assar. But i...

http://waleedassar.blogspot.com/

OVERVIEW OF waleedassar.blogspot.com

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR WALEEDASSAR.BLOGSPOT.COM

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

November

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Thursday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 3.0 out of 5 with 7 reviews

5 star

1

4 star

2

3 star

2

2 star

0

1 star

2

Hey there! Start your review of waleedassar.blogspot.com

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

1.4 seconds

FAVICON PREVIEW

16x16
32x32
64x64
128x128

CONTACTS AT WALEEDASSAR.BLOGSPOT.COM

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

18

SSL

EXTERNAL LINKS

56

SITE IP

74.125.228.236

LOAD TIME

1.443 sec

SCORE

6.2

PAGE TITLE

waliedassar | waleedassar.blogspot.com Reviews

<META> DESCRIPTION

Searching for professional challenges. Saturday, April 4, 2015. VirtualBox Detection Via WQL Queries. Here i have tried to group most of the WMI classes that can be used to detect VirtualBox Virtual Machine. They are as follows:. 1) Win32 NetworkAdapterConfiguration (Alias: NICCONFIG). 2) Win32 SystemDriver (Alias: sysdriver). 3) Win32 NTEventLog (Alias: NTEventLog). 4) Win32 BIOS (Alias: bios). 5) Win32 DiskDrive (Alias: diskdrive). 6) Win32 StartupCommand (Alias: Startup). Posted by Walied Assar. But i...

<META> KEYWORDS

1 waliedassar

2 10 win32 localprogramgroup

3 18 win32 videocontroller

4 2 comments

5 email this

6 blogthis

7 share to twitter

8 share to facebook

9 share to pinterest

10 trick mentioned here

CONTENT

Page content here

KEYWORDS ON PAGE

waliedassar,10 win32 localprogramgroup,18 win32 videocontroller,2 comments,email this,blogthis,share to twitter,share to facebook,share to pinterest,trick mentioned here,and sharecount,and/or sharecount,for breakpoints,or queryworkingsetex,functions

SERVER

GSE

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

waliedassar | waleedassar.blogspot.com Reviews

https://waleedassar.blogspot.com

Searching for professional challenges. Saturday, April 4, 2015. VirtualBox Detection Via WQL Queries. Here i have tried to group most of the WMI classes that can be used to detect VirtualBox Virtual Machine. They are as follows:. 1) Win32 NetworkAdapterConfiguration (Alias: NICCONFIG). 2) Win32 SystemDriver (Alias: sysdriver). 3) Win32 NTEventLog (Alias: NTEventLog). 4) Win32 BIOS (Alias: bios). 5) Win32 DiskDrive (Alias: diskdrive). 6) Win32 StartupCommand (Alias: Startup). Posted by Walied Assar. But i...

INTERNAL PAGES

waleedassar.blogspot.com

1

waliedassar: October 2012

http://waleedassar.blogspot.com/2012_10_01_archive.html

Searching for professional challenges. Tuesday, October 30, 2012. Virtual PC vs. CPUID. In this post i will show another weird behavior of Virtual PC 2007. This time it is about the CPUID. Instruction. As most of you already know well what the CPUID. Is for and how it works, i will directly jump into the main topic. Disables interrupts for one instruction. Oh, wait, how is that? Imagine we want to trace a sequence of x86. Instruction. What the debugger does in that situation is as follows:. Trick Since i...

2

waliedassar: November 2012

http://waleedassar.blogspot.com/2012_11_01_archive.html

Searching for professional challenges. Saturday, November 24, 2012. SuppressDebugMsg As Anti-Debug Trick. In this post i will show you a new anti-debug trick that affects many debuggers e.g. WinDbg. When you load a module into the address space of a process usually via calling e.g. the kernel32. Function, the debugger is notified of this through the LOAD DLL DEBUG EVENT. Event This occurs at the point the " NtMapViewOfSection. Function calls the " DbgkMapViewOfSection. As we saw in the previous. Always f...

3

waliedassar: VirtualBox Detection Via WQL Queries

http://waleedassar.blogspot.com/2015/04/virtualbox-detection-via-wql-queries.html

Searching for professional challenges. Saturday, April 4, 2015. VirtualBox Detection Via WQL Queries. Here i have tried to group most of the WMI classes that can be used to detect VirtualBox Virtual Machine. They are as follows:. 1) Win32 NetworkAdapterConfiguration (Alias: NICCONFIG). 2) Win32 SystemDriver (Alias: sysdriver). 3) Win32 NTEventLog (Alias: NTEventLog). 4) Win32 BIOS (Alias: bios). 5) Win32 DiskDrive (Alias: diskdrive). 6) Win32 StartupCommand (Alias: Startup). You can find it on GitHub here.

4

waliedassar: December 2012

http://waleedassar.blogspot.com/2012_12_01_archive.html

Searching for professional challenges. Friday, December 7, 2012. In this post i will not present any new tricks but i will instead discuss a new issue introduced in later versions of Windows regarding thread creation. In a previous post. I quickly explained the ntdll. Function and its flag HideFromDebugger 0x4. That when passed to the function causes the new thread to be created hidden from debuggers. In this post we will see another interesting flag. That i prefer to call it SuppressDllMains 0x2. In C c...

5

waliedassar: August 2012

http://waleedassar.blogspot.com/2012_08_01_archive.html

Searching for professional challenges. Sunday, August 5, 2012. If you are still using Windows 2000. You must have noticed that certain executables refuse to run. Actually, this is due to the executables being built with Microsoft Visual Studio. Which sets the MajorSubSystemVersion. In the PE header. In other words, it creates executables to run on Windows XP. And above. This causes Windows 2000. To refuse to load these executables. If we start at address 0x7C4F1ECE. Function with the " InformationClass.

UPGRADE TO PREMIUM TO VIEW 13 MORE

TOTAL PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: Windows Thread Suspension Internals Part 1

http://rce4fun.blogspot.com/2014/11/windows-thread-suspension-internals.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Thursday, November 27, 2014. Windows Thread Suspension Internals Part 1. It's been a while since I haven't shared anything concerning Windows internals and I'm back to talk in detail about how Windows thread suspension and resumption works. I'm going to discuss the mentioned topics in this blog post and incoming ones. Even though it can be discussed in one or two entries but I'm quite busy with studies. If we came from usermode (Curr...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: CSAW CTF 2014 - Ish Exploitation 300 Write-up

http://rce4fun.blogspot.com/2014/09/csaw-ctf-2014-ish-exploitation-300.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Monday, September 22, 2014. CSAW CTF 2014 - Ish Exploitation 300 Write-up. This time with a quick writeup . Well , I took some time to reverse the binary under IDA and I soon discovered that the vulnerability was a memory leak which leaks 16 bytes from the stack and the vulnerable function was cmd lotto. Here's the full exploit :. I'll publish a writeup for exploitation 400 ( saturn ) as soon as possible. Download binary : Here.

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: January 2014

http://rce4fun.blogspot.com/2014_01_01_archive.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Thursday, January 30, 2014. Creating and using your own 'heap' manager. First of all, I didn't want to write a long title so I've put word heap. Between apostrophes, simply because in this example we're not creating or managing a heap, but a (zeroed) chunk of memory which we reserve from the virtual address space of our application. (we'll commit from the reserved chunk as needed). Back to our topic : I spent much time in the previou...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: May 2014

http://rce4fun.blogspot.com/2014_05_01_archive.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Sunday, May 4, 2014. Windows Heap Overflow Exploitation. The vulnerability that we'll be exploiting together is a heap overflow vulnerability occurring in a custom heap built by the application. The vulnerable software is : ZipItFast 3.0. I've actually got the POC from exploit-db , you can check it right here :. Http:/ www.exploit-db.com/exploits/17512/. Oh , and there's also a full exploit here :. Then click on the Test button.

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: February 2014

http://rce4fun.blogspot.com/2014_02_01_archive.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Sunday, February 23, 2014. CodeGate CTF 2014 - Reverse 250 Clone Technique Write-up. The concept of this Crackme is really simple but reaching the right Track took me hours and hours because I was looking deeper into it and the answer was right in front of me :) . The challenge is named "Clone Technique" used in Naruto Manga , the process creates many instances of it (using CreateProcessW. The function will use both values in a loop ...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: September 2014

http://rce4fun.blogspot.com/2014_09_01_archive.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Monday, September 22, 2014. CSAW CTF 2014 - "saturn" Exploitation 400 Write-up. The description for this task was :. You have stolen the checking program for the CSAW Challenge-Response-Authentication-Protocol system. Unfortunately you forgot to grab the challenge-response keygen algorithm (libchallengeresponse.so). Can you still manage to bypass the secure system and read the flag? Nc 5485.89.65 8888. Let's carry on :. Next, we will...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: ASIS CTF Finals 2014 - Satellite Reloaded Reverse 250 Writeup

http://rce4fun.blogspot.com/2014/10/asis-ctf-finals-2014-satellite-reloaded.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Monday, October 13, 2014. ASIS CTF Finals 2014 - Satellite Reloaded Reverse 250 Writeup. I really enjoyed playing this CTF with Spiderz team and we ended at position 23. This reversing challenge was for 250 points , and here's a brief write-up about it :. After decrypting , we get the following large equation :. For example to make this statement true :. A[12] a[20]) and (! A[12] must equal : 0. A [20] must equal : 1. In the string s...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: CSAW CTF 2014 - "saturn" Exploitation 400 Write-up

http://rce4fun.blogspot.com/2014/09/csaw-ctf-2014-saturn-exploitation-400.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Monday, September 22, 2014. CSAW CTF 2014 - "saturn" Exploitation 400 Write-up. The description for this task was :. You have stolen the checking program for the CSAW Challenge-Response-Authentication-Protocol system. Unfortunately you forgot to grab the challenge-response keygen algorithm (libchallengeresponse.so). Can you still manage to bypass the secure system and read the flag? Nc 5485.89.65 8888. Let's carry on :. Next, we will...

rce4fun.blogspot.com

Reverse Engineering 0x4 Fun: October 2014

http://rce4fun.blogspot.com/2014_10_01_archive.html

Reverse Engineering 0x4 Fun. Reverse Engineering and Windows Internals. Monday, October 13, 2014. ASIS CTF Finals 2014 - Satellite Reloaded Reverse 250 Writeup. I really enjoyed playing this CTF with Spiderz team and we ended at position 23. This reversing challenge was for 250 points , and here's a brief write-up about it :. After decrypting , we get the following large equation :. For example to make this statement true :. A[12] a[20]) and (! A[12] must equal : 0. A [20] must equal : 1. In the string s...

thisissecurity.net

Win32/Atrax.A | This is Security :: by Stormshield

https://thisissecurity.net/2014/08/20/win32atrax-a

This is Security : by Stormshield. August 20, 2014 —. Atrax’s specification highlight us about anti-analyzer technics:. Anti-Analyzer (Protection against e.g. anubis.iseclab.org, malwr.com). If you need: Anti-VM (Please request it explicitly). The sample we studied was seen in the wild in April 2014 and submitted to the VirusTotal web site ( https:/ www.virustotal.com/en/file/adf246a57baecef5c8c85c60152e9b2f5060bf2e720ad1623cc95177e7259401/analysis/. Anubis http:/ anubis.iseclab.org/. Except Anubis, it b...

UPGRADE TO PREMIUM TO VIEW 46 MORE

TOTAL LINKS TO THIS WEBSITE

56

SOCIAL ENGAGEMENT

waleedassar

OTHER SITES

waleedandchelli.wordpress.com

Protected Blog › Log in

Https:/ waleedandchelli.wordpress.com/. Is marked private by its owner. If you were invited to view this site, please log in. Below Read more about privacy settings. Larr; Back to WordPress.com.

waleedanwer.wordpress.com

Waleed Anwer Blog | Microsoft Technologies Blog

It seems we can’t find what you’re looking for. Perhaps searching can help. Blog at WordPress.com. Blog at WordPress.com. Follow “Waleed Anwer Blog”. Get every new post delivered to your Inbox. Build a website with WordPress.com. Add your thoughts here. (optional).

waleedarram.com

Waleed Arram Interior Design

waleedassar.blogspot.com

waliedassar

Searching for professional challenges. Saturday, April 4, 2015. VirtualBox Detection Via WQL Queries. Here i have tried to group most of the WMI classes that can be used to detect VirtualBox Virtual Machine. They are as follows:. 1) Win32 NetworkAdapterConfiguration (Alias: NICCONFIG). 2) Win32 SystemDriver (Alias: sysdriver). 3) Win32 NTEventLog (Alias: NTEventLog). 4) Win32 BIOS (Alias: bios). 5) Win32 DiskDrive (Alias: diskdrive). 6) Win32 StartupCommand (Alias: Startup). Posted by Walied Assar. But i...

waleedazhar.com

Waleed Azhar

Movies and TV Shows and Podcasts. Your Custom Text Here. Movies and TV Shows and Podcasts. Familiarize yourself with our studio and course offering by signing up for a complimentary drop-in class now. Donec id elit non mi porta gravida at eget metus sollicitudin condimentum egestas.

waleedbarkasiyeh.wordpress.com

فقاعات صابون | ربما تتلاشى بسرعة … لكنها تخلق داخلها للحظة عالماً أبدياً من الجمال // وليد بركسية //

ربما تتلاشى بسرعة … لكنها تخلق داخلها للحظة عالما أبديا من الجمال / وليد بركسية /. المرايا المنسكبة من شاشة لابتوب جديد. المرايا المنسكبة من شاشة لابتوب جديد. فقاعات من نفخ الخيال. فقاعات من نفخ الخيال. أليس في بلاد العجائب. أفقد القدرة على الكتابة. أفقد القدرة على الكتابة. لا أستطيع الكتابة كما أريد، أفكر بالكلمات وأرددها بين شفتي ولا أقوى على تحويلها إلى حروف متراصفة على شاشتي حاسوبي المحمول، أشعر بأصابعي تتحجر رغم أصالة كل ما أفكر به، أتوه في الأفكار متناسيا دورة حياتها القصيرة وأنا أبتسم ببلاهة قطة ت...

waleedbata.co.za

Waleed Bata – Songs To The World

A Light Upon The Earth. A Light Upon The Earth. Songs To The World. Assalamualaikum and Welcome to the Official Website of Singer/Song-writer Waleed Bata.

waleedbedour.com

Home

In 2007, he moved to New York to pursue his dream of becoming a prominent director in the American film industry. He passionately continued studying and working in films in New York, where he managed to direct his second short film "Tick Tock" in 2008, which won him the Merit award in Los Angeles Cinema film festival, and was screened in numerous festivals in the USA. After directing few short films, documentaries, and music videos, Waleed is now working on his first feature script "Green Paradise".