Windows Inline Function Hooking

Hooking can be used by legitimate software for reverse engineering, for example, to examine the user mode function calls that a malicious program is making. It can also be used by a malicious program to hide certain aspects of itself.  For example, malware might try and install a hook into Windows API functions, which list […]

Vulnerability Discovery Via 'Fuzzing'

Why would you fuzz? People fuzz for many reasons, depending on the industry they are in, from reliable assurance through to testing and validation. In security research, our primary goal is to discover potential vulnerabilities or weaknesses. Fuzzing allows us do this in an automated, if not somewhat less rigorous, manner. This is the first […]

DLL Injection: Part Two

In a previous blog post I gave a high level overview of DLL injection, what it is used for and how it might be achieved. More than one method exists to get our code into a process and have it execute.  A quick scan around the web gives us quite a few ideas.  It boils […]

DLL Injection: Part One

A High Level Overview DLL injection is a technique that can be used by legitimate software to add functionality, aid with debugging, or reverse engineer software running on a Windows PC.  It is also often used by malware to subvert applications running on target systems, so from a security point of view, it’s useful to […]

A Beginners’ Guide to Obfuscation

Obfuscation is a technique used to change software code in order to make it harder for a human to understand. There are several reasons one might obfuscate code: To make it harder for unauthorised parties to copy the code To reduce the size of the code in order to improve performance. For example a browser […]

Programmable Logic Controller (PLC) Security

Industrial Control Systems (ICS) are very important components of our critical infrastructure. Programmable logic controllers (PLC) are some of the well-known types of control system components. PLCs are computers used for automation of typically industrial electromechanical processes, such as the control of machinery on factory assembly lines, amusements rides, light fixtures, power stations, power distribution […]