Recon2012 - PREVIEW
Recon 2012
| Speakers | |
|---|---|
|
Mohamed Saher |
| Schedule | |
|---|---|
| Day | Day 2 - 2012-06-15 |
| Room | Grand Salon |
| Start time | 10:30 |
| Duration | 00:30 |
| Info | |
| ID | 222 |
wint0psy framework
wint0psy is a framework aimed at helping researchers do various tasks such as, but not limited to:
- Behavioral tracing of win32 applications at run-time
- Compiled level function fuzzing
- Hijacking of parameter value to API and compiled code functions
- Hijacking return values of API and compiled code
- Hijacking of registers values before or after API and compiled code
- Remote code injection of code segments or compiled code
- Remote module (DLL) injection/ejection
- Dumping of hooked processes with fixups
- Heap memory exploration and modification
- Customizatable target-specific modules (plugins) ... and more All configurations for targeted applications are stored in XML files for wint0psy to process; some of these configuration will be automatically generated.