An online technology media property, dedicated to provide content about Reversing, Malware analysis, Firmware(UEFI/BIOS) and other low level stuff.

Peeling Back the Layers: Understanding Windows components Architecture through SAC/EMS Reversing

In this article, we will be exploring the inner workings of how SAC operates! This will also give you a better understanding of the low-level components of Windows implementation details, and what you can look forward to after reversing them.

Setting up EMS ( Emergency Management Services) SAC in Windows running inside Hyper-v

In this article I will walk you though the process of setting up EMS (Emergency Management Services) for a system running in Hyper-V Virtual machine. We will also look into the features that EMS SAC provides.

Remote Kernel Debugging Windows virtual machine (Generation 2) using Serial COM running inside Hyper-v

This article is a step by step guide to attach windbg to remote windows kernel running inside generation 2 Hyper-V.

Nostalgic memory - An attempt to understand the evolution of memory corruption mitigations - Part 4

This article series is a technical dive into the evaluation of these memory corruption mitigations. This part is focus on memory error detection tools introduced over years.

Nostalgic memory - An attempt to understand the evolution of memory corruption mitigations - Part 3

This article series is a technical dive into the evaluation of these memory corruption mitigations. This part is focus on mitigations that second generation, mostly introduced after 2010.

Nostalgic memory - An attempt to understand the evolution of memory corruption mitigations - Part 2

This article series is a technical dive into the evaluation of these memory corruption mitigations. This part is focus of mitigations that first generation, introduced before 2010 mostly.

Nostalgic memory - An attempt to understand the evolution of memory corruption mitigations - Part 1

Arbitrary Code execution due to memory corruption is there since the years and still a major thing. Over the year, new protective measures have been introduced periodically to mitigate these attacks.This article series is a technical dive into the evaluation of these memory corruption mitigations.

Summary of linux kernel security protections and associated attacks

Linux kernel goes through rapid changes frequently. Unlike other platforms, Linux security features are not advertised enough and are limited to mail threads. Since Linux is getting more popular, it's important to be aware about protections it provides against sophisticated attacks targeting kernel.

Uncovering the security protections in MAC - XProtect and MRT

In the second part of the series I will discuss on XProtect and MRT working and limitations for both the setups. This will give you an idea how robust Macos default malware detection solution is.

Uncovering the security protections in MacOS - Gatekeeper

In this series, I will be uncovering the internals of MacOS security protections. In this part I will be focus on Gatekeeper.

Hooking or Monitoring System calls in linux using ftrace

In this post we will see how can you use ftrace to hook linux system calls. For learning purpose, we will create a kernel module that will make any target file immutable in system.

Remote debugging windows kernel driver(without symbols) using windbg

In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.