CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)

Mar 10, 20172 likes1,261 views

This document discusses 64-bit assembly programming. It covers 64-bit registers used in 64-bit assembly like RIP and RSP. It also discusses limitations of 64-bit addressing in different versions of Windows and how the operating system separates memory used by the OS and user programs. Common opcodes, syscalls, and using sections like .data and .text are described. Examples shown include simple programs, reading and writing data, and encoding text using Caesar cipher and XOR encryption.

CNIT 127: Exploit Development 
 
Lecture 7: 64-bit Assembler
Not in textbook
Rev. 3-9-17

64-bit Registers
• rip = Instruction pointer
• rsp = top of stack

CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)

Windows Limitations
• Windows doesn't implement full 64-bit
addressing
• Windows 2008 Server uses 44 bits
– Max. 16 TB RAM
• Windows 8.1, 2015 revision, uses 48 bits
– Max. 256 TB RAM
• Links Ch L7d, L7e

OS Limitations
• OS uses
top half
• User
programs
use lower
half

L7c: Introduction to x64 Assembly
Intel Developer Zone
• More details
about
registers

Using a .data section
• db = "Define Byte"

Using gdb
• .data and .text sections appear the same

Intel 64 and IA-32 Architectures
Software Developer's Manual

This document discusses a lecture on 64-bit assembler. It covers 64-bit registers like RIP and RSP, Windows limitations on addressing over 48 bits, how operating systems separate user and system areas, using syscall to replace INT 80 for system calls, common opcodes, and examples of simple 64-bit assembly programs using read, write, and caesar cipher encryption. It also provides resources for learning more about x64 assembly programming.

CNIT 127 14: Protection MechanismsSam Bowne

CNIT 127 Ch 4: Introduction to format string bugs (rev. 2-9-17)Sam Bowne

CNIT 127: Ch 8: Windows overflows (Part 1)Sam Bowne

CNIT 127: 3: ShellcodeSam Bowne

CNIT 127 Ch 2: Stack overflows on LinuxSam Bowne

CNIT 127: Ch 8: Windows overflows (Part 2)Sam Bowne

CNIT 127 Ch 3: ShellcodeSam Bowne

CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne

This document discusses Windows stack-based buffer overflow exploitation techniques and defenses. It covers the Thread Environment Block (TEB) and Process Environment Block (PEB), which store thread and process-level data. Stack-based overflows are explained, including overwriting return addresses and structured exception handlers (SEH). Methods to defeat Address Space Layout Randomization (ASLR) are provided. Windows Server 2003 introduced protections, while Windows Server 2008 added further defenses like SEHOP and SAFESEH.

127 Ch 2: Stack overflows on LinuxSam Bowne

This chapter discusses stack overflows in Linux. It explains buffers, the stack, functions and how the stack is used. It shows how a stack buffer overflow can be exploited by overwriting the return address on the stack to redirect program flow. The document demonstrates this by having a program read user input into a buffer without bounds checking, allowing input longer than the buffer to overwrite the return address and cause a crash. gdb is used to debug the program and examine the stack.

CNIT 127 Ch 1: Before you BeginSam Bowne

CNIT 127: Ch 4: Introduction to format string bugsSam Bowne

CNIT 127: Ch 2: Stack Overflows in LinuxSam Bowne

The document discusses stack buffer overflows in Linux. It explains how functions use the stack, with arguments and return addresses pushed onto the stack. A stack buffer overflow occurs when a program writes past the end of a fixed-length buffer on the stack. This can overwrite the return address, allowing arbitrary code execution. The document demonstrates this by having a program read user input into a buffer without bounds checking. Entering more data than the buffer size crashes the program by overwriting the return address. This vulnerability can be exploited to gain control of a program's execution flow.

CNIT 127: 4: Format string bugsSam Bowne

CNIT 127: Ch 18: Source Code AuditingSam Bowne

CNIT 126 5: IDA Pro Sam Bowne

CNIT 126 Ch 7: Analyzing Malicious Windows ProgramsSam Bowne

The Windows API allows programs to interact with operating system functions. It includes data types, handles, file system calls, and registry functions. Malware uses these APIs to load DLLs, create processes and threads, communicate over networks, and persist across reboots by modifying registry keys. The Native API provides lower-level access and is used by malware to evade detection by antivirus software and debuggers.

CNIT 127: Ch 3: ShellcodeSam Bowne

CNIT 126 5: IDA ProSam Bowne

IDA Pro is a disassembler that has both graph and text viewing modes. It uses colors to represent different types of jumps in graph mode and allows navigation between functions, cross-references, imports, and other views. The program can recognize functions and arguments, graph cross-references and call flows, and allows renaming locations, adding comments, and other customizations to enhance the disassembly. Plug-ins can also extend IDA's capabilities.

Practical Malware Analysis: Ch 5: IDA ProSam Bowne

IDA Pro is a disassembler that supports interactive disassembly and analysis of executable files. It has both graph and text modes and uses color-coded arrows to indicate jump instructions. It contains useful windows like Functions, Names, Strings, Imports/Exports, and Cross-References to aid analysis. Functions can be analyzed by examining parameters, calls, and cross references. The disassembly can be enhanced through renaming locations, adding comments, and using named constants. IDA supports plugins for extended functionality.

CNIT 127 Ch 3: ShellcodeSam Bowne

This document discusses shellcode and system calls. It provides an overview of protection rings, syscalls, assembler, and other topics related to writing shellcode. It then demonstrates how to write simple shellcode to call the exit syscall using nasm and ld. It discusses replacing instructions to remove null bytes. Finally, it introduces how to go beyond simple exit shellcode to spawn an interactive shell using the fork and execve system calls.

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

127 Ch 2: Stack overflows on LinuxSam Bowne

Practical Malware Analysis: Ch 4 A Crash Course in x86 Disassembly Sam Bowne

This document provides an overview of six levels of abstraction in computing from hardware to interpreted languages. It then focuses on machine code and disassembly, explaining that disassembly converts binary malware into human-readable assembly language. Basic x86 architecture concepts are introduced, including CPU components, memory layout, instructions, registers, and basic operations like arithmetic, branching, and function calls.

CNIT 127 Ch 6: The Wild World of WindowsSam Bowne

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

This document discusses format string vulnerabilities. It explains that format strings can be used to read arbitrary memory locations on the stack, allowing information disclosure. It also describes how uncontrolled format strings can be exploited to write to arbitrary memory addresses, enabling denial of service attacks or potentially remote code execution. The key steps of a format string exploit are outlined: controlling a write operation, finding a target memory location like the return address or GOT, writing shellcode to memory, and changing the target location to point to the shellcode.

CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne

CAMBIO CLIMATICO EN BOGOTA Nelly Marcela Martinez Velasquez

Este documento resume varias fuentes de información sobre el cambio climático y los esfuerzos de Bogotá para abordarlo. Resalta que el IDEAM proyecta un aumento de la temperatura promedio de Colombia de 1.4°C para 2040 y 3.2°C para 2100, con disminuciones de precipitación del 15-36% en algunas regiones. También describe que la Secretaría de Ambiente de Bogotá calculó que cada habitante emite actualmente 2.46 toneladas de CO2 al año, y que para 2050 la meta es reducir esto a 480

More Related Content

What's hot (20)

CNIT 127: Ch 8: Windows overflows (Part 2)Sam Bowne

CNIT 127 Ch 3: ShellcodeSam Bowne

CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne

127 Ch 2: Stack overflows on LinuxSam Bowne

CNIT 127 Ch 1: Before you BeginSam Bowne

CNIT 127: Ch 4: Introduction to format string bugsSam Bowne

CNIT 127: Ch 2: Stack Overflows in LinuxSam Bowne

CNIT 127: 4: Format string bugsSam Bowne

CNIT 127: Ch 18: Source Code AuditingSam Bowne

CNIT 126 5: IDA Pro Sam Bowne

CNIT 126 Ch 7: Analyzing Malicious Windows ProgramsSam Bowne

CNIT 127: Ch 3: ShellcodeSam Bowne

CNIT 126 5: IDA ProSam Bowne

Practical Malware Analysis: Ch 5: IDA ProSam Bowne

CNIT 127 Ch 3: ShellcodeSam Bowne

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

127 Ch 2: Stack overflows on LinuxSam Bowne

Practical Malware Analysis: Ch 4 A Crash Course in x86 Disassembly Sam Bowne

CNIT 127 Ch 6: The Wild World of WindowsSam Bowne

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

CNIT 127: Ch 8: Windows overflows (Part 2)Sam Bowne

CNIT 127 Ch 3: ShellcodeSam Bowne

CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne

127 Ch 2: Stack overflows on LinuxSam Bowne

CNIT 127 Ch 1: Before you BeginSam Bowne

CNIT 127: Ch 4: Introduction to format string bugsSam Bowne

CNIT 127: Ch 2: Stack Overflows in LinuxSam Bowne

CNIT 127: 4: Format string bugsSam Bowne

CNIT 127: Ch 18: Source Code AuditingSam Bowne

CNIT 126 5: IDA Pro Sam Bowne

CNIT 126 Ch 7: Analyzing Malicious Windows ProgramsSam Bowne

CNIT 127: Ch 3: ShellcodeSam Bowne

CNIT 126 5: IDA ProSam Bowne

Practical Malware Analysis: Ch 5: IDA ProSam Bowne

CNIT 127 Ch 3: ShellcodeSam Bowne

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

127 Ch 2: Stack overflows on LinuxSam Bowne

Practical Malware Analysis: Ch 4 A Crash Course in x86 Disassembly Sam Bowne

CNIT 127 Ch 6: The Wild World of WindowsSam Bowne

CNIT 127 Ch 4: Introduction to format string bugsSam Bowne

Viewers also liked (20)

CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne

CAMBIO CLIMATICO EN BOGOTA Nelly Marcela Martinez Velasquez

CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne

This document discusses various server-side technologies used in mobile applications such as SQL, SOAP, REST, JSON, and vulnerabilities associated with them. It covers attacks against XML-based web services like XML injection and entity expansion. Authentication methods like OAuth and issues around credential storage on mobile devices are explained. The document provides details of the different OAuth grant types and threats related to OAuth like lack of TLS enforcement, CSRF attacks, improper storage of sensitive data, and overly scoped access tokens.

CNIT 128 5: Mobile malwareSam Bowne

CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne

CNIT 127 Ch 5: Introduction to heap overflowsSam Bowne

Ch 2: TCP/IP Concepts ReviewSam Bowne

This document provides an overview of TCP/IP concepts and networking fundamentals. It describes the four layers of the TCP/IP protocol stack - application, transport, internet and network. It explains key TCP and UDP concepts like ports, flags, and segments. It also covers IP addressing fundamentals like classes, subnetting, and planning address assignments. Binary, hexadecimal and base64 numbering systems are defined.

Ch 6: EnumerationSam Bowne

Ch 12: CryptographySam Bowne

This document summarizes cryptography concepts including symmetric and asymmetric encryption algorithms, hashing algorithms, and attacks on cryptosystems. Symmetric algorithms like AES and Blowfish use a single key for encryption and decryption while asymmetric algorithms like RSA and ECC use public/private key pairs. Hashing algorithms like SHA-1 produce a digest to ensure message integrity. Cryptanalysis studies breaking encryption while brute force involves testing all possible keys.

Ch 13: Network Protection SystemsSam Bowne

Ch 10: Hacking Web ServersSam Bowne

Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne

The document discusses various anti-disassembly techniques used by malware authors to obscure disassembly and prevent automated analysis. These include using jump instructions to trick linear disassemblers into the wrong offset, abusing return pointers and structured exception handlers, and misleading analysis of stack frames. Flow-oriented disassembly is more robust but can still be confused by techniques like impossible disassembly combinations and obscuring true flow control. Manual cleanup in a tool like IDA Pro is often needed to recover the correct disassembly.

Informe presupuesto de producciónyohalisequera

Este documento discute la importancia de los presupuestos de producción para las empresas. Explica que los presupuestos de producción son fundamentales para la planificación de la fabricación y para que los ejecutivos puedan tomar decisiones informadas. También señala que los presupuestos de producción son la base para desarrollar otros presupuestos operativos como los de materiales, mano de obra y costos indirectos, y permiten determinar los consumos y analizar costos.

Estetica integralLeidy Velez

Ch 5: Port ScanningSam Bowne

Taller de MisionologiaDiócesis de Mayagüez

Justificación de los enlaces del proyecto de maltratoAngie Nathalia Gonzaléz Tibaquichá

El documento justifica los enlaces de un proyecto sobre el maltrato animal. Resume los objetivos del proyecto 4 Patas de mejorar la calidad de vida de los animales y su relación con las personas. Explica que el maltrato animal puede conducir a la violencia social y que la defensa de los animales se basa en principios de tolerancia y respeto por toda vida. Propone recoger opiniones sobre la importancia de los animales y educar a las personas para cambiar pensamientos erróneos sobre su tratamiento.

Maltrato animalDora Cobos

Este documento resume tres enlaces sobre el maltrato animal. El primer enlace describe formas de maltrato como la comercialización, falta de alimentación y cuidado, y dejarlos expuestos. El segundo enlace explica que la violencia causa sufrimiento en los animales y que también sienten dolor. El tercer enlace argumenta que el maltrato se debe a falta de comprensión del dolor de los animales y que existen leyes contra el maltrato vinculadas con factores económicos. La conclusión es que los enlaces exploran los orígenes

Proyecto informático yeniferyenifer lizeth gelvez aguilar

Un proyecto informático es un sistema de acciones coordinadas que involucra personas, hardware, software y comunicaciones para lograr uno o más objetivos relacionados con un sistema de información. Los proyectos informáticos generalmente comienzan cuando los usuarios solicitan requisitos y pueden clasificarse según las aplicaciones necesarias en sistemas de transacciones, sistemas de soporte para la toma de decisiones y sistemas expertos.

Investigación fuentes bibliograficasfernandamedina99

CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne

CAMBIO CLIMATICO EN BOGOTA Nelly Marcela Martinez Velasquez

CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne

CNIT 128 5: Mobile malwareSam Bowne

CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne

CNIT 127 Ch 5: Introduction to heap overflowsSam Bowne

Ch 2: TCP/IP Concepts ReviewSam Bowne

Ch 6: EnumerationSam Bowne

Ch 12: CryptographySam Bowne

Ch 13: Network Protection SystemsSam Bowne

Ch 10: Hacking Web ServersSam Bowne

Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne

Informe presupuesto de producciónyohalisequera

Estetica integralLeidy Velez

Ch 5: Port ScanningSam Bowne

Taller de MisionologiaDiócesis de Mayagüez

Justificación de los enlaces del proyecto de maltratoAngie Nathalia Gonzaléz Tibaquichá

Maltrato animalDora Cobos

Proyecto informático yeniferyenifer lizeth gelvez aguilar

Investigación fuentes bibliograficasfernandamedina99

Similar to CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book) (20)

L7 64-bit AssemblerSam Bowne

This document provides an overview of 64-bit assembler on Linux systems. It discusses 64-bit registers like RIP and RSP, limitations of 64-bit addressing on Windows, and how the OS uses the top half of available bits while user programs use the lower half. It also covers common opcodes, syscalls like write and read, using sections like .text and .data, and debugging with objdump and gdb. The document includes examples of simple assembly programs and how to make them work properly.

64 bits for developersRoman Okolovich

64bit_Linux-Myths_and_Facts_for AMD_Processors.pdfrangerdan275

Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...Anne Nicolas

I have always wanted to understand x86 instruction encoding in detail but never gotten around to it. Of course not, who has time nowadays?! So, in order to force me to do it, I decided to write an x86 instruction decoder. This talk attempts to show what I have learned in the process and how instruction encoding is done on x86. As a practical aspect, the decoder I’ve scratched together tries to verbosely show some of the crazy low-level hacks^Wtechniques we do in the Linux kernel like alternatives patching, jump labels, exception tables, etc – they have a lot to do with deep knowledge of x86 instructions and how code is generally laid out in the binary kernel image. Maybe this talk can help shed some light on the whole lowlevel fun that’s happening under the hood in the kernel and so many are missing out on. And maybe it’ll make it more interesting and palatable to people and they wont scare so fast anymore when we go deep into the bowels of the kernel and the machine. Borislav Petkov, SUSE

chapt_02.pptRanaqamar6

The document summarizes key aspects of x86 processor architecture. It describes the basic components of a microcomputer including the CPU, memory, and I/O devices. It then discusses the core components of the CPU like the ALU, registers, buses, and control unit. It explains the fetch-decode-execute instruction cycle and memory access cycles. It also covers advanced CPU features like cache memory, multitasking, addressing modes, and register types.

Lesson 1. What 64-bit systems arePVS-Studio

Linux Kernel Booting Process (1) - For NLKBshimosawa

Deep hooksYarden Shafir

The document discusses techniques for monitoring native 64-bit API calls in 32-bit WoW64 applications running on 64-bit Windows. It describes injecting a 64-bit DLL using various methods like Wow64log.dll injection, Heaven's Gate transitions, and APC injection. It also discusses overcoming challenges like CFG validation and implementing inline hooks without dependencies on 32-bit libraries. The techniques allow deep monitoring of WoW64 processes not possible with typical user-mode hooking.

What is-32-bit-and-64-bitIGZ Software house

80386_AKRay.pdf study computer programmedeepparmar73

Shellcoding, an IntroductionDaniele Bellavista

This document provides an introduction to shellcoding, which involves exploiting software vulnerabilities to insert and execute a custom payload. It discusses prerequisites like assembly language and memory structure. Key topics covered include the program stack, calling conventions, system calls, and writing shellcodes to reference data, print to stdout, and execute a program. The document concludes by outlining the steps to create a reverse shell shellcode that connects back to an attacker's server.

hashdays 2011: Ange Albertini - Such a weird processor - messing with x86 opc...Area41

Whether it's for malware analysis, vulnerability research or emulation, having a correct disassembly of a binary is the essential thing you need when you analyze code. Unfortunately, many people are not aware that there are a lot of opcodes that are rarely used in normal files, but valid for execution, but also several common opcodes have rarely seen behaviours, which could lead to wrong conclusions after an improper analysis. For this research, I decided to go back to the basics and study assembly from scratch, covering all opcodes, whether they're obsolete or brand new, common or undocumented. This helped me to find bugs in all the disassemblers I tried, including the most famous ones. This presentation introduces the funniest aspects of the x86 CPUs, that I discovered in the process, including unexpected or rarely known opcodes and undocumented behavior of common opcodes. The talk will also cover opcodes that are used in armored code (malware/commercial protectors) that are likely to break tools (disassemblers, analyzers, emulators, tracers,...), and introduce some useful tools and documents that were created in the process of the research. Bio: Ange Albertini is a reverse-engineering and assembly language enthusiast for around 20 years, and malware analyst for 6 years. He has a technical blog, where he shares experimental sources files, and some infographics that are useful in his daily work.

64 bit computingAnkita Nema

The document discusses 64-bit computing architectures. It explains that 64-bit processors contain 64-bit general purpose registers that can hold 64-bit data and instructions can operate on 64-bit operands. This doubles both the data stream size and register capacity compared to 32-bit processors. It increases the dynamic range of integers and memory addresses that can be represented. Applications that use large files, numbers, or memory can benefit from 64-bit architectures.

Mac osx 64_rop_chainsRahul Sasi

This document provides an overview of 64-bit (x64) architecture and programming on Mac OS X. It discusses x64 registers, instructions, debugging and reversing tools, system calls, and examples of return-oriented programming (ROP) shells on Mac OS X. Code examples demonstrate x64 calling conventions and passing arguments in registers. The document aims to introduce security researchers and hackers to key concepts for working with x64 binaries on Mac OS X.

8086 Microprocessor(Visit Munnuz Co Cc)muneer.k

The 8086 was Intel's first 16-bit CPU and used a 16-bit data bus and 20-bit address bus, allowing it to address 1MB of memory. It had 16-bit registers and used segmentation to access more than 64KB of memory through segment registers combined with 16-bit offsets. The 80386 was Intel's first 32-bit CPU and was backwards compatible with 8086 software while extending registers and addressing to 32 bits to support virtual memory.

Pentium (80586) Microprocessor By Er. Swapnil KawareProf. Swapnil V. Kaware

The 80386 microprocessor was introduced by Intel in 1985. It had a 32-bit data bus and 32-bit address bus, allowing it to access up to 4GB of memory. It improved on the 80286 by including a memory management unit and paging capabilities. The 80386 operated in real, protected, and virtual modes and could address memory using various addressing modes including scaled indexed addressing. It had enhanced 32-bit registers and introduced debugging features like breakpoints using debug registers. Paging divided memory into fixed-size pages allowing more efficient memory management for multitasking systems.

Advanced Microprocessors By Er. Swapnil KawareProf. Swapnil V. Kaware

The 80386 microprocessor was introduced by Intel in 1985. It had a 32-bit data bus and 32-bit address bus, allowing it to access up to 4GB of memory. It improved on the 80286 by including a memory management unit and paging capability, improving efficiency and reducing software overhead. The 80386 could operate in real, protected, and virtual modes and introduced concepts such as paging and virtual memory. It had enhanced addressing modes and data types compared to earlier processors.

Advanced Microprocessors By Er. Swapnil Kaware Prof. Swapnil V. Kaware

The document describes the Intel 80386 microprocessor, which was introduced in 1985. Some key points: - It has a 32-bit address bus and 32-bit data bus, allowing it to access up to 4GB of memory. This was an improvement over earlier Intel processors. - Other upgrades included higher clock speeds, a memory management unit, and support for virtual memory and paging. - The 80386 introduced protected mode, which allowed for multitasking and memory protection. It had three operating modes: real, protected, and virtual 8086. - It had various addressing modes, data types, and registers like general purpose registers, segment registers, and flag registers. Debug and test

Jumping into heaven’s gateYarden Shafir

The old days of 32bit applications are long bygone, nowadays most Operating Systems are running in a 64bit environment, requiring 64bit applications. So how can a 64bit Operating System run a 32bit legacy Application? The native 64bit environment cannot directly support the execution of a 32bit Application. 32bit Applications expect several surrounding pillars which help it perform necessary actions, and those no longer exist in a 64bit environment. However, in practice Windows contains many secrets, and one of those secrets is the WoW64 subsystem. The Wow64 Subsystem supplies a natural environment for the legacy 32bit Application and enables anyone to run them on newer 64bit Operating Systems without any trouble. How the subsystem actually does this remains a question to many. Any Application, whatever its type, begins its execution in 64bit mode. The Operating System then relentlessly moves forward to the 32bit world by loading the WoW64 Subsystem, in order to let the 32bit Application execute freely. In this talk we will dive into the WoW64 Subsystem and explain how a 32bit Application performs 64bit (native) system calls. We will also see how it is possible to exploit this mechanism in order to create smarter malware that evade Next-Generation and Previous-Generation AV products.

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUsPriyanka Aash

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

L7 64-bit AssemblerSam Bowne

64 bits for developersRoman Okolovich

64bit_Linux-Myths_and_Facts_for AMD_Processors.pdfrangerdan275

Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...Anne Nicolas

chapt_02.pptRanaqamar6

Lesson 1. What 64-bit systems arePVS-Studio

Linux Kernel Booting Process (1) - For NLKBshimosawa

Deep hooksYarden Shafir

What is-32-bit-and-64-bitIGZ Software house

80386_AKRay.pdf study computer programmedeepparmar73

Shellcoding, an IntroductionDaniele Bellavista

hashdays 2011: Ange Albertini - Such a weird processor - messing with x86 opc...Area41

64 bit computingAnkita Nema

Mac osx 64_rop_chainsRahul Sasi

8086 Microprocessor(Visit Munnuz Co Cc)muneer.k

Pentium (80586) Microprocessor By Er. Swapnil KawareProf. Swapnil V. Kaware

Advanced Microprocessors By Er. Swapnil KawareProf. Swapnil V. Kaware

Advanced Microprocessors By Er. Swapnil Kaware Prof. Swapnil V. Kaware

Jumping into heaven’s gateYarden Shafir

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUsPriyanka Aash

More from Sam Bowne (20)

Introduction to the Class & CISSP CertificationSam Bowne

CyberwarSam Bowne

The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.

3: DNS vulnerabilities Sam Bowne

- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions. - Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers. - Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.

8. Software Development SecuritySam Bowne

This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.

4 Mapping the ApplicationSam Bowne

3. Attacking iOS Applications (Part 2)Sam Bowne

This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.

12 Elliptic CurvesSam Bowne

This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.

11. Diffie-HellmanSam Bowne

2a Analyzing iOS Apps Part 1Sam Bowne

9 Writing Secure Android ApplicationsSam Bowne

This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.

12 Investigating Windows Systems (Part 2 of 3)Sam Bowne

The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.

10 RSASam Bowne

This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.

12 Investigating Windows Systems (Part 1 of 3Sam Bowne

This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.

9. Hard ProblemsSam Bowne

This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.

8 Android Implementation Issues (Part 1)Sam Bowne

This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.

11 Analysis MethodologySam Bowne

This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.

8. Authenticated EncryptionSam Bowne

This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes: 1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag. 2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication. 3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer. 4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.

7. Attacking Android Applications (Part 2)Sam Bowne

This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.

7. Attacking Android Applications (Part 1)Sam Bowne

This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.

5. Stream CiphersSam Bowne

The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.

Introduction to the Class & CISSP CertificationSam Bowne

CyberwarSam Bowne

3: DNS vulnerabilities Sam Bowne

8. Software Development SecuritySam Bowne

4 Mapping the ApplicationSam Bowne

3. Attacking iOS Applications (Part 2)Sam Bowne

12 Elliptic CurvesSam Bowne

11. Diffie-HellmanSam Bowne

2a Analyzing iOS Apps Part 1Sam Bowne

9 Writing Secure Android ApplicationsSam Bowne

12 Investigating Windows Systems (Part 2 of 3)Sam Bowne

10 RSASam Bowne

12 Investigating Windows Systems (Part 1 of 3Sam Bowne

9. Hard ProblemsSam Bowne

8 Android Implementation Issues (Part 1)Sam Bowne

11 Analysis MethodologySam Bowne

8. Authenticated EncryptionSam Bowne

7. Attacking Android Applications (Part 2)Sam Bowne

7. Attacking Android Applications (Part 1)Sam Bowne

5. Stream CiphersSam Bowne

Recently uploaded (20)

The Splitting of the Moon (Shaqq al-Qamar).pdfMirza Gazanfar Ali Baig

This article explores the miraculous event of the Splitting of the Moon (Shaqq al-Qamar) as recorded in Islamic scripture and tradition. Drawing from the Qur'an, authentic hadith collections, and classical tafsir, the article affirms the event as a literal miracle performed by Prophet Muhammad ﷺ in response to the Quraysh’s demand for a sign. It also investigates external historical accounts, particularly the legend of Cheraman Perumal, a South Indian king who allegedly witnessed the miracle and embraced Islam. The article critically examines the authenticity and impact of such regional traditions, while also discussing the lack of parallel astronomical records and how scholars have interpreted this event across centuries. Concluding with the theological significance of the miracle, the article offers a well-rounded view of one of Islam’s most discussed supernatural events.

YSPH VMOC Special Report - Measles Outbreak Southwest US 5-25-2025.pptxYale School of Public Health - The Virtual Medical Operations Center (VMOC)

CURRENT CASE COUNT: 880 • Texas: 729 (+5) (56% of cases are in Gaines County) • New Mexico: 78 (+4) (83% of cases are from Lea County) • Oklahoma: 17 • Kansas: 56 (38.89% of the cases are from Gray County) HOSPITALIZATIONS: 103 • Texas: 94 - This accounts for 13% of all cases in the State. • New Mexico: 7 – This accounts for 9.47% of all cases in New Mexico. • Kansas: 2 - This accounts for 3.7% of all cases in Kansas. DEATHS: 3 • Texas: 2 – This is 0.28% of all cases • New Mexico: 1 – This is 1.35% of all cases US NATIONAL CASE COUNT: 1,076 (confirmed and suspected) INTERNATIONAL SPREAD • Mexico: 1,753 (+198) 4 fatalities ‒ Chihuahua, Mexico: 1,657 (+167) cases, 3 fatalities, 9 hospitalizations • Canada: 2518 (+239) (Includes Ontario’s outbreak, which began November 2024) ‒ Ontario, Canada: 1,795 (+173) 129 (+10) hospitalizations ‒ Alberta, Canada: 560 (+55) Things to keep an eye on: Mexico: Three children have died this month (all linked to the Chihuahua outbreak): An 11-month-old and a 7-year-old with underlying conditions A 1-year-old in Sonora whose family is from Chihuahua Canada: Ontario now reports more cases than the entire U.S. Alberta’s case count continues to climb rapidly and is quickly closing in on 600 cases. Emerging transmission chains in Manitoba and Saskatchewan underscore the need for vigilant monitoring of under-immunized communities and potential cross-provincial spread. United States: North Dakota: Grand Forks County has confirmed its first cases (2), linked to international travel. The state total is 21 since May 2 (including 4 in Cass County and 2 in Williams County), with one hospitalization reported. OUTLOOK: With the spring–summer travel season peaking between Memorial Day and Labor Day, both domestic and international travel may fuel additional importations and spread. Although measles transmission is not strictly seasonal, crowded travel settings increase the risk for under-immunized individuals.

QUIZ-O-FORCE 3.0 FINAL SET BY SOURAV .pptxSourav Kr Podder

Regression Analysis-Machine Learning -Different TypesGlobal Academy of Technology

Unit Kali NetHunter is the official Kali Linux penetration testing platform f...ChatanBawankar

Unit 4 Reverse Engineering Tools Functionalities & Use-Cases.pdfChatanBawankar

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsiemaillard

Sri Guru Arjun Dev Ji .Balvir Singh

the dynastic history of the Gahadwals of Early Medieval PeriodPrachiSontakke5

Flower Identification Class-10 by Kushal Lamichhane.pdfkushallamichhame

Philosophical Basis of Curriculum DesigningAnkit Choudhary

The philosophical basis of curriculum refers to the foundational beliefs and values that shape the goals, content, structure, and methods of education. Major educational philosophies—idealism, realism, pragmatism, and existentialism—guide how knowledge is selected, organized, and delivered to learners. In the digital age, understanding these philosophies helps educators and content creators design curriculum materials that are purposeful, learner-centred, and adaptable for online environments. By aligning educational content with philosophical principles and presenting it through interactive and multimedia formats.

Multicultural approach in education - B.Edprathimagowda443

5503 Course Proposal Online Computer Middle School Course Wood M.pdfMelanie Wood

Low Vison introduction from Aligarh Muslim UniversityAligarh Muslim University, Aligarh, Uttar Pradesh, India

What are the Features & Functions of Odoo 18 SMS MarketingCeline George

QUIZ-O-FORCE PRELIMINARY ANSWER SLIDE.pptxSourav Kr Podder

"Dictyoptera: The Order of Cockroaches and Mantises" Or, more specifically: ...Arshad Shaikh

New-Beginnings-Cities-and-States.pdf/7th class social/4th chapterFor online c...Sandeep Swamy

New Beginnings: Cities and States This presentation explores the Second Urbanisation of India, examining the rise of janapadas and mah janapadas as crucial developments in India's early history. by sandeep swamy The Second Urbanisation Urban Revival The emergence of new cities after the decline of the Indus Valley Civilization. Historical Timeline Occurred approximately between 600-200 BCE in the Gangetic plains. New Settlements Formation of organized urban centers with political and economic significance. Janapadas: Early States Definition Territorial units with distinct cultural and political identities. Significance Formation Evolved from tribal settlements into more organized political entities. Marked the transition from nomadic to settled agricultural communities. Magadha: The Powerful Kingdom Strategic Location Situated in modern-day Bihar with natural defenses of hills and rivers. Access to iron ore deposits gave military advantage. Capital Cities R jagr#iha (Rajgir) served as the initial capital. Later shifted to P t#aliputra (modern Patna). Ruins of a major structure at R jagr#iha, the early capital of Magadha.

Unit 2 DNS Spoofing in a BadUSB Attack.pdfChatanBawankar

Education Funding Equity in North Carolina: Looking Beyond IncomeEducationNC

The Splitting of the Moon (Shaqq al-Qamar).pdfMirza Gazanfar Ali Baig

YSPH VMOC Special Report - Measles Outbreak Southwest US 5-25-2025.pptxYale School of Public Health - The Virtual Medical Operations Center (VMOC)

QUIZ-O-FORCE 3.0 FINAL SET BY SOURAV .pptxSourav Kr Podder

Regression Analysis-Machine Learning -Different TypesGlobal Academy of Technology

Unit Kali NetHunter is the official Kali Linux penetration testing platform f...ChatanBawankar

Unit 4 Reverse Engineering Tools Functionalities & Use-Cases.pdfChatanBawankar

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsiemaillard

Sri Guru Arjun Dev Ji .Balvir Singh

the dynastic history of the Gahadwals of Early Medieval PeriodPrachiSontakke5

Flower Identification Class-10 by Kushal Lamichhane.pdfkushallamichhame

Philosophical Basis of Curriculum DesigningAnkit Choudhary

Multicultural approach in education - B.Edprathimagowda443

5503 Course Proposal Online Computer Middle School Course Wood M.pdfMelanie Wood

Low Vison introduction from Aligarh Muslim UniversityAligarh Muslim University, Aligarh, Uttar Pradesh, India

What are the Features & Functions of Odoo 18 SMS MarketingCeline George

QUIZ-O-FORCE PRELIMINARY ANSWER SLIDE.pptxSourav Kr Podder

"Dictyoptera: The Order of Cockroaches and Mantises" Or, more specifically: ...Arshad Shaikh

New-Beginnings-Cities-and-States.pdf/7th class social/4th chapterFor online c...Sandeep Swamy

Unit 2 DNS Spoofing in a BadUSB Attack.pdfChatanBawankar

Education Funding Equity in North Carolina: Looking Beyond IncomeEducationNC

CNIT 127 Lecture 7: Intro to 64-Bit Assembler (not in book)

1. CNIT 127: Exploit Development    Lecture 7: 64-bit Assembler Not in textbook Rev. 3-9-17

2. 64-bit Registers • rip = Instruction pointer • rsp = top of stack

4. Windows Limitations • Windows doesn't implement full 64-bit addressing • Windows 2008 Server uses 44 bits – Max. 16 TB RAM • Windows 8.1, 2015 revision, uses 48 bits – Max. 256 TB RAM • Links Ch L7d, L7e

5. OS Limitations • OS uses top half • User programs use lower half

6. System Calls • syscall replaces INT 80

7. L7h: Searchable Linux Syscall Table

8. L7c: Introduction to x64 Assembly Intel Developer Zone • More details about registers

9. Common Opcodes

10. Syscall 1: Write

11. Simplest Program: ABC

12. Works, then Crashes (no exit)

13. Exit

14. Works Without Crashing

15. Letters in Order

16. Using a .data section • db = "Define Byte"