Hi everyone, I am back with a new blog post (If you have not read my earlier blog, you can read it at My experience with OSWP/WiFu v3.2). This will be first blog in a series on 32-bit Linux assembly language programming and Shellcoding. With this blog, I will try put every new thing that I learned while practicing assembly language programming and shellcoding. I’ll desperately try to keep my posts simple, lively and easy to understand. You can post your comments in comments section and ask me queries if any. Eventually I’ll start series on 64-bit Linux and if possible, Windows as well.
Why assembly language and no OSCP/OSCE?
When I completed my OSWP certification, many of my friends and colleagues asked me ‘What’s next? OSCP or OSCE?’ (For those who don’t know about OSCP and OSCE, they are amazing pentesting certification offered Offensive Security team. Totally hands-on and learning curve is steep. Read this amazing blog post by ParanoidNinja on his OSCP experience). Well, I said ‘Maybe!!!’. Reason: “I am master procrastinator.”
To be honest, OSCP/OSCE are courses which needs lots of foundation work and very deep understanding of things like computer functionality, Windows and Linux architecture, network security, identifying security vulnerabilities, finding public exploit, modifying exploits, lots of post exploitation stuff and what not. All things which I have mentioned here are not even scratching the surface. So, to freshen-up the basics, I decided to learn assembly language programming and shellcoding. Eventually I can take more challenging part as well.
Why one should learn Assembly Language:
- Understanding of processor architecture, assembly and functioning: Just like any other electronic device out there, computer is made up of various components namely Monitor, Cabinet, Motherboard, Processor, RAM, Graphics card, SMPS Power supply, Cooling mechanism and so on. Now many of non-technical people out there imagine computer as this:
Many fails to look above mentioned components, which look like
Now people who knows how to assemble PC knows these components, but even they fail to appreciate the brilliance of this device only because they cannot see how simple mathematical operations like ADD, SUB, MUL and logical operations like OR, NOT, XOR can perform so many tedious tasks like web browsing, video editing, even writing this very same blog.
- Understanding of Operating System functionality: Many of use OSes from Windows family, some rich guys use MacOS devices and some people use *-NIX distros. Glossy designs, Beautiful GUIs and our specific work specifics obstruct our view from underlying OSes and we never try to understand how OS works on ground level.
- You’ll stop calling yourself security researcher: Many n00bs out there, who run automated scanners on websites, execute <script>alert(“Haxor”)</script> popup and call themselves Security Researchers. Then these guys go to different organizations and asks for bounty money and repeat… This vicious cycle continues, and these so-called researchers never learn anything about systems. Assembly language and shellcoding can show you glimpse of what is actual research & self-study and makes you humble.
- You’ll start appreciating high languages like C, C++, Java etc: Writing simple programs in assembly language is a tedious task (just see how big this calculator code is). Since assembly language do not have things like structures, variety of datatypes, very simple programs need large amount of code. Also, code written for one platform is not portable for another platform. Hence, you’ll start appreciating other high-level language.
With this much said, I guess I’ve made my point clear and able to spark a little bit of excitement about forth coming adventures with assembly language programming. I hope you’ve enjoyed the blog. Feel free to comment and question. Till then, Auf Wiedersehen!!!