MacOS Security 22 February 2022 Uncovering the security protections in MAC - XProtect and MRT In the second part of the series I will discuss on XProtect and MRT working and limitations for both the setups. This will give you an idea how robust Macos default malware detection solution is.
Featured MacOS Security 22 February 2022 Uncovering the security protections in MacOS - Gatekeeper In this series, I will be uncovering the internals of MacOS security protections. In this part I will be focus on Gatekeeper.
Rootkits 24 September 2021 Hooking or Monitoring System calls in linux using ftrace In this post we will see how can you use ftrace to hook linux system calls. For learning purpose, we will create a kernel module that will make any target file immutable in system.
Reverse engineering 2 July 2021 Remote debugging windows kernel driver(without symbols) using windbg In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.
Featured Firmware 20 March 2021 Firmware security 3: Digging into System management mode (SMM) In the third part of the series we are going to discuss System management mode (SMM) and it's security. Moreover, We will try to interact with the SMM from our linux system.
Featured Firmware 14 November 2020 Firmware security 1: Playing with PCI device memory In this part of the series we will go through the basic of PCI devices and their memory. We will be developing linux kernel driver and using chipsec to analyze the data practically.
Exploit Development 20 October 2020 Impact of x64 calling convention in format string exploitation In this post I will try to give you a brief on how format string exploitation can differ in 64 bit architecture due to different calling convention in 64 bit.
Windows OS 5 August 2020 Fixing DLL exports for DLL hijacking(DLL proxy) In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy
Featured Windows OS 31 July 2020 Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks.
Tutorial 10 June 2020 Developing and Installing your first Kernel driver in Windows 10(under 10 min) Windows kernel development is painful to follow after lots of changes in driver handling by windows. In this article I will help you with developing and installing your driver in less than 10 minutes in windows 10.
Exploit Development 28 April 2020 Breaking Antivirus: Arbitrary file deletion using Symbolic link A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it.
Featured Exploit Development 16 April 2020 Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them.
Featured Intel architecture 21 February 2020 Segmentation in Intel x64(IA-32e) architecture - explained using Linux In this article we will go through Segmentation in basic and cover it for x64 (IA-32e) processors by extracting the details inside a Linux system.
Malware 26 December 2019 Malware analysis interview questions with detailed answers (Part 4) In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff.
Virtualization 12 November 2019 Developing hypervisor from scratch: Part 4 - Setting up HOST and GUEST State In this article series you are going to learn how to develop your own hypervisor for virtualization in linux ecosystem. In this part we will do the setup of HOST and GUEST state area and at last the vmlaunch.
