The less known C: permissions?

The Microsoft Windows operating system users will be familiar with 2 things - C: drive and the installers asking locations to install the software. The C: drive is considered as the primary hard drive of the system containing operating system as well as other system files. Since Windows 95, “Program Files” folder in C: drive…Read more The less known C: permissions?

DeViL – Detect Virtual Machine in Linux

The analysis of malware plays a crucial role in resisting and preventing impact caused by the malware. A thoroughly detailed study can determine behavior, functionality and purpose of the given malware sample. Deduced knowledge from the analysis is helpful in predicting the possible threats posed by malware, fixing vulnerabilities in the tools and development of effective tools against malware.…Read more DeViL – Detect Virtual Machine in Linux

Hello world program in x86 and x64 assembly!

Hello world program is the legacy way of starting the process of learning any programming languages. In this post, I will try to write how to write a Hello world program in both x86 and x64 ASM. There are three sections in an assembly program namely data, bss and text. The data section contains the…Read more Hello world program in x86 and x64 assembly!

Let`s learn a bit about x86 registers and x64 registers!

A register is a data storage in the CPU that has fast access to the RAM. The CPU architecture defines the size of the registers, so if the CPU is 64 bit then the register size will be  64 bit. Based on the architecture, the number of registers in the CPU varies. In this blog,…Read more Let`s learn a bit about x86 registers and x64 registers!

Control Flow Flattening

Conceptually the obfuscation can be categorized into surface obfuscation and deep obfuscation. The surface obfuscation focuses on the syntax of the program which makes the source code analysis harder. But it will not have any effect on reverse engineering as it is not making any changes in the semantic level of the program. So the surface…Read more Control Flow Flattening

Opaque Predicates – A control flow obfuscation Technique.

Control flow obfuscation is one category of obfuscation techniques that alter the flow within the code to prevent the analysis. The opaque predicate is one of the common and popular techniques in obfuscation. The challenge in designing control altering obfuscation technique include the resistance against attacks as well as it should be computationally cheap. Opaque…Read more Opaque Predicates – A control flow obfuscation Technique.

Obfuscation – An Introduction

Today, most malware authors use obfuscation as a de facto technique to hide their malicious logic. It serves several purposes - to make the binary unreadable for a reverse engineer, to evade detection by static analyzers such as anti-virus scanners, to deter de-compilation of binary using automated tools, to confuse automated program analyzers etc. Obfuscation…Read more Obfuscation – An Introduction