Wednesday, 16 May 2018

Ransomeware

Read this to learn more about the WannaCry ransomware crisis and what you need to stay safe from future attacks

Earlier this month, a strain of ransomware infected more than 300,000 Windows PCs around the world. The awesomely namedWannaCry strain demanded that infected businesses and individuals pay $300 in order to unlock each machine—as well as the data stored on their devices. Some people paid the ransom, while others were lucky enough to wait it out and be rescued by a hero who accidentally stopped the attack by registering the unregistered domain on which the ransomware lived.
Now that the attack has been thwarted, it appears that new WannaCry variants are emerging, and a massive, unrelated ransomware attack hit Eastern Europe. As ransomware attacks become trickier and more difficult to stop, your company is more likely than ever to be at risk. As a result, we've compiled this list of post-mortem steps on what happened, how you can protect your business and yourself, and what you should do if you fall victim to an attack.

1. Be Defensive

You're going to need to be smarter about which emails you open, which links you click, and which files you download. Phishing attacks are common and they're easy to fall victim to. Unfortunately, WannaCry wasn't your typical phishing attack. Instead, this attack manipulated a Windows vulnerability, one that had already been patched by Microsoft earlier this year.
So, how did it get through? You know those annoying pop-up notifications that software manufacturers send to your computer? They're not just alerting you to new features; they're adding patches to your software that will help to protect against attacks like WannaCry. The same goes for your endpoint protectionsoftware. If your vendor asks you to update, then update. In this case, it appears the attackers were able to penetrate systems that had not recently been updated and, as a result, hospitals were crippled and lives were put in jeopardy (more on this later).
"The global fallout of this attack could have easily been prevented by deploying the security update once it was made available by Microsoft," said Liviu Arsene, Senior E-Threat Analyst at Bitdefender. "The lesson to be learned from this experience is to always apply security patches and updates when they become available, not just for operating systems but for applications as well. Of course, a security solution might prevent the payload—in this case, ransomware—from infecting victims. But more advanced and sophisticated threats could potentially leverage the operating system vulnerability to gain persistency and bypass traditional security mechanisms undetected."

2. Back that Cache Up

The worst thing about an attack of this variety is that it gains access to your data. However, the responsible among us don't need to worry about this very much because they have been using disaster recovery (DR) software to ensure that their information is alive and well in the cloud. If you wind up getting hit with a ransomware attack, then having access to your full trove of data in the cloud means you can simply factory-reset your machine, pull in your backed up data, and start working again.
WannaCry Ransom Note
Image Via: McAfee

3. Don't Pay, Silly

As much as you'd like to retrieve your unfinished screenplay, paying hostage takers seldom works. Instead, contact the FBI and let them know you've become the victim of a cyberattack. If you desperately need your data and you don't have a backup stored elsewhere, then just sit tight and wait. Also, if you don't need your data or if you have backed it up, then just reset your machine and start from scratch.
Whatever you do, don't pay. Here's why: There's a good possibility the hacker won't actually release your data. Now you're out $300 and you're still out of luck. Also, paying could actually expose you to additional risk because you've shown a willingness to give into the hackers' demands. So, in the very best-case scenario, you've paid, gotten your data back, and given a criminal incentive to try to attack you again in the future.
"No one is ever encouraged to give in to ransomware demands," said Arsene. "In fact, if no backups are available from which to restore lost data, companies or individuals should treat the incident as hardware failure and move on. Paying would only fuel cybercriminals with the financial resources to keep developing new threats. And there's no actual guarantee that you'll actually receive the decryption key. You are actually dealing with criminals here."

4. What You Should Do

As I previously mentioned, backing up your data and running a factory-reset on your hardware, will let you walk away from a ransomware attack without having experienced much real damage. Here's a step-by-step procedure for what to do when that ransom note hits your screen: 1) Unplug your computer and unplug your computer from its network. 2) Fully wipe your device and restore it from a backup. 3) Install all security patches and updates and add a security solutionlike Bitdefender to your software mix. 4) Contact the FBI.

5. Businesses Must Get Serious

"There are security layers that companies can deploy to protect infrastructures from zero-day vulnerabilities in both operating systems and applications," said Arsene. Arsene recommends organizations running virtual infrastructures deploy a hypervisor-based memory introspection technology that's capable of securing virtual workloads.
"This new security layer that sits below the operating system can detect zero-day vulnerabilities, like the SMB v1 vulnerability leveraged by WannaCry, and prevent attackers from ever exploiting it, even if the system is unpatched or the vulnerability is completely unknown," Arsene explained. "This complementary security layer, coupled with traditional in-guest security solutions and constant software patching, increases the cost of attack for cybercriminals while giving organizations more visibility into advanced attacks."

Tuesday, 13 March 2018

Tuesday, 20 February 2018

MASM


MASM 8086 Assembler in Ubuntu or Windows 7(x64) using DOSBox

Run MASM 8086 Assembler in Ubuntu or Windows 7(x64) using DOSBox
Here’s how to run 16 bit DOS executables like the MASM assembler or Turbo C compiler in Ubuntu (GNU/Linux) or in 64 bit editions of Windows 7 using DOSBox, a DOS environment emulator. DOSBox is available for Linux as well as Windows.
DOSBox installation
For Ubuntu users (using repository)
Open the terminal and type in the following commands to download and install DOSbox in Ubuntu
sudo apt-get update
sudo apt-get install dosbox
You will find it installed under Applications_Menu->Games->DOSBox Emulator
For other GNU/Linux users
Download DOSbox from
below link.
Open terminal and cd to the directory containing the downloaded tar.gz file. Type in the following commands to build and install :
tar -xzvf dosbox-0.74.tar.gz
cd dosbox-0.74
./configure
make
Check the 
src subdir for the binary.
For Windows users
Download DOSbox from
below.
Run the downloaded .exe file and install it like any other software.
Now that you’ve installed DOSBox, you’ll be able to run any 16bit or 32bit DOS executable inside it.
Download the 8086 MASM Assembler from below. The zip file contains the following files :
masm.exe, tasm.exe, link.exe, bin2hex.exe, exe2bin.exe, td.exe, edit.com and debug.exe
Windows users extract the .zip file into C:\ so that the path C:\8086 contains all the above mentioned files. GNU/Linux users can extract it and place it in say /home/imran/8086
Launch DOSBox and type the following commands :
For Linux users : 
mount c /home/imran/8086
c:
For Windows : 
mount c c:\8086
c:

DOSBox running in Ubuntu
Now the contents of the folder /home/imran/8086 or c:\8086 is mounted as c: drive inside the DOS emulator. You can assemble programs inside DOSBox as you do in your Microprocessor Lab under Windows XP; i.e your usual sequence of commands -
edit file.asm
masm file.asm
link file
debug file.exe
When you are done, type exit to quit DOSBox.
P.S : For GNU/Linux users, there’s an alternative assembler known as the NASM. NASM is considered to be one of the most popular assemblers for GNU/Linux.
Click to Downloads :
DOSBox for Linux : dosbox-0.74.tar.gz
DOSBox for Windows : DOSBox0.74-win32-installer.exe
8086 Assembler : 8086_Assembler.zip

Saturday, 17 February 2018


8086 ASSEMBLY PROGRAM FOR ADDITION OF TWO 8 BIT NUMBERS
data segment
a db 09h
b db 02h
c dw ?
data ends

code segment
assume cs:code,ds:data
start:
mov ax,data
mov ds,ax
mov al,a
mov bl,b
add al,bl
mov c,ax
int 3
code ends
end start

C:\TASM>masm an8add.asm
Microsoft (R) Macro Assembler Version 5.00
Copyright (C) Microsoft Corp 1981-1985, 1987.  All rights reserved.

Object filename [an8add.OBJ]:
Source listing  [NUL.LST]:
Cross-reference [NUL.CRF]:

  50402 + 450254 Bytes symbol space free

      0 Warning Errors
      0 Severe  Errors

C:\TASM>link an8add.obj

Microsoft (R) Overlay Linker  Version 3.60
Copyright (C) Microsoft Corp 1983-1987.  All rights reserved.

Run File [AN8ADD.EXE]:
List File [NUL.MAP]:
Libraries [.LIB]:
LINK : warning L4021: no stack segment

C:\TASM>debug an8add.exe
-g

AX=0B0B  BX=0002  CX=0022  DX=0000  SP=0000  BP=0000  SI=0000  DI=0000
DS=0B97  ES=0B87  SS=0B97  CS=0B98  IP=0011   NV UP EI PL NZ NA PO NC
0B98:0011 CC            INT     3
-d 0B97:0000
0B97:0000  09 02 0B 0B 00 00 00 00-00 00 00 00 00 00 00 00   ................
0B97:0010  B8 97 0B 8E D8 A0 00 00-8A 1E 01 00 02 C3 A3 02   ................
0B97:0020  00 CC 86 72 FF 77 15 8A-86 70 FF 2A E4 50 B8 FD   ...r.w...p.*.P..
0B97:0030  05 50 FF 36 24 21 E8 77-63 83 C4 06 FF 36 24 21   .P.6$!.wc....6$!
0B97:0040  B8 0A 00 50 E8 47 5E 83-C4 04 5E 8B E5 5D C3 90   ...P.G^...^..]..
0B97:0050  55 8B EC 81 EC 84 00 C4-5E 04 26 80 7F 0A 00 74   U.......^.&....t
0B97:0060  3E 8B 46 08 8B 56 0A 89-46 FC 89 56 FE C4 5E FC   >.F..V..F..V..^.
0B97:0070  26 8A 47 0C 2A E4 40 50-8B C3 05 0C 00 52 50 E8   &.G.*.@P.....RP.
-q

C:\TASM>


Friday, 16 February 2018


CENG 222 – Computer Organization Lab Work 9

Standard I/O In 8086

Standard input output operations  are performed INT 21h interrupt in assembly.
Int 21h acts like a function. The operation to perform in interrupt no 21h is determined by the contents of the AH register.
Read the entry regarding Int 21h interrupt in “Supported Interrupt Functions” section of Emu8086 help (“help”->”Documentation and Tutorials”->“Supported Interrupt Functions”)
Pay attention to Int 21h functions where the value of AH is 1,2,9,0Ah

Exercises

1) Write an assembly program to read a character and print the same character back to screen
2) The user will enter a 2 digit decimal number write an assembly program to store the number in CX register.
3) Write an assembly program to print the English alphabet (capital letters only)
4) design an assembly function (that uses a variable for return value) that reads 5 characters from the keyboard. Call the function in main to get the characters and write the program to print the characters.


CENG 222 – Computer Organization Lab Work 8

Variables

Syntax for a variable declaration:

name DB value
name DW value

DB - stays for Define Byte.
DW - stays for Define Word.

name - can be any letter or digit combination, though it should start with a letter. It's possible to declare unnamed variables by not specifying the name (this variable will have an address but no name).

value - can be any numeric value in any supported numbering system (hexadecimal, binary, or decimal), or "?" symbol for variables that are not initialized.

Reference Address:
http://www.yecd.com/os/8086%20assembler%20tutorial%20for%20beginners%20(part%203).htm

.model small
.stack 100h
.data
VAR1 DB 5
var2 DW 1A2Bh

.code
main proc
     mov ax,@data
     mov ds,ax

     MOV AL, var1
     MOV BX, var2

     mov ax, 4c00h
     int 21h
main endp

end main

Some previous Examples to remember...

MOV AX, [1BFFH]    ; Copy 2-bytes (word) data stored at address 1BFF to AX
MOV [BX], 20h          ; Copy the word (2-bytes) data to the memory
                        ; block started at BX. (*BX = 0020h)
MOV WORD PTR [BX], 20h ; Exactly the same as above
MOV BYTE PTR [BX], 20h                ; Copy 1 byte (*BX = 20h)

Offset command

When used with a variable offset command gives the address of the variable.

MOV BX, offset var1               ; Copy address of var1 to BX
MOV DL, [offset var2]            ; Copy 1-byte data at var2 to DL

LEA (Load effective address) instruction


If we use “offset”, we need the following instruction to get the address of a data:
MOV DX, offset var1

Here, msg is defined as name of the data itself. Another way to do this without using offset:
LEA DX, var1
Both instructions above, loads the address of var1 into DX.



Experiment 1


Analyze the assembly code below:

title Register test program

.model small
.stack 100h
.data
msg db "AB",0dh,0ah,'$'

.code
main proc
     mov ax,@data
     mov ds,ax

; Add your code here
; ------------------

; ------------------

     mov ah,9
     mov dx,offset msg
     int 21h

     mov ax, 4c00h
     int 21h
main endp

end main

The program above prints “AB” to the console. The message “AB” is stored at msg in data segment. Therefore, “offset msg” is the starting address of the string. Modify the code according to the following experiments:

1-      Copy the second byte stored at “msg” (which is ‘B’ currently) to the first byte. The output should be “BB”. In order to do that, load 2-bytes data stored at “msg” into a 16-bits register. Copy one part of the register to the other part. Then, write your register back to msg.
2-      Copy the first byte stored at “msg” (which is ‘A’ currently) to the second byte. The output should be “AA”. To achieve this, load the first byte stored at “msg” into one 8-bits register (high or low part) and copy it onto the other part and write the data stored in register back to msg.
3-      Load the data stored at “msg” into one register and swap the high and low parts of the register using a temporary 8-bits register. Then write back your “swapped” register onto msg. The output should be “BA”.

Experiment 2

title Logical

.model small
.stack 100h

.data

varA db ?
varB db ?
varC db ?
varX db ?

.code

main proc

       mov ax,@data
       mov ds,ax

       ; Add your code below

main endp

end main

In the assembly code above, four variables are defined without initialized. Use debug mode to test your program and see registers’ and memory’s status after you make necessary modifications to compute some logical operations:

1 – Assign values to all variables except varX.
            varA = 10101010b
            varB = 11001100b
            varC = 11110000b

2 – Compute the following logical operations:
            a)         varX = varA OR (varB AND varC)
            b)         varX = varA OR varB OR (NOT varC)

Experiment 3

Define variables facparam and facreturn. Write an assembly function that calculates the factorial of the number stored in facparam variable and write the result to facreturn variable. The registers should remain unchanged at the end of the function call.
Use the function to calculate 3! and 5!.


CENG 222 – Computer Organization
Lab Work 7

CALL and RET instructions

CALL instruction is used for calling a subroutine/procedure/function.
Usage:

CALL <address or procedure name>

RET instruction is used for returning back to caller procedure from the called procedure. RET has no arguments. Analyze the code given in experiment.

Using stack

Stack is used for temporarily storing data to memory. It is also used by CALL and RET to store caller instruction address. Hence, it is critically important to use stack properly:
Leave stack as how you find!
It means that you need to get all the data out which you store in the stack. Do not forget any data in the stack. You can use it temporarily!

PUSH instruction stores a data in the stack.

PUSH <word data or word register>

POP instruction retrieves a data from the stack.

POP <word memory block or word register>

Examples:

PUSH AX
POP BX


EXPERIMENTS
1)
Write the following C code in assembly using no jump instructions (use loop command instead) You should not use other registers to store the value of CX temporarily. You should use the stack properly to store the value of CX properly.
Hint: Don't forget that loop command only operates on CX and to use a inner loop you must remember the value of CX for the outer loop at each iteration.

int b =0;
for(int i=0; i<5;i++)
            for(int j=0; j<10;j++)
                        b = I + 2*j;
2)
Write an assembly function that calculates factorial. Use the function to calculate 3! and 5!.

3)
Write an assembly program that calculates first 10 Fibonacci numbers. Numbers should be observed in dx consequently (since we did not learn how to print at the moment we can simulate it by observing the register in emulator).
Hint: Use the stack to reverse the order. Once you have pushed all the items, pop command will give you the last item.