Pull to refresh


Low-level programming language in which there is a very strong correspondence between the program's statements and the architecture's machine code instructions

Show first
  • New
  • Top
Rating limit
  • All
  • ≥0
  • ≥10
  • ≥25
  • ≥50
  • ≥100

SLAE — SecurityTube Linux Assembly Exam

Information SecurityAssemblerC
SecurityTube Linux Assembly Exam (SLAE) — is a final part of course:
This course focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to Infosec and can be useful for security engineers, penetrations testers and everyone who wants to understand how to write simple shellcodes.
This blog post have been created for completing requirements of the Security Tube Linux Assembly Expert certification.
Exam consists of 7 tasks:
1. TCP Bind Shell
2. Reverse TCP Shell
3. Egghunter
4. Custom encoder
5. Analysis of 3 msfvenom generated shellcodes with GDB/ndisasm/libemu
6. Modifying 3 shellcodes from shell-storm
7. Creating custom encryptor
Read more →
Total votes 4: ↑2 and ↓20
Comments 0

Making a demo for an old phone — AONDEMO

Abnormal programmingAssemblerDemosceneOld hardware
I wanted to make a demo ever since I saw the classic Polish mega demo Lyra II for first time in 1997. I also wanted to do something for the largest Russian demo party Chaos Constructions for a long while, but have never gotten around that, being occupied with other duties. Finally, in 2018 the time has come, and I fulfilled both desires at once, Van Damm's double impact style — made a demo called AONDEMO that entered ZX Spectrum 640K Demo compo at Chaos Constructions.

I bet the red thing you've just seen does not look much a Spectrum to you. Here's the story.

Read more →
Total votes 13: ↑11 and ↓2+9
Comments 0

What happens behind the scenes C#: the basics of working with the stack

I propose to look at the internals that are behind the simple lines of initializing of the objects, calling methods, and passing parameters. And, of course, we will use this information in practice — we will subtract the stack of the calling method.


Before proceeding with the story, I strongly recommend you to read the first post about StructLayout, there is an example that will be used in this article.

All code behind the high-level one is presented for the debug mode, because it shows the conceptual basis. JIT optimization is a separate big topic that will not be covered here.

I would also like to warn that this article does not contain material that should be used in real projects.

First — theory

Any code eventually becomes a set of machine commands. Most understandable is their representation in the form of Assembly language instructions that directly correspond to one (or several) machine instructions.

Read more →
Total votes 11: ↑10 and ↓1+9
Comments 0

Writing a wasm loader for Ghidra. Part 1: Problem statement and setting up environment

Information SecurityAssemblerReverse engineering

This week, NSA (National Security Agency) all of a sudden made a gift to humanity, opening sources of their software reverse engineering framework. Community of the reverse engineers and security experts with great enthusiasm started to explore the new toy. According to the feedback, it’s really amazing tool, able to compete with existing solutions, such as IDA Pro, R2 and JEB. The tool is called Ghidra and professional resources are full of impressions from researchers. Actually, they had a good reason: not every day government organizations provide access to their internal tools. Myself as a professional reverse engineer and malware analyst couldn’t pass by as well. I decided to spend a weekend or two and get a first impression of the tool. I had played a bit with disassembly and decided to check extensibility of the tool. In this series of articles, I'll explain the development of Ghidra add-on, which loads custom format, used to solve CTF task. As it’s a large framework and I've chosen quite complicated task, I’ll break the article into several parts.

By the end of this part I hope to setup development environment and build minimal module, which will be able to recognize format of the WebAssembly file and will suggest the right disassembler to process it.
Read more →
Total votes 18: ↑17 and ↓1+16
Comments 1

PC Speaker To Eleven

Abnormal programmingAssemblerDemosceneOld hardwareSound
Known now as a «motherboard speaker», or just «beeper», PC Speaker has been introduced in 1981 along with the first personal IBM computer. Being a successor of the big serious computers for serious business, it has been designed to produce very basic system beeps, so it never really had a chance to shine bright as a music device in numerous entertainment programs of the emerging home market. Overshadowed by much more advanced sound chips of popular home game systems, quickly replaced with powerful sound cards, it mostly served as a fallback option, playing severely downgraded content of better sound hardware.

«System Beeps» is a music album in shape of an MS-DOS program that features original music composed for PC Speaker using the same basic old techniques like ones found in classic PC games. It follows the usual retro computing demoscene formula — take something rusty and obsolete, and push it to eleven — and attempts to reveal the long hidden potential of this humble little sound device. You can hear it in action and form an opinion on how successful this attempt was at Bandcamp, or in the video below. The following article is an in-depth overview of the original PC Speaker capabilities and making of the project, for those who would like to know more.

Read more →
Total votes 34: ↑32 and ↓2+30
Comments 3

System call interception in Linux-kernel module

Configuring LinuxAssemblerCDevelopment for Linux

The module was created as a part of my master thesis in the 2010 year. The master thesis theme is Keylogging in Linux kernel. The main idea was to find out a way to intercept system calls for x64 arch Linux kernel, especially for kernel

Читать дальше →
Total votes 14: ↑13 and ↓1+12
Comments 1

Authors' contribution