Vivek Ramachandran

Assembly Language for Hackers Videos

Part 1: System Organization

Video description:

Assembly language is probably the most important thing one needs to master if he desires to enter the world of code exploitation, virus writing and reverse engineering. In this multi-part video series Vivek will try to provide a simple primer to Assembly language which will help you get started. These videos are in no way meant to be exhaustive but rather will only act as a guide on how to begin.

In this first part, he explains the basics of computer organization, CPU registers - general purpose, segment and instruction pointer. Also covered is virtual memory organization, program memory organization, program stack and stack operations.

Part 2: Virtual Memory Organization

Video description:

In this video we take an in-depth look at virtual memory organization concepts. The entire discussion is explained by taking a live example using code. We look at how one can use the /proc/PID/maps to peek into the layout of a program's virtual memory and interpret useful things. Also, we show how the Address Space Layout Randomization (ASLR) works in the latest 2.6 kernels and why this is significant from a security point of view. We also show how this can be disabled at runtime if the need be. This video is very important from an code exploitation perspective as it teaches us how to check for the presence of ASLR on a given system.

Part 3: GDB Usage Primer

Video description:

GDB (GNU Debugger) is probably one of the most important tools one needs to be familiar with in order to be a good assembly language programmer. In this video we go through a quick primer on how to use GDB to disassemble code, set breakpoints, trace through code, examine CPU registers and memory locations, examine the program stack and many other important use cases which will help us in later videos when we actually start coding in Assembly and want to debug our code. We use C code example as the program in this video.

Part 4: Assembly Hello World

Video description:

In this video we will look at the structure of assembly language programs - .data, .bss, .text segments, how to pass arguments to linux system calls in assembly, using GAS and LD to assemble and link code and finally in the end we go through a step by step approach to create our first "Hello World" program.

Part 5: Data Types in Assembly:

Video description:

In this video we will go through an in-depth primer on data types which are used in assembly. We do a live demo on how to look at data in memory using GDB for .ascii, .int, .short, .float (.data) and .comm, .lcomm (.bss) types.

Part 6: Moving Data Around in a Program:

Video description:

In this video we look at how to transfer data between registers and memory locations using the MOV series of instructions. We discuss data transfer between registers, immediate values and registers, memory locations and registers, immediate values and memory locations, indexed memory addressing schemes, indirect addressing using registers and many other important concepts. It is important to note that all the above are explained in detail using example code in the video.

Part 7: Working with Strings:

Video description:

In this video we will look at how to work with strings in Assembly. We will demonstrate how we can move strings from one memory location to the other using the MOVS instruction set, discuss the concept of the Direction Flag (DF) and how to set and clear it using STD and CLD, how to execute multiple string copy instructions using the REP instruction, how to load strings from memory into the EAX register using the LODS instruction set, how to store strings from the EAX register back into memory using the STOS instruction set and finally we shall look at how to compare strings using the CMPS instruction set.

Part 8: Unconditional Branching techniques

Video description:

In this video we will look at how to alter the program execution flow using unconditional branching. We will look at how to use the JMP instruction to make an unconditional branching to a new location in the code segment and how to use the CALL statement in conjunction with RET to save the program execution state. We will demonstrate all the concepts using very simple code snippets to aid understanding.

Part 9: Conditional Branching using the JMP family

Video description:

In this video we will look at Conditional Branching in Assembly Language using the JXX family of instructions and the LOOP instruction. The conditional jump instructions such as JA, JAE, JZ, JNZ etc. use various flags in the EFLAGS register such as the Zero Flag (ZF), the Parity Flag (PF), Overflow Flag (OF), Sign Flag (SF) etc. to determine which instruction path to take next. In this video we will look at the JZ condition jump instruction in great detail. JZ using the Zero Flag (ZF) to determine if the last instruction resulted in the Zero operation or not and then chooses to jump to a specified location if it was set. We will also look at the LOOP instruction which used the ECX register to loop over a set of instructions over and over again.



Part 10: Functions in Assembly

Video description:

In this video we will look at how to write functions in Assembly Language. The most important step in writing functions in assembly is to understand how to pass arguments to them and then read their return values. We will look at 2 techniques - using registers and using global memory locations to understand how this can be done. In this demo we will use our familiar "Hello World" program to demonstrate how to code a simple function using the "write()" syscall. We will use a program to demonstrate argument passing using the CPU registers and another program demo argument passing using global memory location in the .BSS segment.

Part 11: Understanding the Stack







Video description:

In this video, we will look at how to use the Stack to pass arguments to functions. In course of this video we will look into exactly how the Stack works, how to store arguments on the stack, how the "call" instruction stores the return address on the stack, the logic behind storing the EBP register on the stack, how and why EBP is used to reference function arguments and local variables in a function and how to adjust the ESP to accommodate all this. This video is very important as a lot of learning from this will be used in the Buffer overflow video series Vivek plans to make next.

Socket Programming Videos

Part 1: Basics and Socket APIs

Video description:

Socket Programming is one of the most important topics in network programming. It is probably the building block of all network enabled programs. In this 3 part presentation, we will look at socket programming in an in-depth way - both from a theoretical and a programming perspective. In this video we will look at Client Server communication and architectures and see which APIs in the socket library are used to make the communication happen.

Part 2: Difference Between TCP and UDP



Video description:

In this Part 2 of the Socket Programming presentation, we will look at the differences between a UDP server-client architecture and a TCP one. Also we will dive deep into the data structures used for socket programming such a sockaddr_in. Then finally we will set forth demystifying the byte ordering logic in network packets. Byte ordering is probably one of the most confusing things for a beginner and hopefully this video should be able to help you understand it.

Part 3: Utility Functions

Video description:

In this final video of the Socket Programming basics presentation we will look into utility functions for byte order conversion such as ntohs() and htons(). Once the Byte ordering dilemma has been cleared, we will dive into the socket library calls such as socket(), bind(), connect(), send(), recv() etc and try and understand how to use them programmatically in code. Hopefully by the end of this video, you will be all ready for entering the world of socket programming.

Part 4: Hello World TCP Server using Sockets

Video description:

In this video we will look at how to make a TCP Server. To keep things simple to understand, this will be a Hello World server i.e. it will send a connected Client the string "Hello World" and finish servicing the Client. The most interesting aspect of this video is that it is a "type with me exercise" - the user can type along to understand all the programming constructs better.

Part 5: Hello World Server

Video description:

In this video we continue coding our "Hello World" server. We will now encounter the most important API call - accept() (from a server's perspective). Accept() allows the server process to accept client connections and process them. We will currently run the server in an infinite loop, so that we can process clients one after the other. The important thing to note here that this server process is not multithreaded and thus can only process a single client at a time. To be able to process multiple clients asynchronous calls such as select() or multithreading will have to be used.

Buffer Overflow Videos: Smashing the Stack

Part 1: Overwriting Stack

Video description:

In Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value. We will use a sample program to demonstrate how it is possible to change the Return address by overwriting the stack using user supplied input.

Part 2: Writing Exit Shellcode

Video description:

In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability. Shellcode is nothing but machine code which the CPU can execute directly without requiring any further assembling, compilation or linking. Thus instructions in the Shellcode will be executed as-is. We will look at the exit() syscall and see how we can convert the assembly language code for invoking it into shellcode. In the process, we will be using the Objdump utility which ships with the Binary utils package. After you have gone through this video, you will be able to convert almost any assembly code into it's shellcode equivalent.

Part 3: Executing Shellcode

Video description:

In the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly. In order to do this, we will use the exit() shellcode which we created in the last video. We then use ShellCode.c to launch the shellcode. During this demo we will discuss how the main() function is actually invoked by the __libc_start_main routine, which sets up the environment for the program and also cleans up after main() returns. We will see how it is possible to change the return address on the stack (RET) to point to our shellcode and have it execute.

Part 4: Disassembling Execve

Video description:

In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. We will cover this part in-depth and trace through individual instructions and recreate the program stack before execve() is called. Once the disassembled code has been understood, we will create our own program in assembly to spawn a shell using Execve(). This video is very important for those who want to learn how to convert a complex syscall() into its working assembly language equivalent.

Part 5: Shellcode for Execve

Video description:

In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. This is probably the most important video in the series, if one wants to understand the shellcode generation process completely.

Reverse Engineering Videos 101

Cisco Security Training Video

Video description:

This is an instructional video that shows how an employee from inside created a fake account that was used to bust into the network from outside.

Interview with Security Expert Johnny Long

Advanced SQL Injection Presentation at DojoSec

Related Posts

This month I bring a collection of computer security video lectures (computer hacking videos and computer cracking videos). They include topics such as assembly programming videos, debugging videos with gdb, socket programming videos, buffer overflow videos, reverse engineering videos, some cisco security training video, and various other hacking training videos.The videos are mostly from Security Tube and they were made bywho is a graduate of the prestigious Indian Institute of Technology.See Security Tube for hundreds of other videos. Topics include Hard Drive Encryption with TrueCrypt Email Security and tens of other topics.That's it this month. Hope to see you back the next month!