If you are interested in learning about ActiveX exploitation, security researcher/consultant/professor Brad Antoniewicz has created FSExploitMe for just that purpose.
You’ll want a copy of Internet Explorer 8 to get the most out of it, but fortunately you can get a VM running IE8 for *free* from Microsoft.
And if you are interested in getting deeper into Linux exploitation, exploit-exercises.com has pre-built VM’s with capture-the-flag style levels and challenges for each level. It also has challenges for beginners to expert and is designed to teach:
[…]about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
x64_dbg is a very powerful open-source 32 and 64-bit assembler/debugger for Windows. The UI is reminiscent of OllyDbg with some additions that are clearly inspired by IDA Pro.
I’m looking forward to using this tool in place of OllyDbg, especially for 64-bit related RE tasks.
From Trail of Bits, they are offering a free online CTF and penetration testing course. Lots of great material from a well respected organization.
Some thorough documentation on anti-debugging techniques in Windows:
This is awesome.
injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. The tool can detect most malware that uses process injection. As of this writing it can dump processes related to Zeus/Citadel, Cridex, Ramnit, Poison Ivy and a number of other families of malware.
The Layman’s Guide to IC Reverse Engineering has been created to teach you the very basics of what it takes to reverse engineer integrated circuits. Not too much particular focus is given to the physics and math, just the bare essentials for a layman to turn images into logic. And chips into images. Kudos to academia, security researchers, and chip enthusiasts from around the world for all their papers and presentations that this effort draws inspiration from.
When you write Objective-C code, it eventually turns into machine code – the raw 1s and 0s that the ARM CPU understands. In between Objective-C code and machine code, though, is the still human-readable assembly language.
Understanding assembly gives you insight into your code for debugging and optimizing, helps you decipher the Objective-C runtime, and also satisfies that inner nerd curiosity.
In this iOS assembly tutorial, you’ll learn:
- What assembly is – and why you should care about it.
- How to read assembly – in particular, the assembly generated for Objective-C methods.
- How to use the assembly view while debugging – useful to see what is going on and why a bug or crash has occurred.