Linux Summary of linux kernel security protections and associated attacks Linux kernel goes through rapid changes frequently. Unlike other platforms, Linux security features are not advertised enough and are limited to mail threads. Since Linux is getting more popular, it's important to be aware about protections it provides against sophisticated attacks targeting kernel. By Shubham Dubey 1 Jan 2023
MacOS Security Uncovering the security protections in MAC - XProtect and MRT In the second part of the series I will discuss on XProtect and MRT working and limitations for both the setups. This will give you an idea how robust Macos default malware detection solution is. By Shubham Dubey 22 Feb 2022
Rootkits Hooking or Monitoring System calls in linux using ftrace In this post we will see how can you use ftrace to hook linux system calls. For learning purpose, we will create a kernel module that will make any target file immutable in system. By Shubham Dubey 24 Sep 2021
Firmware Firmware security 3: Digging into System management mode (SMM) In the third part of the series we are going to discuss System management mode (SMM) and it's security. Moreover, We will try to interact with the SMM from our linux system. By Shubham Dubey 20 Mar 2021
Windows OS Fixing DLL exports for DLL hijacking(DLL proxy) In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy By Shubham Dubey 5 Aug 2020
Windows OS Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks. By Shubham Dubey 31 Jul 2020
Exploit Development Breaking Antivirus: Arbitrary file deletion using Symbolic link A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it. By Shubham Dubey 28 Apr 2020
Exploit Development Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them. By Shubham Dubey 16 Apr 2020
Malware Malware analysis interview questions with detailed answers (Part 4) In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff. By Shubham Dubey 26 Dec 2019
Reverse engineering What's at 1st sector/MBR of hard disk(MBR Forensics) MBR have lots of details about the hard disk or other storage disk which can be used for forensics purposes. In this article we will analyze the MBR's 512 bytes of data and try to interpret it. By Shubham Dubey 22 Nov 2018
Malware Malware analysis interview questions with detailed answers (Part 3) Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is Dynamic analysis, static analysis and debugging. By Shubham Dubey 18 Sep 2018
Exploit Development Exploiting buffer overflow in Windows application through TextBox using only Alphanumeric payload Lets look at how to exploit seh based buffer overflow in WIndows GUI application that have input restrictions of supporting only ascii characters as input. By Shubham Dubey 7 Sep 2018
Malware Malware analysis interview questions with detailed answers (Part 2) Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is OS concepts, Programming, Assembly language and Dynamic analysis. By Shubham Dubey 6 Aug 2018
Malware Malware analysis interview questions with detailed answers (Part 1) Here is a series of important questions with detailed answers for malware analysis interviews. These question can be helpful for both candidates and interviewers. By Shubham Dubey 3 Aug 2018
Malware Deep dive into Tofsee spambot(Win32:Tofsee-J) malware dropper-2 In this part we will do the static analysis of dropper of tofsee .Tofsee is a spambot categorie of malware used to send spam messages, click fraud to different smtp mail server. By Shubham Dubey 5 Jul 2018