The author of PuTTY has written an excellent primer on native code fundamentals for those coming from higher level languages (Perl, Python, Java, etc).
This article attempts to give a sort of ‘orientation tour’ for people whose previous programming background is in high (ish) level languages such as Java or Python, and who now find that they need or want to learn C.
My favorite part is this, under the section 10. So why is C like this, anyway?:
To a large extent, the answer is: C is that way because reality is that way. C is a low-level language, which means that the way things are done in C is very similar to the way they’re done by the computer itself.
If you were writing machine code, you’d find that most of the discussion above was just as true as it is in C: strings really are very difficult to handle efficiently (and high-level languages only hide that difficulty, they don’t remove it), pointer dereferences are always prone to that kind of problem if you don’t either code defensively or avoid making any mistakes, and so on.
This is awesome.
injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. The tool can detect most malware that uses process injection. As of this writing it can dump processes related to Zeus/Citadel, Cridex, Ramnit, Poison Ivy and a number of other families of malware.
GNS3 (Graphical Network Simulator) is an awesome, awesome open-source project:
What is GNS3 ?
GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform. All of this without having dedicated network hardware such as routers and switches.
Our software provides an intuitive graphical user interface to design and configure virtual networks, it runs on traditional PC hardware and may be used on multiple operating systems, including Windows, Linux, and MacOS X.
In order to provide complete and accurate simulations, GNS3 actually uses the following emulators to run the very same operating systems as in real networks:
- Dynamips, the well known Cisco IOS emulator.
- VirtualBox, runs desktop and server operating systems as well as Juniper JunOS.
- Qemu, a generic open source machine emulator, it runs Cisco ASA, PIX and IPS.
Here’s a very well written post by Matt Galloway…this one is about ARM assembly.
When you write Objective-C code, it eventually turns into machine code – the raw 1s and 0s that the ARM CPU understands. In between Objective-C code and machine code, though, is the still human-readable assembly language.
Understanding assembly gives you insight into your code for debugging and optimizing, helps you decipher the Objective-C runtime, and also satisfies that inner nerd curiosity.
In this iOS assembly tutorial, you’ll learn:
- What assembly is – and why you should care about it.
- How to read assembly – in particular, the assembly generated for Objective-C methods.
- How to use the assembly view while debugging – useful to see what is going on and why a bug or crash has occurred.
A well written article/tutorial on performing iOS application and security analysis by Ray Wenderlich.
In this two-part tutorial, you will be taking on the role of a penetration tester, evaluating your iOS app security to identify vulnerabilities. The goal of this tutorial’s unique teaching perspective is not to turn you into a hacker – it is rather to make you more security-conscious by showing common methods attackers use to circumvent your application’s logic and retrieve important user data.
Kahu Security has released a new tool called Pinpoint (v0.1.0) that will certainly help analysts when reviewing web based malware.
There is an excellent overview and writeup on their website.