Binary obfuscation - String obfuscating in C

The first step in reversing any binary for any purpose is to try and elicit any meaningful information that is most easy to retrieve. One such information is clear text strings in the binary. They may disclose a lot of information if the programmer did not take care to remove …



How to manually install Security Policy via cli on Checkpoint Gaia.

The usual way to install a policy is by clicking Install in the SmartDashboard of course, but if need arises to do so from the command line of the Checkpoint Management server we do it this way: fwm load



The one command to clear ALL the connections on a Checkpoint firewall - use with care

Checkpoint firewalls are pretty dynamic and interactive to our changes, for the most of the changes done by administrator it is enough to install the policy for the changes to take immediate effect. In the rare cases when changes (seemingly) do not take effect, it is probably because the particular …



What ports 18190 18209 18210 18211 in Checkpoint are used for

What ports 18190, 18209, 18210, 18211, in Checkpoint are used for ? For the correct functioning the Checkpoint uses quite a lot of ports, some are a must some or not. The ports listed above are in ‘a must’ category. Let’s see: 18190 (NOTE: R77.x versions only, starting with …



HIEW Hex editor tutorials series , part 2 – the basics.

Round up of the basic HIEW commands used: Command Action Change the color scheme edit hiew8.ini the last section "Colors", set ColorMain = 0x07 to have the black background. ESC To exit any window/mode without saving the changes. F1 Context-sensitive help. F3 Enter the Edit mode. ENTER In the …



HIEW Hex editor tutorials series , part 1 – the history.

The story of this hex editor started in the dark 90-s. The first name was ViHE (Viewer-HexEditor) and was released by its author Eugene Suslikov as a free software in early 1991. As he stated back then “for occasional looking into and changing few bytes in a file, like 7xh …



XCK and CRK file formats for binary patching in Windows.

Do not bother Googling these file types as they belong with the era before Google even existed. In these pre-Google Dark Ages there were people taking pride in circumventing software protections or cracking in other words, and believe or not – absolutely for free. Yep, even DMCA didn’t exist back …



NMAP UDP DNS scan unexpected packets sending

I got the other day an automated mail alert from some ID/IPS equipment that ‘ a NULL DNS scan was detected and blocked from your IP’. NULL DNS scan? I wasn’t sending any such packets, not to mention I have no idea what they mean by that. After some …



Last measure for the desperate case of a lost access to the Check Point firewall

It may happen to anyone – mistaken security rule “Any Any Drop”, or using dynamic object for URL block. The end result – after the policy install you have no administrative access to the firewall with SmartDashboard/ssh/https. For this case Check Point came with fw unloadlocal console/SSH expert level …



How many times can we change IP address of the Check Point license?

TLDR: 6 times. Today most licenses are of a central type so we rarely need to change their IP address as IP address of the Management server does not change that often. Still, if this happens then there is an option to change IP address or re-license the existing license …