Welcome back, cyberwarriors!

In a previous article, we explored some of the ARM assembler commands. Today, we will delve into the practical application of the ADD instruction. By leveraging the power of the GNU Debugger (GDB), we will explore how to analyze and manipulate this instruction to gain deeper insights into ARM architecture.

Prepare an Environment

Before starting to learn assembly, we should prepare an environment. About possible ways to do so, you can check out this article. I’ll be using a Raspberry Pi with 32-bit Raspbian OS.

To check if your system is running a 32-bit userland, run:

raspberrypi> getconf LONG_BIT

Next, check what architecture your binaries are:

raspberrypi> file /bin/bash

In the case above, you can see a pretty common issue on modern Raspberry Pis: Raspbian OS is 32-bit, but uses a 64-bit kernel. This is an optimal installation, because you get 32-bit compatibility for all your applications and libraries, and better hardware support from a 64-bit kernel.

ADD Instruction

This instruction adds an immediate value to a register value and writes the result to the destination register.

The syntax is as follows:

ADD{S}{<c>}{<q>}  {<Rd>,} <Rn>, #<const>

Where
S – if presented, the instruction updates the flags. We’ll talk about flags later;
<Rd> – destinations register;
<Rn> – first operand;
<const> – the immediate value to be added to the value obtained from <Rn>;
<c> and <q> – are optional assembler fields.

Let’s move on to the practical stage and write the code. I’ll create a file instructions.s and open it with Vim.

The beginning of the file is as usual – declare “_start” value globally. I’ve explained this step in more detail in the following article. Also, I’ll add a comment with the add instruction syntax for ease of learning.

First of all, we need to have a register (<Rn>) that will be added to our constant value (#<const>). We’re going to set up a general-purpose register with the mov instruction.

As you might already remember from my previous article, general-purpose registers are r0-r12.

To set up a general-purpose register with a value of our choice, we can use the following command:

mov r0, #7

Where
mov – instruction to copy the value to the register;
r0 – destination register, where we’re going to store a temporary value;

#7 – pound sign signifies that the following value is constant. For this example, I’ve used number 7; you can choose any you want.

After that, we’re good to go with our add instruction.

add r1, r0, #3

Where
r1 is the destination register where we’re going to store the sum of 7 + 3
r0 – our first operand with value 7.

#3 – constant value that will be added to r0. I’ve used value 3.

At this point, let’s assemble this code and see in gdb (GNU Debugger) what is happening.

To assemble, I’ll be using a GCC:

gcc -g -nostdlib -static -o instructions instructions.s

Where
-g – Include debugging information
-nostdlib – Don’t link with standard library (since we’re not using it)
-static – Create a static executable

Now, we can open the executable with GDB, but before that, I’ll install GEF (GDB Enhanced Features), which provides automatic register monitoring, color-code output, and more.

To install GEF, run:

raspberrypi> bash -c "$(curl -fsSL https://gef.blah.cat/sh)"

Now, let’s run GDB:

gdb ./instructions

First of all, I’m going to disable displaced stepping to avoid some possible errors in GDB.

(gdb) set displaced-stepping off

After that, we can set a breakpoint at the _start label so execution stops there:

(gdb) break _start

Run our program:

(gdb) run

Here we can see that the program started execution but stopped in _start because of the breakpoint.

Let’s check the value of all registers:

(gdb) info registers

They are empty at this point. Let’s step through one assembly instruction:

(gdb) stepi

And check the value of only register r0 and r1

(gdb) info registers r0 r1

And here we can see that register r0 already stores the value 0x7 or 7 in decimal.

If we step through the next assembly instruction and check the register value again with the same commands, we can see the value of the r1 register.

Value of r1 is 0xa or 10 in decimal, just like we programmed.

Summary

In this article, we take a look at the ADD instruction in ARM assembly language. We walk through assembling the code with GCC and using GDB (GNU Debugger) to monitor execution and inspect register values, demonstrating how the results reflect the programmed additions. Understanding such low-level behavior is essential in exploit development, where manipulating register values and controlling program flow—such as redirecting execution or crafting return-oriented programming (ROP) chains—depends on precise knowledge of how instructions like ADD affect the system state.

The post ARM Assembly for Hackers, Part 2: Leveraging GDB to Understand the ADD Instruction first appeared on Hackers Arise.

Did you know that there are approximately 12.52 million credit card users in Australia, along with 43.77 million actively issued debit cards? These figures reflect Australia’s heavy reliance on digital payments and card-based transactions for everyday purchases and online commerce. However, with this widespread adoption comes an equally significant risk which is the growing threat of data breaches and payment fraud.

(Source – credit card debt statistics 2025 and Australian debit card statistics )

As digital transactions continue to grow, so do the challenges of protecting sensitive customer data. This is where PCI DSS (Payment Card Industry Data Security Standard) compliance becomes essential for Australian businesses.

In today’s article, we are going to learn how PCI DSS compliance protects businesses from data breaches. So, if you are wondering why you should invest in PCI DSS compliance in Australia and how it can safeguard your organization, keep reading to find out.

A brief introduction to PCI DSS

PCI DSS is a global data security framework that protects businesses handling cardholder data (CHD) from data breaches, fraud, and identity theft. It was first introduced in December 2004, by the founding members of American Express, Discover, JCB, MasterCard, and Visa International.

PCI DSS applies to any and every organization, regardless of size, that accepts, processes, stores, or transmits payment card data. Its framework consists of 12 core PCI DSS requirements grouped into six control objectives, which include:

1. Building and maintaining a secure network: Implementing firewalls and secure configurations.
2. Protecting cardholder data: Encrypting sensitive data during transmission.
3. Maintaining a vulnerability management program: Regularly updating anti-virus software and conducting vulnerability scans.
4. Implementing strong access control measures: Limiting access to cardholder data based on job responsibilities.
5. Regular monitoring and testing of networks: Performing routine security assessments.
6. Maintaining an information security policy: Establishing a documented security strategy.

The latest version PCI DSS v.4.0, was released on March 31, 2022, introducing enhanced security measures to address evolving cyber threats. These updates include increased flexibility for businesses and stronger authentication requirements, ensuring better protection in today’s dynamic digital landscape.

You may also check our latest YouTube video on PCI DSS 4.0 requirements which explains the changes from version 3.2.1 to 4.0.

The growing threat of data breaches in Australia

As Australia’s digital landscape continues to expand, the frequency and severity of data breaches are becoming increasingly concerning. In fact, the landscape of data security in Australia is becoming alarmingly dangerous, with a significant rise in data breaches posing a growing threat to businesses and individuals alike.

In the first quarter of 2024 alone, there were around 1.8 million accounts were leaked witnessing a 388% increase in compromised user accounts. This marks the severity of the data breaches exploited due to the soaring technology, and compliance negligence.

The financial implications of these breaches are profound. According to IBM’s annual Cost of a Data Breach Report 2024, the average cost of a data breach in Australia is estimated at AUD $4.26 million, which is said to have increased by 27% since 2020. These breaches not only affect an organization’s financial stability but also damage its reputation and erode customer trust. As cybercriminals continue to evolve their tactics, businesses must prioritize strong cybersecurity measures to mitigate these risks.

This is where the PCI DSS comes into play. While PCI DSS is not mandated by the Australian government, it is considered an important industry standard enforced by payment card brands.  Achieving PCI DSS compliance ensures strong protection of sensitive payment data, reducing the risk of breaches and associated penalties. Moreover, compliance demonstrates your commitment to cybersecurity, boosting customer confidence in your business.

How PCI DSS protects your business from data breaches

PCI DSS provides a comprehensive framework that helps businesses defend against data breaches and payment fraud by implementing security measures specifically designed for handling payment card data. Here’s how PCI DSS compliance safeguards Australian businesses:

1. Encryption of payment card data

One of the key requirements of PCI DSS is the encryption of cardholder data both in transit and at rest. This ensures that even if cybercriminals manage to intercept the data, they will not be able to decrypt it and misuse it. By implementing robust encryption, businesses can significantly reduce the likelihood of their payment card data being exposed during a breach.

2. Secure network architecture

PCI DSS mandates businesses to establish and maintain a secure network with firewalls and other security configurations to protect against unauthorized access. By isolating payment card systems from the rest of the corporate network, businesses can minimize vulnerabilities and reduce the risk of data breaches.

3. Regular vulnerability scanning and penetration testing

PCI DSS requires ongoing vulnerability scans and penetration testing to identify and remediate potential security flaws before they can be exploited. This proactive approach ensures that systems are continuously evaluated for weaknesses and can quickly adapt to emerging cyber threats.

4. Access control and authentication

PCI DSS enforces stringent access control measures, ensuring that only authorized personnel can access sensitive payment card data. Through multi-factor authentication (MFA) and role-based access controls, businesses can limit exposure to potential breaches by restricting access based on job responsibilities.

5. Monitoring and logging

Constant monitoring and logging of payment systems are essential for detecting suspicious activities and mitigating data breaches. PCI DSS requires businesses to log all access and activities involving payment card data, which can be used to identify anomalies and investigate potential breaches swiftly.

6. Security awareness and staff training

Employees are often the weakest link in cybersecurity. PCI DSS emphasizes the importance of regular security training to ensure staff members understand the latest threats and best practices for safeguarding payment data. This harbours a culture of security within the organization and helps prevent human errors that could lead to breaches.

To Conclude

The rising threat of data breaches in Australia underscores the critical importance of robust cybersecurity practices. For businesses handling payment card data, PCI DSS compliance is a vital step toward safeguarding sensitive information, building customer trust, and mitigating financial and reputational risks. By adopting this globally recognized framework, organizations can strengthen their security posture and stay resilient against evolving cyber threats.

 

 

The post How PCI DSS Compliance Protects Australian Businesses from Data Breaches? appeared first on Information Security Consulting Company - VISTA InfoSec.

Nmap is a network scanner, Nmap is used to discover hosts and services on a computer network by sending packets and analyzing ...

Read more

The post Nmap Vulnerability Scan appeared first on HackNos.

For all scans so far, we’ve only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don’t want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]

The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.

In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]

The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.

Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we’ve gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we’ve also installed a virtual machine with Metasploitable 2 [...]

The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.

A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]

The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.