Dennis Yurichev
From yurichev
Dennis Yurichev / Денис Юричев
Reverse engineer, security researcher, programmer.
Click for larger image
Some kind of blog here.
Movies I would recommend.
Books I find worth reading.
Contents |
Areas of expertise
I do reverse engineering like that or that.
I'm also programmer (C/C++/C#/Java/Python/x86 assembler).
Sometimes, I also security researcher.
Available for hire as consultant.
Vulnerabilities I found
- Two DoS vulnerabilities in IBM DB2 9.5 (CVE-2009-0172, CVE-2009-0173):
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36534
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ39373
http://blogs.conus.info/node/17
- CVE-2009-0991 in CPUapr2009 (CVSS 5.0):
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
http://blogs.conus.info/node/18
- Four vulnerabilities patched in CPUjul2009:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
CVE-2009-1970 (CVSS 5.0): http://blogs.conus.info/node/26
CVE-2009-1963 (CVSS 7.5): http://blogs.conus.info/node/25
CVE-2009-1019 (CVSS 7.5): http://blogs.conus.info/node/24
CVE-2009-1020 (CVSS 9.0): http://blogs.conus.info/node/23
- CVE-2009-1979 in CPUoct2009 (CVSS 10.0)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
http://blogs.conus.info/node/28
- CVE-2010-0071 in CPUjan2010 (CVSS 10.0)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html (also listed among security-in-depth contributors)
http://blogs.conus.info/node/38
- CVE-2010-0911 in CPUjul2010 (CVSS 7.8):
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
- Mentioned in CPUapr2011:
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- CVE-2011-2242 in CPUjul2011:
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
- CVE-2012-0072 in CPUjan2012 (on behalf of McAfee Labs):
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- DoS vulnerability in binkd FidoNet mailer:
2009/02/14 15:14:46 1.0a-525 gul protocol.c,2.193,2.194 Bugfix: segfault on crafted input sequences, possible remote DoS for multithread versions (win32 and OS/2). Thanks to Dennis Yurichev.
http://binkd2.grumbler.org/viewcvs/HISTORY?root=binkd&view=co
Some of my projects
- Random notes about reverse engineering for beginners (in Russian language (so far!)): http://wiki.conus.info/
Contacts
E-Mail: dennis(a)yurichev.com
Phone: +380-67-9120653.
Skype: dennis.yurichev
My timezone is EET = East-European time = GMT+2h = EST+7h = PST+10h
Snail mail
Dennis Yurichev P.O. box 10 Kyiv 04071 Ukraine
Archive
- Mirror of Avant Garde Project - series of recordings of 20th-century classical, experimental, and electroacoustic music digitized from LPs whose music has in most cases never been released on CD, and so is effectively inaccessible to the vast majority of music listeners today. mp3 versions of these recordings are also here.
- Dongles: DosBox patches for 93c46-based dongles support, etc.
- MediaWiki GeSHi - Generic Syntax Highlighter asm.php patch: Added MMX/SSE/new x86-64 registers, MMX/SSE (up to 4.2) instructions: patch and patched asm.php
Excel 2+2=5 prank
(practical joke)
I managed to find the "calculator" procedure among 1.5 million x86-commands that make up the code of Microsoft Excel 97.
The runtime-patch program intercepts control right at the place where Excel adds numbers.
You can download the runtime-patcher here, and see its source code excel225.c.
The patcher is to be run from the Excel root directory where excel.exe file is located.
More information about newer Excel versions, etc, you may find in Generic Tracer manual in "BPX examples" section: http://conus.info/gt/gt.html#bpx_ex
