Follow

Subscribe to nixhacker - The Reverser's Space

Get the latest posts delivered right to your inbox

Great! Check your inbox and click the link to confirm your subscription

Please enter a valid email address!
Log in Sign up

Shubham Dubey

Shubham Dubey

Besides being a Linux & Open source advocate, I spent most of my time in working on low level security stuff(Reversing, Rootkits, Bios, negative rings etc).

India https://www.linkedin.com/in/shubham0d/

Summary of linux kernel security protections and associated attacks

Linux

Summary of linux kernel security protections and associated attacks

Linux kernel goes through rapid changes frequently. Unlike other platforms, Linux security features are not advertised enough and are limited to mail threads. Since Linux is getting more popular, it's important to be aware about protections it provides against sophisticated attacks targeting kernel.

By Shubham Dubey 1 Jan 2023

Uncovering the security protections in MAC - XProtect and MRT

Uncovering the security protections in MAC - XProtect and MRT

In the second part of the series I will discuss on XProtect and MRT working and limitations for both the setups. This will give you an idea how robust Macos default malware detection solution is.

By Shubham Dubey 22 Feb 2022

Uncovering the security protections in MacOS - Gatekeeper

Uncovering the security protections in MacOS - Gatekeeper

In this series, I will be uncovering the internals of MacOS security protections. In this part I will be focus on Gatekeeper.

By Shubham Dubey 22 Feb 2022

Hooking or Monitoring System calls in linux using ftrace

Rootkits

Hooking or Monitoring System calls in linux using ftrace

In this post we will see how can you use ftrace to hook linux system calls. For learning purpose, we will create a kernel module that will make any target file immutable in system.

By Shubham Dubey 24 Sep 2021

Remote debugging windows kernel driver(without symbols) using windbg

Reverse engineering

Remote debugging windows kernel driver(without symbols) using windbg

In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.

By Shubham Dubey 2 Jul 2021

Firmware security 3: Digging into System management mode (SMM)

Firmware

Firmware security 3: Digging into System management mode (SMM)

In the third part of the series we are going to discuss System management mode (SMM) and it's security. Moreover, We will try to interact with the SMM from our linux system.

By Shubham Dubey 20 Mar 2021

Firmware security 1: Playing with PCI device memory

Firmware

Firmware security 1: Playing with PCI device memory

In this part of the series we will go through the basic of PCI devices and their memory. We will be developing linux kernel driver and using chipsec to analyze the data practically.

By Shubham Dubey 14 Nov 2020

Impact of x64 calling convention in format string exploitation

Exploit Development

Impact of x64 calling convention in format string exploitation

In this post I will try to give you a brief on how format string exploitation can differ in 64 bit architecture due to different calling convention in 64 bit.

By Shubham Dubey 20 Oct 2020

Fixing DLL exports for DLL hijacking(DLL proxy)

Windows OS

Fixing DLL exports for DLL hijacking(DLL proxy)

In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy

By Shubham Dubey 5 Aug 2020

Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links

Windows OS

Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links

In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks.

By Shubham Dubey 31 Jul 2020

Developing and Installing your first Kernel driver in Windows 10(under 10 min)

Tutorial

Developing and Installing your first Kernel driver in Windows 10(under 10 min)

Windows kernel development is painful to follow after lots of changes in driver handling by windows. In this article I will help you with developing and installing your driver in less than 10 minutes in windows 10.

By Shubham Dubey 10 Jun 2020

Breaking Antivirus: Arbitrary file deletion using Symbolic link

Exploit Development

Breaking Antivirus: Arbitrary file deletion using Symbolic link

A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it.

By Shubham Dubey 28 Apr 2020

Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP

Exploit Development

Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP

Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them.

By Shubham Dubey 16 Apr 2020

Segmentation in Intel x64(IA-32e) architecture - explained using Linux

Intel architecture

Segmentation in Intel x64(IA-32e) architecture - explained using Linux

In this article we will go through Segmentation in basic and cover it for x64 (IA-32e) processors by extracting the details inside a Linux system.

By Shubham Dubey 21 Feb 2020

Malware analysis interview questions with detailed answers (Part 4)

Malware

Malware analysis interview questions with detailed answers (Part 4)

In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff.

By Shubham Dubey 26 Dec 2019