Archive

Archive for the ‘Disassembly’ Category

FSExploitMe and Exploit-Exercises

March 17, 2015 Leave a comment

If you are interested in learning about ActiveX exploitation, security researcher/consultant/professor Brad Antoniewicz has created FSExploitMe for just that purpose.

You’ll want a copy of Internet Explorer 8 to get the most out of it, but fortunately you can get a VM running IE8 for *free* from Microsoft.

And if you are interested in getting deeper into Linux exploitation, exploit-exercises.com has pre-built VM’s with capture-the-flag style levels and challenges for each level. It also has challenges for beginners to expert and is designed to teach:

[…]about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

Advertisement
Categories: Disassembly, Linux, Tech, Windows

x64_dbg — a powerful open-source 32 and 64-bit debugger for Windows

July 27, 2014 Leave a comment

x64_dbg is a very powerful open-source 32 and 64-bit assembler/debugger for Windows. The UI is reminiscent of OllyDbg with some additions that are clearly inspired by IDA Pro.

I’m looking forward to using this tool in place of OllyDbg, especially for 64-bit related RE tasks.

Categories: Disassembly, Tech, Windows

Free Online CTF and Penetration Testing Course

June 14, 2014 1 comment

From Trail of Bits, they are offering a free online CTF and penetration testing course. Lots of great material from a well respected organization.

 

Debugger Detection in Windows

March 15, 2014 Leave a comment

Some thorough documentation on anti-debugging techniques in Windows:

Categories: Disassembly, Programming, Tech

injdmp: dumping injected processes and dumping process memory that is marked as RWX

January 24, 2014 Leave a comment

This is awesome.

http://hooked-on-mnemonics.blogspot.com/p/injdmp.html

injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. The tool can detect most malware that uses process injection. As of this writing it can dump processes related to Zeus/Citadel, Cridex, Ramnit, Poison Ivy  and a number of other families of malware.

Categories: Disassembly, Tech, Windows

[link] Layman’s Guide to Integrated Circuit RE

January 15, 2014 Leave a comment

Great website.

The Layman’s Guide to IC Reverse Engineering has been created to teach you the very basics of what it takes to reverse engineer integrated circuits. Not too much particular focus is given to the physics and math, just the bare essentials for a layman to turn images into logic. And chips into images. Kudos to academia, security researchers, and chip enthusiasts from around the world for all their papers and presentations that this effort draws inspiration from.

Categories: Disassembly, Tech

[link] “iOS Assembly Tutorial: Understanding ARM”

January 8, 2014 Leave a comment

Here’s a very well written post by Matt Galloway…this one is about ARM assembly.

When you write Objective-C code, it eventually turns into machine code – the raw 1s and 0s that the ARM CPU understands. In between Objective-C code and machine code, though, is the still human-readable assembly language.

Understanding assembly gives you insight into your code for debugging and optimizing, helps you decipher the Objective-C runtime, and also satisfies that inner nerd curiosity.

In this iOS assembly tutorial, you’ll learn:

  • What assembly is – and why you should care about it.
  • How to read assembly – in particular, the assembly generated for Objective-C methods.
  • How to use the assembly view while debugging – useful to see what is going on and why a bug or crash has occurred.
Categories: Apple, Disassembly, Tech

“Practical Reverse Engineering”

January 3, 2014 Leave a comment

I heard about this book via Twitter, and am anxiously awaiting its release on Feb 17, 2014

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Analyzing how hacks are done, so as to stop them in the future

Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.

The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.

  • Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
  • Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
  • Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
  • Demystifies topics that have a steep learning curve
  • Includes a bonus chapter on reverse engineering tools

Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.

Categories: Disassembly, Tech

Reverse engineering contest open til Dec 9

December 1, 2013 Leave a comment

I love a good RE contest! This one closes Monday, Dec 9, 2013.

https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity

So here’s what we’ve cooked up for all of you EH-Netters out there. Just like you, eLS is also driven by passion, so they prepared a small challenge for their future students. Below is an executable just begging to be broken. You’ll have until Monday Dec 9 to break it. If you do, you’ll be entered into a pool of candidates where one of you will win the entire ARES course + Certification Exam for free! Then tune in to our Webcast with eLS’s Armando Romeo and Kyriakos Economou on Tuesday Dec 10 at 11:00 AM CT (GMT-6) for an Intro to RE, the solution to the challenge and the announcement of the winner. Good Luck.

Categories: Disassembly, Tech

Python RE extensions for GDB

November 19, 2013 Leave a comment

Over at ‘The Grey Corner’ blog, there’s a nice article presenting the author’s Python extensions to aid in reverse engineering with GDB.

If you started to learn reverse engineering and exploit development on 32 bit Windows systems as I did, you were probably very unimpressed when you first attempted to try out your skills on *nix machines and started (trying to) use gdb.  I know I was.

Gdb is quite powerful, but it seems to be focused more on debugging applications with source and debug symbols.  While its certainly possible to debug applications while only having access to the stripped binary, a lot of gdb’s frequently used features aren’t that useful.  Gdb wasnt designed with a focus on reverse engineering in mind, and neither were a lot of the various gdb GUI front ends.  Things that are simple in OllyDbg such as getting an immediate view of the stack, disassembly and register values every time the program stopped, or searching for a particular value through all of program memory are just painful.

Thats why the last time I had to reverse engineer an application on Mac OSX, I wrote some extensions for gdb using the Python API that was added to gdb in version 7.  These extensions consisted of a few new gdb commands, as well as some nifty hooks that enabled me to get the necessary information out of the program in a way that I was familiar with.

Categories: Disassembly, Tech