This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?
For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and 0’s.
An assembly language is a low-level language for programming computers. It implements a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable).
The mnemonics looks like
MOV JMP and
In straight forward terms the answer is yes, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. Metasploit is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.
You might be able to fuzz out an overflow in some software using a pre-written python fuzzer, but what are you going to do then – you need to at least understand the stack/heap and EIP/ESP etc.
Even if you don’t plan to be that hardcore learning Assembly really won’t hurt at all, a great place to start is the PC Assembly Language book by Paul Carter.
The tutorial has extensive coverage of interfacing assembly and C code and so might be of interest to C programmers who want to learn about how C works under the hood. All the examples use the free NASM (Netwide) assembler. The tutorial only covers programming under 32-bit protected mode and requires a 32-bit protected mode compiler.
Another great resource is Iczelion’s Win32 Assembly Homepage which has a bunch of tutorials, source code examples and links.
As many say Assembly is easy to learn but hard to MASTER.
I started out with The Art of Assembly – and I suggest you do too.
Some other resources:
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- OWASP WebGoat – Deliberately Insecure Web Application
- WinRAR Vulnerability Is Complete Bullshit
- the Art of Virology 00h
- Metasploit Exploit Framework Version 3.0 Released
- Complex Cyberwar Tool ‘Flamer’ Found Infecting Computers In Iran & Israel
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 232,376 views
- AJAX: Is your application secure enough? - 119,749 views
- eEye Launches 0-Day Exploit Tracker - 85,320 views