Tuesday, August 29, 2023

Life of a Windows Process

In a previous post, I covered a bit about how Windows Processes are initialized. But how does process creation work in Windows? Let's explore a bit further into Windows processes.

Thursday, August 24, 2023

Subshells in Linux (and Windows)

Or rather, subshells in Bash and Powershell. A subshell functions as a sort of isolated environment for executing commands, creating a subprocess or child process within the parent shell.

Wednesday, August 23, 2023

Portable Executable Format and Structured Exception Handling

The Portable Executable (PE) file format is the native file format for executable and binary files in the Microsoft Windows ecosystem.

Tuesday, August 22, 2023

Processes and Call Stacks

In Windows, our process information looks something like this.

Monday, August 21, 2023

XNU, a hybrid kernel

XNU was originally based on the Mach microkernel. But nowadays macOS blurs the lines. Though some parts of macOS follow the microkernel spirit, other parts are monolithic. It's more complex than a "pure" microkernel. Perhaps a microkernel has less abstractions. But XNU is a hybrid kernel that nonetheless still employs the priciple of least privilege well - striking a balance between the two realms.

Saturday, August 19, 2023

"DotRunpeX - demystifying new virtualized .NET injector used in the wild"

Not sure how I missed this article back in March. This analysis by Check Point Research confirms details and provides greater clarity into some malware samples I saw back in January.

Friday, August 18, 2023

Primitive Roots

Let n be a positive integer. A primitive root mod n is an integer g such that every integer relatively prime to n is congruent to a power of g mod n. And in dealing with modular arithmetic, cyclic groups, and primitive roots, some clear patterns emerge.

Thursday, August 17, 2023

Domainless .. For Now

When I first made accounts on the internet, I bought the domain hexagr.am, thinking I was very clever, and registered a six character handle, "hexagr," across various platforms. But .. some time passed, and someone snagged the domain up a few years ago only a day after it expired, just before I could re-register it.

Wednesday, August 16, 2023

Windows Process Initialization

Most code on Windows runs in user-space. This means that, when we first run a program, it needs to perform some rituals to successfully callback into the kernel.

Tuesday, August 15, 2023

Windows

There's a ton of stuff one could say about Windows (and operating systems in general). I'm not sure all if it could all be succinctly described in a single human lifetime. This is just a scratch note about Windows system programming.

Sunday, August 13, 2023

API Endpoints

While scrolling twitter recently I saw Intigriti linked to some JavaScript bookmarklet for discovering API endpoints. When doing reconnaissance, sometimes tools like ffuf aren't fine-grained enough for enumerating API endpoints.

Friday, August 11, 2023

Interprocess Communication

In C

Let's review inter-process communication. IPC is, of course, how software sometimes passes information to other components, as well as to divy out access to restricted resources. This can be quite convoluted and complex in some cases. But here we'll review how this works in C.