Showing posts from June, 2017

Reverse Engineering Guide on x86 Assembly: Part 1 Intro To Registers

Learning x86 assembly is critical when you’re analysing malware, deconstructing executable files and developing your own exploits. However, before you’re able to embark on this journey, it’s crucial you’re familiar with C and compilation. What are registers?   A register is a storage space in the CPU that’s faster to access then RAM. All x86 CPUs have 8 general-purpose registers in total. They are generally 32-bits wide, however 16-bit versions are also accessible. Some registers have reserved purposes for the CPU and others don’t and are referred to as ‘general purpose’ registers. Introduction to the 8 Registers Here are the 8 registers with their register names (the acronym) and their meaning: E A X (extended accumulator register used for major calculations) E B X (extended base register used for storing data) E C X (extended counter register used as the universal loop counter) E D X (extended data register used for storing data related to the accu

A Guide to Cracking Steganography: Least Significant Bits and Basic Tools

When it comes to cracking steganography – like other capture-the-flag challenges, there's a particular methodology you can follow. While there are a myriad of online decryption and encryption tools, the goal of this guide is to show you how to analyse files and learn how steganography works. In this guide, we're going to examine file compressions and least significant bits – the tools and the methodology you can follow. 1. File and Strings  First and foremost, when you get an image, the first step is to boot up your terminal and run 'file' in the command-line to examine the file. Given it's a png or a jpg image – take particular note of the size of the image and the colour depth of image – is it 8-bit or 16-bit? $ file photo.png For a passive overview of possible messages stored within the image, run the 'strings' command and see if there are any hidden text of interest. Sometimes, useful sentences can be configured within the file – I once