Story Time Exploring the internals of processors has long been a fascination of mine. After spending a lot of time experiencing different processor features like hypervisor and configuring diffe...
HyperDbg’s One Thousand and One Nights
This post is a different one, in that, it is more of an overview, rather than a technical post. Here, we provide a high-level summary of HyperDbg Debugger, its principles, and perspective. Intro...
Hypervisor From Scratch – Part 8: How To Do Magic With Hypervisor!
If you’re looking to use a hypervisor for analysis and reverse engineering tasks, check out HyperDbg Debugger. It’s a hypervisor-based debugger designed specifically for analyzing, fuzzing, and r...
Hypervisor From Scratch – Part 7: Using EPT & Page-Level Monitoring Features
If you’re looking to use a hypervisor for analysis and reverse engineering tasks, check out HyperDbg Debugger. It’s a hypervisor-based debugger designed specifically for analyzing, fuzzing, and r...
Reversing Windows Internals (Part 1) - Digging Into Handles, Callbacks & ObjectTypes
Introduction Welcome to the first part of a series of posts about Exploring & Reversing Windows Concepts and Internals. If you reach here then you’re probably a security researcher or a prog...
Why you should not always trust MSDN: Finding Real Access Rights Needed By Handles
Introduction Hi guys, The title of this topic is somehow weird, if you think everything in MSDN is 100% match with what Microsoft implemented in Windows (like what I used to think), you’re defi...
Hypervisor From Scratch – Part 6: Virtualizing An Already Running System
If you’re looking to use a hypervisor for analysis and reverse engineering tasks, check out HyperDbg Debugger. It’s a hypervisor-based debugger designed specifically for analyzing, fuzzing, and r...
PacketScript overview: A Lua scripting engine for in-kernel packet processing
As I was surfing the net, trying to find a way to prototype network protocols or features in Linux. I stumbled upon PacketScript. PacketScript is the an implementation of the Lua VM inside Linux...
Call Gates' Ring Transitioning in IA-32 Mode
Have you ever thought how transitions between different rings performed? Well, SYSENTER & SYSCALL used in modern OSs for transitioning between ring 3 to ring 0 but if there are other rings, ...
Hypervisor From Scratch – Part 5: Setting up VMCS & Running Guest Code
If you’re looking to use a hypervisor for analysis and reverse engineering tasks, check out HyperDbg Debugger. It’s a hypervisor-based debugger designed specifically for analyzing, fuzzing, and r...
- Hypervisor From Scratch - Part 1: Basic Concepts & Configure Testing Environment
- Hypervisor From Scratch – Part 2: Entering VMX Operation
- Hypervisor From Scratch – Part 5: Setting up VMCS & Running Guest Code
- Hypervisor From Scratch – Part 6: Virtualizing An Already Running System
- Hypervisor From Scratch – Part 7: Using EPT & Page-Level Monitoring Features