Hello,

I bachelor’d in Computer Science and was fascinated about cybersecurity for a long time. I worked in the field of computer security for close to 6 years, 2 as an independent student researcher and close to 4 years at Cisco Systems as a software engineer in one of Cisco’s Router Security team. I worked on a range of subjects - starting from hardware/firmware security to OS security to network and infrastructure security. I started by understanding how code translates to 0s and 1s, the x86 assembly language to designing and working on software solutions that improved the overall security posture of critical infrastructure (the Internet, data-centers, enterprise networks).

  1. List of all Posts: You can find all the relevant posts here.
  2. RE, BE, Software Vulnerabilities: I wrote a long series of articles on software reverse engineering, software vulnerabilities and binary exploitation. You can find them here.
  3. Malware Analysis, Cyber-Intelligence: I had a number of personal projects from analyzing pieces of malware(like a virus or a trojanhorse), to writing tools (based on concepts explained in various articles, research papers). You can find them here.
  4. There are some generic articles on computer systems and security here.
  5. On Rust: The Rust Programming Language interested me a lot. I ended up writing quite a bit about the language internals, lots of code and analysis and particularly on the Event-Driven Programming paradigm. You can find them here.
  6. Network Packet Analysis: As a vowed network security enthusiast, I wrote an amateur network packet analysis tool understanding various network protocols (like TCP, IP, Ethernet and so on). You can find details about it here.
  7. How do you setup a simple blog like this one in an hour? Read this
  8. Awesome resources on cybersecurity: link

At one point, I decided to pursue an MBA, so I have switched to the management stream, and have a variety of interests in IT: Information Systems, IT Strategy for Businesses, Cyber-Risk Management, Cybersecurity in Finance and E-Commerce. Follow this space if these topics interest you.

Cheers,
Adwaith

PS: Back in the time, I had collected some resources in systems security. You will find a vaguely categorized list below. Hope it helps.

1. Binary Analysis, Traslation, Rewriting, Disassembly, Decompilation etc.,

1.1 Theses, Surveys

  1. Robust Low-Overhead Binary Rewriting: Design, Extensibility and Customizability - 2021. (backup).
  2. Dynamic Binary Lifting and Recompilation - 2020. (backup).
  3. Scalable Validation of Binary Lifters - 2020. (backup)
  4. Increasing the Performance of Symbolic Execution by compiling Symbolic Handling into Binaries - 2020. (backup).
  5. From Hack to Elaborate Technique - A Survey on Binary Rewriting - 2019. (backup).
  6. Type Inference on Executables - 2016: A survey on the type inference problem in binaries. (backup).
  7. Analyzing and Securing Binaries Through Static Disassembly - 2017: PhD Thesis of Daniel Andriesse at VU Amsterdam. (backup).
  8. Building a Base towards Cyber-autonomy - 2017: Prof. Yan’s PhD Thesis. (backup).
  9. Abstraction Recovery for Scalable Static Binary Analysis - 2014. (backup).
  10. Deep Analysis of Binary Code to Recover Program Structure - 2014. (backup).
  11. Static Analysis of x86 Executables - 2010: PhD Thesis of Johannes Kinder at TU Darmstadt. (backup).
  12. Reverse Compilation Techniques - 1994: PhD Thesis of Christina Cifuentes. An amazing thesis to understand decompilation in detail. (backup).

2. Reversing, Malware Analysis, Memory Forensics, Exploit Dev etc.,

2.1 Theses, Surveys

  1. Binary Analysis for Linux and IoT Malware - 2020. (backup).
  2. Advances in Memory Forensics - 2019. (backup).
  3. Advances in Modern Malware and Memory Analysis - 2015. (backup).

2.2 Books, websites and other resources

  1. Reverse Engineering for Beginners(RE4B) : This book is the best if you want to get started with Reverse Engineering. Loads of examples related multiple Architectures like x86, ARM, mips, multiple Compilers - gcc, MSVC.
  2. challenges.re - If you want to get started with Reverse Engineering and Binary Exploitation, this website is the best way to start!

3. TPM, Firmware, BIOS, UEFI, BootLoaders etc.,

3.1 Theses, Surveys

  1. Towards System-wide Dynamic Analysis of Embedded Systems - 2020. (backup).
  2. Dynamic Binary Firmware Analysis - Challenges and Solutions - 2019. (backup).
  3. Large Scale Security Analysis of Embedded Devices’ Firmware - 2015. (backup).
  4. Development of novel Dynamic Binary Analysis techniques for Security Analysis of Embedded Devices - 2015. (backup).

3.2 Books and other resources

4. UEFI

1. [UEFI-EDK2 Training](https://github.com/tianocore-training/Tianocore_Training_Contents/wiki): In-depth training on UEFI. Best way to get started with UEFI.
2. [EDK2](https://github.com/tianocore/edk2): Firmware development environment for UEFI specifications. In short, one can build a virtual firmware, run it on VM, write UEFI applications, run and test them in that VM.
3. [EDK2 documents](https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Documents): Lists all the documents related to EDK2. It has everything from getting started to writing hello-world UEFI programs to training/courses on UEFI.
4. [Introduction to EFI programming](http://www.rodsbooks.com/efi-programming/) by Roderick Smith.
5. [x86asm.net - Introduction to UEFI](http://x86asm.net/articles/introduction-to-uefi/index.html)
6. [EFI Tutorial](https://github.com/safayetahmedatge/efitutorial)
7. Books on UEFI by its creators: [Harnessing the UEFI Shell](/assets/firmware-security/Harnessing-the-UEFI-shell-Moving-the-platform-beyond-DOS.pdf), [Beyond BIOS](/assets/firmware-security/Beyond-BIOS-Developing-with-the-UEFI.pdf). The first book is an amazing starter. Second one does a deep dive.
8. [osdev.org UEFI wiki](https://wiki.osdev.org/UEFI)
9. [Remote debugging UEFI programs with gdb](https://wiki.osdev.org/Debugging_UEFI_applications_with_GDB)

5. Firmware-Security, Reversing etc.,

1. [www.firmwaresecurity.com](https://firmwaresecurity.com/)
2. [The BIOS blog by Darmawan Salihun](http://bioshacking.blogspot.com/): Insane blog, extremely rich.
3. [Pinczakko's blog](https://sites.google.com/site/pinczakko/): Another crazy blog
4. [Vincent Zimmer's blog on firmware, UEFI etc.,](http://vzimmer.blogspot.com/2015/06/firmware-related-blogs.html)
5. [Satoshi's note](http://standa-note.blogspot.com)

6. TPM

1. [TCG's summary on TPM](https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/)
2. [SWTPM](https://github.com/stefanberger/swtpm)
3. [tpm2 software](https://tpm2-software.github.io/)

1. [Coreboot](https://github.com/coreboot/coreboot): An opensource alternative to proprietary BIOS used by various vendors.
2. [LinuxBoot](https://www.linuxboot.org/): Linux as firmware.
3. [System Management BIOS (SMBIOS)](https://www.dmtf.org/standards/smbios/)
4. [SeaBIOS](https://github.com/coreboot/seabios): Opensource implementation of x86 legacy BIOS.
5. [Linux from scratch's About firmware](https://www.linuxfromscratch.org/blfs/view/svn/postlfs/firmware.html): This article has links to several amazing articles/github repositories in it.
6. [Intel's repository of processor microcode](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files)

8. Firmware, BIOS samples

1. [Dell downloads](https://www.dell.com/support/home/en-in?app=drivers): Dell publishes System BIOS for a variety of its products. Gold Mine
2. [HP software downloads](https://support.hp.com/in-en/drivers): Firmware for a bunch of HP products can be downloaded from here.

9. Crypto, Math

  1. cryptopals.com - Best Crypto site I have come across. Has programming exercises related to different cryptographic algorithms, different attacks on those algorithms.
  2. crypto101.io - It is a introductory course on cryptography available in the form of a book.
  3. projecteuler.net - If you are into Number Theory, Math, Programming, this is one of the best websites to go to!

10. Linux Systems Programming

  1. Angrave’s System Programming: This is probably the best resource to get started with Linux systems programming. Its just too good!
  2. University of Georgia’s Systems Programming Course
  3. University of Wisconsin-Madison’s Operating Systems course

11. Computer Networks

  1. Beej’s Guide to Network Programming - One of the best guides for Network Programming in C.

12. Kernel Bypass Techniques

These articles (in this order) helped me understand Kernel Bypass techniques better

  1. Diving into Linux Networking Stack - A gentle introduction of how Network Driver interacts with NIC.
  2. Inproving Linux Networking Performance - This article clearly explains what are the problems with the current(2015) Linux Network Stack and a few suggestions to improve it’s performance
  3. What is Kernel Bypass? - An amazing article which will help you understand Kernel Bypass techniques which will help improve performance of packet IO.
  4. netmap - A fast packet I/O Framework - The official website of netmap.
  5. netmap: a novel framework for fast packet I/O - netmap’s official paper. Just amazing!
  6. DPDK - Data Plane Development Kit - Official website of DPDK
  7. Impressive Packet Processing Performance Enables Greater Workload Consolidation - Paper explaining DPDK
  8. Zero Copy Networking - An interesting concept which helps in improving Network Stack performance
  9. Comparision of High Performance Packet IO Frameworks - An amazing paper which will compare leading fast packet IO frameworks.