0x0: Introduction

Hello there, hope you are doing good, I just started with RISC or Reduced Instruction Set Architecture last week which is quite different from the existing CISC or the Intel architecture we mostly deal with, so this small blog will be an overview of AVR 8 microcontroller, about its registers, the instruction set nomenclature, and a few more stuffs which might be new to know for people who never crossed path with this microcontroller & a speed run fundamental revision for people who have already been working on projects using the 8- bit microcontroller.

0x1: As always, with…


0x0: Introduction

The last blog which was dedicated to YARA rules and missing out of the Sigma Rules, lies one of the main reason of writing this small blog about Sigma Rules, similar to the earlier blog this one too will focus on the very basic steps on what exactly are sigma rules, why are they used and how can we test them against targets.

0x1: Getting started


0x0: A boring introduction

In our last articles, we discussed tools regarding static binary analysis like the IDA and dynamic binary analysis like the WinDbg, but we did miss a handy tool for binary analysis known as Ghidra, so this blog will be based on exploring Ghidra, it’s utilities and will end with reversing a small ELF crackme for the clarity of the concepts.


0x00: Why blog on this topic?

Recently, I have been reading the book Linux Kernel Development by Robert Love, well am definitely not promoting it but quite a good book to lurk around, previously I had no experience on deep dive onto Linux Kernel, but hopefully I find some insights on this, Anyways this blog will be on how actually threads are implemented in Linux.

0x01: The need of knowing a bit about Process:

We came across the term Job in context about Linux terminology, a job is managed by the shell, basically a job consists of processes, well the term processes is more of just the execution of the program, the process has it’s…


0x00: Why blog on this topic?

On, the previous blog on a brief introduction on a ELF file, I took some time to describe few necessary topics such as the headers, Segment, Section but a few more info on how the files are loaded into memory, or how are they linked? …


A boring story :

As a guy who likes to understand threat hunting and how defenders deal with adversaries and their malicious intent, I along with my fellow teammates came up with an idea of a small library which has some info on nation-state backed up adversaries, although we are not a bunch of professional threat hunting trade craft masters but, finally we came with something a quite interesting known as HAWK Base, our goal is to learn more about how threats operate on victim machines, therefore I came up with the conclusion that understanding how malicious events and process creation are detected and…


Introduction

After a brief introduction to PE file format, this blog will be dedicated towards understanding ELF format, as understanding file formats is quite helpful while learning malware analysis & reverse engineering.

Glimpse of ELF file & it’s format

A random ELF file opened using 010 hex editor

As per Wikipedia & other blogs ELF or Executable and Linkable Format is a common standard file format for executables in Linux Systems, compared to other executables formats ELF is way flexible, and it is not bound to any particular processor or instruction set architecture, ELF format has replaced older formats such as COFF(Common Object File Format) in *NIX like operating systems. …


Introduction

As a nerd being enthusiastic about Reverse Engineering & malware stuffs understanding various file formats is quite a important info because it will clear up some concepts about different sections of the file/executable , which can be helpful during reverse engineering or debugging the executable or further analysis of the binary. In this blog the context will mostly befocused on Portable Executable(PE) file format which are commonly used & discussing them might be useful.

Glimpse of PE File & it’s format

As per the MSDN documentation, This specification describes the structure of executable (image) files and object files under the Windows family of operating systems. These files…


A quick and handy approach is we all want , one of the utmost goal as a defender is to analyze a malicious file or any artifact inside the network & immediately develop host-based signatures & adopt defensive and detection mechanisms to detect further malicious artifacts .

In-depth understanding of malware analysis will be covered in the upcoming blogs along with analysis of unique malicious samples will be updated pretty soon . …


Well , if you have worked or if you are in touch with information security domain for a decent tenure it’s obvious you definitely have crossed path along with the term CVE(Common Vulnerability and Exposures) , also if you have been a part of the offensive side of the security , you will be more prone to the term . Simplifying the dilemma about the framework which assigns CVEs aka MITRE , debunking terms like TTPs would be our main goal alongside understanding of MITRE ATT&CK framework which will be the main goal for the overall blog .

0 : A general overview of the threat landscape

Before getting…

Ax1al

A community for the nerds by the nerds .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store