I have a basic understanding of how it works but when I try to do challenges on microcorruption ctf I get pretty stuck pretty quickly
what are some good resources for learning more about using radare2 to look for exploits
I have some pretty decent programming background but not too much in terms of computer architecture
John Rodriguez
>pretty decent programming background Doesn't sound like it.
Brandon Nelson
sent ;)
Henry Clark
Perhaps you should try writing some programs in asm so you know wtf you're looking at.
Christian Brooks
...
Asher Butler
not a bad idea, what are some good resources for understanding all the registers and everything for x86?
Evan Cox
Google? Seriously, fucking gas yourself.
Camden Lewis
I'll be honest I don't know the first thing about assembly but google is your friend.
Landon Cruz
yeah google should be a good start. If you know C do this: write simple programs, compile them with the -g flag, and open them with gdb (gotta learn some gdb commands too). Make the programs increasingly more complex and look at the disassembly, step through it. You need also know the stack discipline: what a stack frame is, what's each thing in a stack frame, how local variables are addressed in stack frames, etc. There are plenty of tutorials for x86 assembly, a lot of them. Most of them are for 32 bit x86 though, which is really not so different, the registers are smaller and have slightly different names (%eax corresponds to 64 bit %rax for example). Just pick a good "x86 assembly programming tutorial" and you'll be fine. If I remember the name of the book with which I learned I'll tell you
Ethan Stewart
>be american >come home from shipping missiles to isreal >believe repeating digits on an anime forum changed the election >shit myself while shopping for wonder bread >get attacked by protesters >get shot in a mass shooting >nurse slaps me for not using xer preffered pronouns >can't get obamacare because i spent my data cap on asian cartoons >lose my job because it got moved to mexico >get arrested for collecting rainwater >serve three life sentences for resisting arrest >cellmate trades my asshole for toilet wine >get shot
but at least my flag is on the moon
>radiation has caused the flag to become completely white
...
Blake Russell
Sounds to me you just need to have a better understanding of assembly.
Charles Reed
roll
Christian Miller
Do ctfs, pwnable dot kr and picoctf are good places to start. A lot of it is just reading other people's exploits and understanding how they work
Easton Lewis
why learn for 32 instead of 64 bit
Chase Richardson
Roll
Ryder Young
pls give me jillian
Caleb Scott
X86-64 only uses RVAs, x86 uses full addresses. The 86-64 also only has one calling convention vs the 8000 on 86
Aiden Hall
roll
Lucas Carter
is it really hard to get job in RE?
anyone here working in RE?
Aaron Richardson
rollin'
Jordan Clark
ayy roll
Brody Barnes
It's not, do ctfs with your college and apply for internships at a contractor or NSA I know a shitload of people who have done it
Chase Lee
I can not into NSA because I can get h1b at best.
I wish it was that easy, maybe murrica is different but here in yourpoo I they always look for advenced people with documented xp and several years of practice.
Michael Peterson
let's see what we get
Grayson Adams
Would like to help but unfortunately I only assembly languages I know are 6502, z80, and m68k
Joseph Robinson
A lot of it is just finding people with similar interests, hang around freenode and just ctf
David Garcia
well when I learned assembly a few years ago I could only find 32 bit texts. Occasionally a 64 bit text but they usually all sucked and pretty much assumed you already knew 32 bit
James Stewart
Yes I do software dev and vulnerability research.
Found a nice logic bug in a product where it can be exploited, but can't tell you as we have NDA's.
Not at all. I live in a country in Europe. I went straight from MSc to dev/research. Show a bit of initiative, like RE at home (I just said about my game cracking stuff, they don't mind as long as you "promise" not to break the law if you get in. Proof of IDA knowledge, along with WinDbg. And your golden. Well as you noticed I'm a Windows dev, can do Linux to, but my strength is PE files.
Christopher Jackson
not to mention that Trump will ban all muslims and Europe is an arab land now
Lincoln Wood
What's your favorite winternals meme? Mine has to be the global desktop heap where you can see every window name and dimension on the same desktop from your own executable
Bentley Phillips
How do you find bugs? I know about fuzzers n shit, but I always think that if an automated tool could find me a bug/hole, it would've been found already. What else do you do? I'm thinking of getting the program in question in a jail/VM where I feed it a lot of bogus input from all fronts. Any suggestions?
Thomas Jenkins
Biggest windows fail is the fact that your PEB/TEB is in usermode, and kernel access your UM data.
I've never had luck with fuzzers. I usually stick it in Ida, and look for where any I/O occurs (from userinput, to regkey accesses, to file read etc), and work from their. And also sticking it WinDbg to analyze what it's doing, e.g. where hash generation for game keys are generated etc, and extracting it to make a keygen.
Carson Morris
The peb/teb make a bit of sense, relocations/exception shit and the tls live in them, but it is dumb that kernel trusts anything coming from them.
Jackson Richardson
By any chance learned from ; assembly language step by step from Jeff duntermann ?
Nicholas Wright
Lol I love this picture
Christopher Nguyen
hoyga ci Ehm, I mean, yes, actually that was it. I remember the chapter on alien bases in particular.
I also suggest for OP The Shellcoder's Handbook for exploiting on all sorts of platforms