Gabriel Biondo

Security Researcher • macOS Specialist • Exploit Developer

2 minute read

Past lessons in this series:

Before we touch a single instruction, we need to address a simple, uncomfortable truth: if you don’t understand Assembly, you don’t understand software. You might use software. You might debug software. You might even attack software. But you don’t understand it.

Everything else — C, Rust, Swift, Python, pick your poison — is just a convenience layer built on top of one immutable reality: the machine executes instructions.

Not abstractions. Not high-level intentions.

Instructions

Assembly matters because it is the closest readable representation of those instructions. It’s the only place where the truth is still visible.

Understanding Assembly gives you three unfair advantages:

1. You actually see how the machine works

No marketing. No compiler sugar. Just bytes flowing through registers, memory, and the instruction pipeline. It’s the closest you can get to the silicon without burning your fingers.

2. You stop being afraid of binaries

Most developers and pentesters behave like binaries are some sort of cursed object. They’re not. They’re just deterministic structures shaped by compilers. Once you understand Assembly, you can navigate them as if you wrote them yourself.

3. You gain the ability to explain what happens

This is what separates experts from imposters. When something crashes, leaks, corrupts memory, or gets exploited, you’ll know exactly why.

“Do I need to memorise all instructions?”

No.

You need to understand patterns, not phone books.

  • Function prologues/epilogues
  • Calling conventions
  • Stack discipline
  • Control flow
  • Data movement
  • ABI constraints
  • Compiler idioms

The moment you learn these, you become fluent enough to reconstruct the intent of any function, even if you’ve never seen that exact code before.

Which Assembly?

We’ll start with AArch64, for one simple reason: it’s the present and the future.

Apple, ARM servers, mobile, embedded, IoT — the world is converging there.

Later, if you want, we’ll look at x86_64 for historical awareness.

But the priority is ARM.

So what’s next?

Tomorrow, the first real lesson: registers. I know, it’s boring, but that’s the beginning of it all.

In the meantime: if you haven’t yet, read Mac Malware Reversing Lab. You’ll need a proper debugging environment anyway.

Want the deep dive?

If you’re a security researcher, incident responder, or part of a defensive team and you need the full technical details (labs, YARA sketches, telemetry tricks), email me at info@bytearchitect.io or DM me on X (@reveng3_org). I review legit requests personally and will share private analysis and artefacts to verified contacts only.

Prefer privacy-first contact? Tell me in the first message and I’ll share a PGP key.

Subscribe to The Byte Architect mailing list for release alerts and exclusive follow-ups.

Gabriel(e) Biondo
ByteArchitect · RevEng3 · Rusted Pieces · Sabbath Stones

You May Also Enjoy

Introduction to registers

5 minute read

Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...

Reversing 101 - introduction

2 minute read

A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...