Oscar Llorente
Researcher in DT
Expertise: Scam, program analysis

Program instrumentation options

Many of the methods of software testing and dynamic analysis of programs (not necessarily related to security) require inserting some additional instructions in the text of the program to obtain added information, that is, to instrument the program. For example,

Starting code debugging (II) – Breakpoints

One of the most useful functions provided by debuggers is setting breakpoints in certain lines of code to stop execution at those points and examine the status of the program. Breakpoints can be both hardware and software. GDB can set

Starting code debugging (I)

Errors are a collateral (and undesired) phenomenon that occur when writing code. Some, like syntactic errors, are easy to detect and correct, since normally the compiler,  interpreter or  IDE itself will warn us that we have some open parentheses for

The idea behind the symbolic execution

Following in the line of program analysis techniques, this time we are going to talk about a technique that is somewhere in between static techniques and dynamics, symbolic execution. It is a type of analysis that covers different limitations of

Analyzing a fuzzing framework

In the previous post on fuzzing, we explained in broad terms the main foundations and the different types that exist. This time we are going to focus on fuzzing frameworks, so let’s start by looking at how the general logical

Explaining the basics of fuzzing

In the field of program analysis, different techniques are used, usually divided into two groups: static and dynamic. Fuzzing is a dynamic technique used extensively (especially in recent years) to discover bugs in software that, with a little (bad) luck,


Our sandbox for packers