how do I into binary exploitation
I have a basic understanding of how it works but when I try to do challenges on microcorruption ctf I get pretty stuck pretty quickly
what are some good resources for learning more about using radare2 to look for exploits
I have some pretty decent programming background but not too much in terms of computer architecture
>pretty decent programming background
Doesn't sound like it.
sent ;)
Perhaps you should try writing some programs in asm so you know wtf you're looking at.
...
not a bad idea, what are some good resources for understanding all the registers and everything for x86?
Google?
Seriously, fucking gas yourself.
I'll be honest I don't know the first thing about assembly but google is your friend.
yeah google should be a good start.
If you know C do this: write simple programs, compile them with the -g flag, and open them with gdb (gotta learn some gdb commands too). Make the programs increasingly more complex and look at the disassembly, step through it.
You need also know the stack discipline: what a stack frame is, what's each thing in a stack frame, how local variables are addressed in stack frames, etc.
There are plenty of tutorials for x86 assembly, a lot of them. Most of them are for 32 bit x86 though, which is really not so different, the registers are smaller and have slightly different names (%eax corresponds to 64 bit %rax for example). Just pick a good "x86 assembly programming tutorial" and you'll be fine.
If I remember the name of the book with which I learned I'll tell you
>be american
>come home from shipping missiles to isreal
>believe repeating digits on an anime forum changed the election
>shit myself while shopping for wonder bread
>get attacked by protesters
>get shot in a mass shooting
>nurse slaps me for not using xer preffered pronouns
>can't get obamacare because i spent my data cap on asian cartoons
>lose my job because it got moved to mexico
>get arrested for collecting rainwater
>serve three life sentences for resisting arrest
>cellmate trades my asshole for toilet wine
>get shot
but at least my flag is on the moon
>radiation has caused the flag to become completely white
...
Sounds to me you just need to have a better understanding of assembly.
roll
Do ctfs, pwnable dot kr and picoctf are good places to start. A lot of it is just reading other people's exploits and understanding how they work
why learn for 32 instead of 64 bit
Roll
pls give me jillian
X86-64 only uses RVAs, x86 uses full addresses. The 86-64 also only has one calling convention vs the 8000 on 86
roll
is it really hard to get job in RE?
anyone here working in RE?
rollin'
ayy roll
It's not, do ctfs with your college and apply for internships at a contractor or NSA
I know a shitload of people who have done it
I can not into NSA because I can get h1b at best.
I wish it was that easy, maybe murrica is different but here in yourpoo I they always look for advenced people with documented xp and several years of practice.
let's see what we get
Would like to help but unfortunately I only assembly languages I know are 6502, z80, and m68k
A lot of it is just finding people with similar interests, hang around freenode and just ctf
well when I learned assembly a few years ago I could only find 32 bit texts. Occasionally a 64 bit text but they usually all sucked and pretty much assumed you already knew 32 bit
Yes I do software dev and vulnerability research.
Found a nice logic bug in a product where it can be exploited, but can't tell you as we have NDA's.
Not at all. I live in a country in Europe. I went straight from MSc to dev/research. Show a bit of initiative, like RE at home (I just said about my game cracking stuff, they don't mind as long as you "promise" not to break the law if you get in. Proof of IDA knowledge, along with WinDbg. And your golden. Well as you noticed I'm a Windows dev, can do Linux to, but my strength is PE files.
not to mention that Trump will ban all muslims and Europe is an arab land now
What's your favorite winternals meme? Mine has to be the global desktop heap where you can see every window name and dimension on the same desktop from your own executable
How do you find bugs? I know about fuzzers n shit, but I always think that if an automated tool could find me a bug/hole, it would've been found already. What else do you do?
I'm thinking of getting the program in question in a jail/VM where I feed it a lot of bogus input from all fronts. Any suggestions?
Biggest windows fail is the fact that your PEB/TEB is in usermode, and kernel access your UM data.
I've never had luck with fuzzers. I usually stick it in Ida, and look for where any I/O occurs (from userinput, to regkey accesses, to file read etc), and work from their. And also sticking it WinDbg to analyze what it's doing, e.g. where hash generation for game keys are generated etc, and extracting it to make a keygen.
The peb/teb make a bit of sense, relocations/exception shit and the tls live in them, but it is dumb that kernel trusts anything coming from them.
By any chance learned from ; assembly language step by step from Jeff duntermann ?
Lol I love this picture
hoyga ci
Ehm, I mean, yes, actually that was it. I remember the chapter on alien bases in particular.
I also suggest for OP The Shellcoder's Handbook for exploiting on all sorts of platforms
>Jewgle
Fucking gas yourself