Saturday, 17 October 2015

In Depth Windows: What is PE File Format?


Introduction

Windows operating system is used by most of the Computer users out there but little do they know about how it works. Recently, I started to research deeper and deeper into Window's Internals for thorough Malware Analysis. One thing that holds utmost importance when It comes to digging deeper into Windows is the Portable Executable File Format, commonly known as the PE file format derived from Common Object File Format aka COFF.

PE is the native file format of Windows operating system, binaries (EXE, DLL, SYS, SCR) or even object files (BPL, DPL, CPL) use this format. Even NT's kernel mode drivers use PE file format. The reason why it is called "Portable Executable" refers to the fact that this file format is universal across all Win32 platforms. The loader on every Win32 platform recognizes this file format and loads the executable in memory despite the architecture of CPU being Intel or ARM or any other for that matter.

The knowledge of PE file format is useful to people who are trying to become Software Reverse Engineers, Better Programmers, and the know all kind. This knowledge is definitely necessary for people who are trying to write malicious softwares(those evil people).

Saturday, 22 August 2015

x86 Linux ShellCode Writing 101: What is ShellCoding?


What is this thing called Shellcode you might ask?

Well, It is defined as a set of carefully crafted instructions which are injected and then executed by a vulnerable application. It directly manipulates the registers using the vulnerability and that is why it is generally written in assembler and translated into opcodes. ShellCode written in a high level language like C/C++/Java will not work after injecting because of some nuances.





Friday, 21 August 2015

War Games To Learn Security Concepts


It could be that you are an "Elite Hacker" who thinks he has learned enough and is able to compromise any system at hand, But may be you can't, or may be you are just a guy who is looking around to grasp some security concepts to start getting in to this field. No matter who is reading this, If you are reading this then you do want to know what lies ahead.

Thursday, 30 July 2015

SecurityBlogger.Ninja Extended for 2 more Years!



Hello Everyone, It sure has been a long time.

My last post on this blog was on Tuesday, 10 February 2015. As you can see, It has been long since the last one but I still went ahead and extended this domain

Tuesday, 10 February 2015

Virtual Address Space Layout Randomization in Linux Kernel aka ASLR


ASLR(Address Space Layout Randomization) is a security feature that has been built into almost all the major operating systems. In Linux, It was built in around the year 2005. ASLR is what you might call an additional layer of security for the kernel. It has been implemented in kernels >= 2.6 and all kernels now support it.

What does ASLR actually do?