The Microsoft Windows operating system users will be familiar with 2 things - C: drive and the installers asking locations to install the software. The C: drive is considered as the primary hard drive of the system containing operating system as well as other system files. Since Windows 95, “Program Files” folder in C: drive…Read more The less known C: permissions?
The analysis of malware plays a crucial role in resisting and preventing impact caused by the malware. A thoroughly detailed study can determine behavior, functionality and purpose of the given malware sample. Deduced knowledge from the analysis is helpful in predicting the possible threats posed by malware, fixing vulnerabilities in the tools and development of effective tools against malware.…Read more DeViL – Detect Virtual Machine in Linux
Runme2 is a reversing challenge worth of 50 points. It is a Windows binary and when I executed it in wine, it shows a message box " You succeeded to run the file. The flag is hash of the file". But when submitted the hash of this file as the flag, it was not accepting. …Read more SharifCTF 2018 – Runme Writeup
The goal of Obfuscation and Diversification is not to remove the software vulnerabilities but to make the code analysis challenging and costly. Obfuscation makes the code more complicated and harder to understand so the attacker needs to spend more time on it to understand the features and functionalities. But interestingly the diversification makes the instances…Read more Virtualization Obfuscation
Hello world program is the legacy way of starting the process of learning any programming languages. In this post, I will try to write how to write a Hello world program in both x86 and x64 ASM. There are three sections in an assembly program namely data, bss and text. The data section contains the…Read more Hello world program in x86 and x64 assembly!
A register is a data storage in the CPU that has fast access to the RAM. The CPU architecture defines the size of the registers, so if the CPU is 64 bit then the register size will be 64 bit. Based on the architecture, the number of registers in the CPU varies. In this blog,…Read more Let`s learn a bit about x86 registers and x64 registers!
InCTF 2017 was a good CTF with interesting and quality challenges. The Time is reversing challenge with 50 points. The challenge description was " All you want it time and all you have is time". Since Time is 32-bit ARM binary, I could not think of any way to run the binary first. So I…Read more InCTF 2017 – Time Writeup!
Conceptually the obfuscation can be categorized into surface obfuscation and deep obfuscation. The surface obfuscation focuses on the syntax of the program which makes the source code analysis harder. But it will not have any effect on reverse engineering as it is not making any changes in the semantic level of the program. So the surface…Read more Control Flow Flattening
Control flow obfuscation is one category of obfuscation techniques that alter the flow within the code to prevent the analysis. The opaque predicate is one of the common and popular techniques in obfuscation. The challenge in designing control altering obfuscation technique include the resistance against attacks as well as it should be computationally cheap. Opaque…Read more Opaque Predicates – A control flow obfuscation Technique.
Today, most malware authors use obfuscation as a de facto technique to hide their malicious logic. It serves several purposes - to make the binary unreadable for a reverse engineer, to evade detection by static analyzers such as anti-virus scanners, to deter de-compilation of binary using automated tools, to confuse automated program analyzers etc. Obfuscation…Read more Obfuscation – An Introduction