PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to instrument its execution, by creating simple scripts in python to automate any kind of analysis. QEMU (when working as a whole-system-emulator) emulates a complete system (CPU, memory, devices…). By using VMI techniques, it does not require to perform any modification into the guest operating system, as it transparently retrieves information from its memory at run-time. Several academic projects such as DECAF, PANDA, S2E, or AVATAR, have previously leveraged QEMU based instrumentation to overcome reverse engineering tasks. These projects allow to write plugins in C/C++, and implement several advanced features such as dynamic taint analysis, symbolic execution, or even record and replay of execution traces. With PyREBox, we aim to apply this technology focusing on keeping the design simple, and on the usability of the system for threat analysts.

Intel Graphics Driver for Windows: EOP vulnerability

Intel has released a security advisory for Intel Graphics Drivers for Windows. Excerpted announcement:

Multiple Potential Vulnerabilities in the Intel® Graphics Driver for Microsoft Windows
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Important

Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows impacting versions prior to 28MAR2016.  The vulnerabilities can lead to a privilege escalation or denial of service condition. Intel highly recommends that customers of the affected products obtain and apply the latest versions of the driver. Discovered by Piotr Bania of Cisco Talos