Jay Bosamiya Software Security Researcher

Blog - page 2


My Awesome Experience at the Summer School on Formal Techniques (SSFT'18)

I spent the past week, at the Summer School on Formal Techniques, and it was an absolutely amazing experience. Chronicled below, are the different great talks/labs that were part of this week long program, as well as my thoughts interspersed in. Overall, this was an unforgettable week, where I learnt a lot, made new friends, and had some nice discussions about a lot of very interesting topics. I also found out about some things that... Read more...

Misc RE Tips

Reverse engineering is a mix of an art as well as a science. Over time, one tends to gather a repertoire of common "tips and tricks" that one might use when reversing any given piece of software. What follows are a condensed form of some tricks gained from Gynvael's livestreams. Read more...

A Story to Tell : My Experience at IIT Roorkee

Truly, time flies extremely fast when you are enjoying yourself. These 4 years have been amongst the most memorable ones in my life till date, and have helped me grow as an individual in countless ways. First year was the first time I was staying away from home, for an extended period of time. To make things more challenging, I was at the same school for the previous 12 years! To come to a new... Read more...

Analysis for RE and Pwning tasks in CTFs

To either solve an RE challenge, or to be able to pwn it, one must first analyze the given binary, in order to be able to effectively exploit it. Since the binary might possibly be stripped etc (found using file) one must know where to begin analysis, to get a foothold to build up from. Read more...

Return Oriented Programming

Return Oriented Programming (ROP) is one of the classic exploitation techniques, that is used to bypass the NX (non executable memory) protection. Microsoft has incorporated NX as DEP (data execution prevention). Even Linux etc, have it effective, which means that with this protection, you could no longer place shellcode onto heap/stack and have it execute just by jumping to it. So now, to be able to execute code, you jump into pre-existing code (main binary,... Read more...