This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?
For those that arent what it is, its pretty much the lowest level programming languages computers understand without resorting to simply 1s and 0s.
In straight forward terms the answer is yes, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. ****sploit is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.
You might be able to fuzz out an overflow in some software using a pre-written python fuzzer, but what are you going to do then you need to at least understand the stack/heap and EIP/ESP etc.
Even if you dont plan to be that hardcore learning Assembly really wont hurt at all, a great place to start is the PC Assembly Language book by Paul Carter.
Another great resource is Iczelions Win32 Assembly Homepage which has a bunch of tutorials, source code examples and links.
As many say Assembly is easy to learn but hard to MASTER.
I started out with The Art of Assembly and I suggest you do too.
An assembly language is a low-level language for programming computers. It implements a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable).
The mnemonics looks like MOV JMP and PSH.
In straight forward terms the answer is yes, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. ****sploit is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.
You might be able to fuzz out an overflow in some software using a pre-written python fuzzer, but what are you going to do then you need to at least understand the stack/heap and EIP/ESP etc.
Even if you dont plan to be that hardcore learning Assembly really wont hurt at all, a great place to start is the PC Assembly Language book by Paul Carter.
The tutorial has extensive coverage of interfacing assembly and C code and so might be of interest to C programmers who want to learn about how C works under the hood. All the examples use the free NASM (Netwide) assembler. The tutorial only covers programming under 32-bit protected mode and requires a 32-bit protected mode compiler.
If you are specialising though youll be looking more into the realm of debuggers, disassemblers and reverse engineering SoftICE was king back in the day.
Another great resource is Iczelions Win32 Assembly Homepage which has a bunch of tutorials, source code examples and links.
As many say Assembly is easy to learn but hard to MASTER.
I started out with The Art of Assembly and I suggest you do too.