MASM is maintained by Microsoft and is an x86 assembler that consumes Windows and Intel syntax to produce a COFF executable. It is compatible for both 16 bit and 32 bit sources. Fortunately, Microsoft’s Visual Studio IDE endorses MASM programming tasks just by making a couple of project property […]
Malware is software used to disrupt gather sensitive information, or gain access to private systems. Any program or piece of software that affects the working of a device can be called malware.
Nowadays, Mobile phones have become the victim of malware attacks. Among the mobile phone malware attacks, the Android […]
While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the app, checking if the application stores any important data in plist files, analyzing the content in the database files etc. […]
Download the code associated with this article by filling out the the form below.
Once we’ve already gained access to the system, we can use various post-mortem attack vectors to exploit the system further. There might be various reasons for doing that, but attackers mostly use them for hiding the […]
In this paper, I’ll describe how to start reverse code engineering in Android devices. In this tutorial, you’ll learn:
Installation & configuration of Android Virtual Device.
How to build your debugging environment.
Short ARM assembly description.
Debugging with GDB inside your Android device.
Remote Debugging using gdbserver.
Remote debugging using IDA.
1. Installation & configuration of […]
If you’re used WinDbg before, you might already know that you can debug the whole Windows operating system with it. To do that, you must have two Windows operating systems, where the first one is the one we’ll be debugging and the second is where we’ll be debugging from. […]
In this tutorial we’ll take a look at how we can install and configure the Samba server on a host operating system to create a shared folder, which the guest Qemu virtual machines can use.
The first thing we have to do is install Samba, which we can do with […]
RevEngX is a freely available extension for the Debugging Tools for Windows. It offers several new commands to simplify the work of reverse engineering, code injection, hooking and other types of instrumentation that are useful when analyzing 3rd party software, malware, or developing commercial Windows applications that utilize code […]
We have already got the taste of reverse engineering with Reflector in the previous paper. It was basically a kick-start about this dissembling tool in terms of presenting its features and advantages. We have been performing the entire reverse engineering tactics over our custom made software called Champu. This […]
This editorial is committed to subverting the essential security restriction mechanisms of a native binary executable by employing the IDA Pro Dissembler. This paper is basically elaborating a very complex mechanism of reverse engineering among the previously demonstrated papers, yet because it is a very exhaustive and long process, […]
Implanting malicious code in the form of spyware to an existing running process is one of the more sophisticated tasks. Before the advent of disassembler or patching tools, the malevolent code is usually invoked from the hard-core programming code, which is a very exhaustive process in itself, because we […]
Buffer overflows have been the most common form of security vulnerability in the last 10 years. Buffer overflow attacks make up a substantial portion of all security attacks simply because buffer overflow vulnerabilities are so common and so easy to exploit. Most of the exploits based on buffer overflows […]
This article is especially designed to show how to crack a Java executable by disassembling the corresponding bytes code. Disassembling of Java bytecode is the act of transforming Java bytecode to Java source code. Disassembling is an inherent issue in the software industry, causing revenue loss due to software […]
We have already presented a couple of papers on modifying binaries through IDA Pro and OllyDbg disassembler, where we added functionality to an executable by modifying the code directly, using code caves. However, there is a suitable alternative to this approach, in that added functionality code that can be […]
Every organization is keener in investing in security because they don’t want to lose their entire assets by negligence. Most organizations have information security officers who implement policies, model threats, investigate security breaches, etc. The role of a malware analyst is closely aligned to what engineers in security incident […]
This article is a continuation of the previous effort of writing the “Disassembler-Mechanized” series, in which we are showing the process of developing special software which disassembles source code and injects arbitrary .exe into a process. The first two articles in this serious were about the design, configuration of […]
TLS (thread local storage) calls are subroutines that are executed before the entry point . There is a section in the PE header that describes the place of a TLS callback. Malwares employ TLS callbacks to evade debugger messages. When a particular malware employed with TLS callbacks is loaded […]
In the previous papers, we have showcased the essential configuration in terms of external DLL importing into the solution and NuGet package installation. As we have stated earlier, the process of making the custom disassembler incorporates several development cycle layers, and we have already covered user interface designing, getting […]
This article is the second part of a series that clarifies PCI expansion ROM address mapping to the system address map. The mapping was not sufficiently covered in my “Malicious PCI Expansion ROM”‘ article (http://resources.infosecinstitute.com/pci-expansion-rom/). You are assumed to have a working knowledge of PCI bus protocol and details […]
We have practiced much disassembling by using assembly de-compilation tools such as Reflector, ILSpy, etc. Although such tools offer many advantages and are in widespread use among crackers, security professionals, and reverse engineers, nowadays they are commercialized or rarely available even for testing. This research paper is specially designed […]