Computer security researcher. His main areas of interest are low-level security (kernel, OS, client), web security and reverse-engineering. Currently working as an Information Security Engineer at Google.
Beyond MOV ADD XOR – the unusual and unexpected in x86.
Intel x86 and the derived AMD64 architecture families are by far the most widespread and commonly known ones, powering millions and millions of desktop PCs, server racks and even some mobile devices. Although understanding low-level X86 assembly code has been subject to extensive study by hobbyists, professional reverse engineers and exploit developers alike, the research typically covers only a small subset of both instruction set and features the architecture has to offer. In this presentation, we will address numerous interesting, often security-relevant tidbits, unpopular features and unusual behaviors that we have came across during our journey through the manuals, books and research papers, as well as our own experience. Basic knowledge of x86 assembly and its execution environment is highly recommended.