This article is a continuation of the previous effort of writing the “Disassembler-Mechanized” series, in which we are showing the process of developing special software which disassembles source code and injects arbitrary .exe into a process. The first two articles in this serious were about the design, configuration of […]
TLS (thread local storage) calls are subroutines that are executed before the entry point . There is a section in the PE header that describes the place of a TLS callback. Malwares employ TLS callbacks to evade debugger messages. When a particular malware employed with TLS callbacks is loaded […]
In the previous papers, we have showcased the essential configuration in terms of external DLL importing into the solution and NuGet package installation. As we have stated earlier, the process of making the custom disassembler incorporates several development cycle layers, and we have already covered user interface designing, getting […]
This article is the second part of a series that clarifies PCI expansion ROM address mapping to the system address map. The mapping was not sufficiently covered in my “Malicious PCI Expansion ROM”‘ article (http://resources.infosecinstitute.com/pci-expansion-rom/). You are assumed to have a working knowledge of PCI bus protocol and details […]
We have practiced much disassembling by using assembly de-compilation tools such as Reflector, ILSpy, etc. Although such tools offer many advantages and are in widespread use among crackers, security professionals, and reverse engineers, nowadays they are commercialized or rarely available even for testing. This research paper is specially designed […]
Advanced malware employs many hiding techniques in order to evade anti-virus measures and to deceive the victim. Trojans come in the form of bound executables in a legitimate application in which the malware in decompressed/decrypted and executed. In this article, we are going to discuss a technique that malware […]
In the previous IDA Pro article, we took a look at the basics of reverse engineering source code and binary files. This rare dissertation committed to impart cracking and byte patching in a binary executable using IDA Pro with the intention of subverting various security constraints as well as […]
This article illustrates these contents in detail:
The .NET Application
Obfuscated Code Analysis
MSIL Code Analysis
The purpose of this paper is to demystify the .NET assembly obfuscation as a way to deter reverse engineering. The primary concern for organizations is typically protecting their source code (as intellectual property) from reverse […]
PDF files have become very common in everyday work. It’s hard to imagine business proposals without PDFs. The PDF format is used in almost all companies to share business deals, company brochures, and even invitations.
Previous years were not good for PDF users, as several vulnerabilities were published, such as […]
Technically speaking a .NET built software or component (DLL) resembles an executable assembly. That’s because it’s compiled in MSIL, and you can usually view the source in Reflector and many other tools such Ispy. But when it comes to commercial software, more and more complicated protection mechanisms are being […]
In recent years, several researchers have studied Linux kernel security. The most common kernel privilege vulnerabilities can be divided into several categories: NULL pointer dereference, kernel space stack overflow, kernel slab overflow, race conditions, etc.
Some of them are pretty easy to exploit and there is no need to […]
The article will explore various strategies for reversing firmware, with some examples. Finally, some best practices are mentioned.
Embedded Systems and Firmware
Embedded systems are everywhere, in mobiles, cameras, TVs, smart cards, and other automated devices. They have become an integral part of our lives and have made it comfortable and […]
This paper intended to teach sophisticated reverse engineering tactics, mainly by using Red Gate Reflector. This article demystifies dissembling and cracking of .NET binaries, step by step, in order to reveal protected targets with confidential information. That includes finding entry points, license keys, passwords, and serial keys. We have […]
This article covers the means of cross-process and cross-machine interaction of applications developed with .NET framework. This snippet provides you with an in-depth understanding of the remoting capabilities that are built into .NET framework. It’ll present some scenarios in which .NET remoting can be employed, and includes a […]
The objective of writing this paper is to explain how to crack an executable without peeping at its source code by using the OllyDbg tool. Although, there are many tools that can achieve the same objective, the beauty behind OllyDbg is that it is simple to operate and freely […]
Session ID is used to identify the user of web application. It can be sent with the GET method. An attacker can send a link to the user with predefined session ID. When the user logs in, the attacker can impersonate him, because the user uses the […]
As an application grows ever more complex, it is necessary to build a more efficient and faster .NET application that requires a special treatment of .NET assemblies in a global assembly cache in order to attain faster execution. This article showcases how to write and execute high-performance .NET-managed code […]
In .NET, unsafe code really means potentially unsafe code, which is code or memory that exists outside the normal boundary. This article digs into the details of legacy C programming pointer implementation in the .NET framework. However, we will seldom need to use pointer types. Unsafe code can access […]
This article shows how to perform tasks involving reading and writing files from various partitions by using the C#.net programming API. In particular, it covers exploring the directory structure, finding out what files and folders are present, and performing other file-related operations, such as moving, copying, and deleting objects […]
Before we go any further, I would like to focus on how a developer thinks and likes to manage a web application development process.
During the development phase of any application, every developer faces bugs and errors during the run of the application. But those long error messages with lots […]