Dynamically linked shared libraries are an important aspect of GNU/Linux®. They allow executables to dynamically access external functionality at run time and thereby reduce their overall memory footprint (by bringing functionality in when it's needed). This article investigates the process of creating and using dynamic libraries, provides details on the various tools for exploring them, and explores how these libraries work under the hood.

This article explores some of the Linux architectures that support real-time characteristics and discusses what it really means to be a real-time architecture. Several solutions endow Linux with real-time capabilities, and in this article I examine the thin-kernel (or micro-kernel) approach, the nano-kernel approach, and the resource-kernel approach. Finally, I describe the real-time capabilities in the standard 2.6 kernel and show you how to enable and use them.

A big doc about how asm instruction are decode

7 bytes

0000000: 6641 2521 2173 21 fA%!!s!

As 32 bit

00000000 6641 inc cx
00000002 2521217321 and eax,0x21732121

As 64 bit

00000000 6641252121 and ax,0x2121
00000005 7321 jnc 0x28

and clears the carry flag so the 64 bit version always jumps. For 64-bit the 6641 is the operand size override followed by rex.b so the operand size for the and comes out as 16 bit. On 32-bit the 6641 is a complete instruction so the and has no prefix and has a 32-bit operand size. This changes the number of immediate bytes consumed by the and giving two bytes of instructions that are only executed in 64-bit mode.

Colony graphs are a simple visualization of computer life forms. A process colony graph, or "ptree graph" for short, shows live processes and their parent and child relationships.

Interesting infographie of great mechanical mechanism

An array of all x86/x86_x64 instruction, very useful

While reading some disassembly, we came across a weird-looking instruction, that was present in most everything we gave objdump.

f3 c3 repz ret

People checking news in realtime
Fact checking is what makes this different

a fail2ban GUI powered by fail2rest

A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.

When starting out as a reverse engineer or malware analyst, it is often tempting to trust your disassembler to correctly resolve the various bytes into code or data. However, to become an expert, it is important to gain as much insight as possible into the Instruction Set Architecture (ISA) of the chip you are working with. This opens many new possibilities: polymorphic code becomes easier to handle, and you become able to use some custom disassembly techniques in your own rootkits or understand these techniques when used by others.

There are a couple groups of settings below. The first couple go in /etc/sysctl.conf or /etc/sysctl.d/filename.conf.

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.