It's definitely not as intimidating as some make it out to be; however, it can certainly get quite complex, especially when dealing with encryption routines, obfuscation, the construction of arguments to function calls in complex applications, etc... The good news is, it's a pretty linear curve and not exponential. If you continue to build your knowledge up practically, the sky's the limit!
Good idea. It's either really easy to fix, or really hard to fix. haha. Showing the usual way that fixes it could be a quick upload. Thanks for the suggestion.
😮 You are my younger role model!🦸🏻♂️And you’ve created an outstanding service to humanity. As you said in the video about RDP, “Don’t just turn it on and assume that it works.” I would’ve assumed just that way lol! Now I know that setting up RDP for remote servicing involves validation by logging in and making sure that I can authenticate. Otherwise, I could be wasting our time requesting help that I am unknowingly setting up for failure. I can’t wait to note the rest of this video. Thank you!
Repeat the steps in the vid, and then continue onward. There's no reason why you can't start finding vulns. Put in the work, expect to be frustrated (as we all get that way!), and focus on an attack surface.
haha, Windows 7 wasn't even safe when it was introduced. That specific system you're referring to in this vid is used for some unsigned hardware and driver items. This vid was all Linux.
hi, i have a question, when you reverse ing. windows drivers and kernel stuff, how do you identifiy a potential bug? do you look at specific patterns ? for example search user controlable data
Often it's done via fuzzing. For example, with drivers, you may want to understand the supported IOCTL's for a given driver and then look to find a way to mess with the input and output buffers. The bug will mostly likely be obvious as you'll get a BSOD (Windows). Historically, it was common to update the output buffer address (via a bug) to be an entry in the HAL Dispatch Table. Then in userland, you call a function that in turn calls the address you overwrote in the HAL Dispatch Table, getting you code execution. Same with TTF (font) bugs. Mostly done via fuzzing.
The printf() function simply prints out the string passed to it. The data it prints when compiled is stored in the .data segment. The malloc() and memset() functions are working with the heap in this example.
@OffByOneSecurity Sorry for the incorrect timestamp. at 1:33:25 aren't those heap chunk addresses that we allocated? My question was why it stored the string data we printed out using puts at those specific addresses?
Stay happy 🎉 Stephen. Please make a whole playlist on reverse engineering. Thank you
I will definitely continue to add more. It's important to knock out some basics before approaching more complex areas. I'm looking forward to it.
This video just made reverse engineering look so easy
It's definitely not as intimidating as some make it out to be; however, it can certainly get quite complex, especially when dealing with encryption routines, obfuscation, the construction of arguments to function calls in complex applications, etc... The good news is, it's a pretty linear curve and not exponential. If you continue to build your knowledge up practically, the sky's the limit!
Thank you, Stephen 💯, more knowledge
Stephen always da best
Thanks man. Glad you're here.
This is gold. Thanks so much
Thanks Stephen! "Basic" video idea: Common causes for "SP analysis failed" in IDA and how to deal with them.
Good idea. It's either really easy to fix, or really hard to fix. haha. Showing the usual way that fixes it could be a quick upload. Thanks for the suggestion.
This is good stuff, but so over my head. 🤣 I even have a CS degree and I can only follow along what your saying so far. Great video though.
Thanks Stephen! Can you please plan another video for reverse engineering of Android!?
Thanks Stephen :)
😮 You are my younger role model!🦸🏻♂️And you’ve created an outstanding service to humanity.
As you said in the video about RDP, “Don’t just turn it on and assume that it works.”
I would’ve assumed just that way lol! Now I know that setting up RDP for remote servicing involves validation by logging in and making sure that I can authenticate. Otherwise, I could be wasting our time requesting help that I am unknowingly setting up for failure.
I can’t wait to note the rest of this video.
Thank you!
He's my favorite
i wish i could be at this level. better yet to single handily make a 5 - 7 vuln exploit
Repeat the steps in the vid, and then continue onward. There's no reason why you can't start finding vulns. Put in the work, expect to be frustrated (as we all get that way!), and focus on an attack surface.
Hope to see more from this series! By the way is this is win7? Is it safe in 2024 to use it anymore!
haha, Windows 7 wasn't even safe when it was introduced. That specific system you're referring to in this vid is used for some unsigned hardware and driver items. This vid was all Linux.
hi, i have a question, when you reverse ing. windows drivers and kernel stuff, how do you identifiy a potential bug? do you look at specific patterns ? for example search user controlable data
Often it's done via fuzzing. For example, with drivers, you may want to understand the supported IOCTL's for a given driver and then look to find a way to mess with the input and output buffers. The bug will mostly likely be obvious as you'll get a BSOD (Windows). Historically, it was common to update the output buffer address (via a bug) to be an entry in the HAL Dispatch Table. Then in userland, you call a function that in turn calls the address you overwrote in the HAL Dispatch Table, getting you code execution. Same with TTF (font) bugs. Mostly done via fuzzing.
but for fuzzing drivers you need a VM right? im not familiar with fuzzing drivers
Maybe silly question, but i'm new in this field. at 1:35:40 why did it stored our printf string data in heap that we allocated and not in stack?
The printf() function simply prints out the string passed to it. The data it prints when compiled is stored in the .data segment. The malloc() and memset() functions are working with the heap in this example.
@OffByOneSecurity Sorry for the incorrect timestamp. at 1:33:25 aren't those heap chunk addresses that we allocated? My question was why it stored the string data we printed out using puts at those specific addresses?
Idapro pls!
I just did one on recreating undocumented structs! More to come on this Friday.