Want to submit an article relating to security or OS internals? Click "Create an Article" on the left menu.
To add code, change the text format from Basic HTML to Full HTML. Then click the "Insert code snippet" icon (located at the top far right of the menu).
Administrators can add articles directly by clicking the top menu Content->Add content->Article.
Huawei Harmony Vulnerabilities Found?
Huawei Harmony 2.0
Since Huawei's Huawei released Harmony 2.0, the topic of "Harmony" has been very high! According to data released by the analysis company Statista, Android and ios occupy 72 and 27 market shares in the field of mobile operating systems, and the total share of the two is 99. Fo... Read more
The difference between LiteOS-M and HUAWEI LiteOS
HarmonyOS是一款“面向未来”、面向全场景（移动办公、运动健康、社交通信、媒体娱乐等）的分布式操作系统。在传统的单设备系统能力的基础上，HarmonyOS提出了基于同一套系统能力、适配多种终端形态的分布式理念，能够支持多种终端设备。Huawei LiteOS是华为针对物联网领域推出的轻量级物联网操作系统，是华为物联网战略的重要组成部分，具备轻量级、低功耗、互联互通、组件丰富、快速开发等关键能力，基于物联网领域业务特征打造领域性技术栈，为开发者提供 “一站式” 完整软件平台，有效降低开发门槛、缩短开发周期，可广泛应用于可穿戴设备、智能家居、车联网、LPWA等领域。 Read more
FinSpy analysis – Round One
[Security][Windows]In 2012 a number of FinSpy samples were found and later analysed by CitizenLab (seehttps://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/). The details provided in the CitizenLab post are quite high-level; the aim of this article is to dig deep into FinS... Read more
FinSpy analysis – Round Two
[Security][Windows]Well, it’s been a long time coming but here’s round two of my analysis of the FinSpy sample discussed in my previous blog post. The sample’s hash is 2bbc8f46a6efc6c824e55dc3ec18e2cf4a6d594b3d4f6fa54b95a4521e0a503e and is an executable masquerading as an Adobe Flash Installer/Unins... Read more
Windows - Helloworld Driver
One question we often get asked is how to get started with kernel mode programming. This article is designed to help set you up for kernel mode programming on Windows. This requires that you are running Windows OS
Download the Windows Driver Kit 7.1 (WDK)here: https://www.microsoft... Read more
Windows - Finding the System Root Path
This article describes how to retrieves the System Root path anddemonstrates the use ofZwOpenSymbolicLinkObject, ZwQuerySymbolicLinkObject, IoGetDeviceObjectPointer, and RtlVolumeDeviceToDosName.The path is found by opening then querying the symbolic link "\SystemRoot". The drive letter is then foun... Read more
Android - Overview: Debugging Native Applications
One question we often get asked is how to get started with native programming and debugging. This article is designed to help set you up for native programming on Android.
The Android NDK contains the tools required to compile C. Among other things, it also contains GDB, which i... Read more
Windows - Blocking Process Creation
Windows Supplies drivers with multiple callbacks to get notified about events happening in the system. One of them, as well as the only one that allows blocking, is the process notify routine. It alert all the drivers that are registered to it about process creation and termination.
There are 3 p... Read more
Many people, myself included, have held the belief that Spectre exploits need to know, understand, and manipulate microarchitectural details that are specific to a given processor design. Published Spectre PoCs generally use techniques such as cache analysis, and flushing lines from the cache. Altho... Read more
Writing a Hex-Rays Plugin: VMX Intrinsics
I’ve been very excited to work with thenew Hex-Rays Decompiler microcode API, and I’ve finally had the chance to sit down and build a useful plugin. This post describes the development process: the things I tried that didn’t work and the weird hacks that ultimately did.
The plugin (C++ code) is a... Read more
Windows - Using the Debugger API
The Windows Debugger API allows interacting with a dump file or active debugger session and using the symbols for each module. This lets us automate complicated operations that might be a pain to repeatedly do in WinDBG. We can also use the debugger API to write debugger extensions, which got a lot ... Read more
WinDBG - the Fun Way: Part 1
A while ago, WinDbg added support for a newdebugger data model, a change that completely changed the way we can use WinDbg. No more horrible MASM commands and obscure syntax. No more copying addresses or parameters to a Notepad file so that you can use them in the next commands without scrolling up.... Read more
WinDBG - the Fun Way: Part 2
In the first part we got to know the basics of the new debugger data model — Using the new objects, having custom registers, searching and filtering output, declaring anonymous types and parsing lists and arrays. In this part we will learn how to use legacy commands withdx, get to know the amazing n... Read more
SimpleVisor - Don't believe the Hype(rvisors)
Have you always been curious on how to build a hypervisor? Has Intel's documentation (the many hundreds of pages) gotten you down? Have the samples you've found online just made things more confusing, or required weeks of reading through dozens of thousands of lines and code? If so, ... Read more
Why you should Dockerise your build environments
Docker and containers is all the buzz these days, but most of the talks about it is related to running online services. There is however another extremely useful mode where a Docker image is used as a "command line tool" to perform some task from a clean state and then end. A perfect use case for th... Read more