Featured Firmware 14 November 2020 Firmware security 1: Playing with PCI device memory In this part of the series we will go through the basic of PCI devices and their memory. We will be developing linux kernel driver and using chipsec to analyze the data practically.
Exploit Development 20 October 2020 Impact of x64 calling convention in format string exploitation In this post I will try to give you a brief on how format string exploitation can differ in 64 bit architecture due to different calling convention in 64 bit.
Windows OS 5 August 2020 Fixing DLL exports for DLL hijacking(DLL proxy) In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy
Featured Windows OS 31 July 2020 Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks.
Tutorial 10 June 2020 Developing and Installing your first Kernel driver in Windows 10(under 10 min) Windows kernel development is painful to follow after lots of changes in driver handling by windows. In this article I will help you with developing and installing your driver in less than 10 minutes in windows 10.
Exploit Development 28 April 2020 Breaking Antivirus: Arbitrary file deletion using Symbolic link A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it.
Featured Exploit Development 16 April 2020 Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them.
Featured Intel architecture 21 February 2020 Segmentation in Intel x64(IA-32e) architecture - explained using Linux In this article we will go through Segmentation in basic and cover it for x64 (IA-32e) processors by extracting the details inside a Linux system.
Malware 26 December 2019 Malware analysis interview questions with detailed answers (Part 4) In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff.
Virtualization 12 November 2019 Developing hypervisor from scratch: Part 4 - Setting up HOST and GUEST State In this article series you are going to learn how to develop your own hypervisor for virtualization in linux ecosystem. In this part we will do the setup of HOST and GUEST state area and at last the vmlaunch.
Virtualization 30 September 2019 Developing hypervisor from scratch: Part 3 - Setting up VMCS In this article series you are going to learn how to develop your own hypervisor for virtualization in linux ecosystem. In this part we will do the setup of VMCS structure.
Virtualization 9 August 2019 Developing hypervisor from scratch: Part 2 - VMXON Operation In this article series you are going to learn how to develop your own hypervisor for virtualization in linux ecosystem. In this part we will execute VMXON operation.
Featured Virtualization 8 August 2019 Developing hypervisor from scratch: Part 1 - Intro and Setup In this article series you are going to learn how to develop your own hypervisor for virtualization in linux ecosystem. Also this series will help to learn low level virtualization.
Firmware 19 July 2019 Getting processor information using cpuid instruction and inline assembly cpuid is a processor specific instruction used to get processor's information and features. In this post we are going to learn how to extract those information using inline assembly in c.
Reverse engineering 22 November 2018 What's at 1st sector/MBR of hard disk(MBR Forensics) MBR have lots of details about the hard disk or other storage disk which can be used for forensics purposes. In this article we will analyze the MBR's 512 bytes of data and try to interpret it.