Reverse Engineering on System Overlord

Course Review: Reverse Engineering with Ghidra

david@systemoverlord.com (David Tomaschik) — Sat, 17 Oct 2020 00:00:00 +0000

If you’re a prior reader of the blog, you probably know that when I have the opportunity to take a training class, I like to write a review of the course. It’s often hard to find public feedback on trainings, which feels frustrating when you’re spending thousands of dollars on that course.

Last week, I took the “Reverse Engineering with Ghidra” taught by Jeremy Blackthorne (0xJeremy) of the Boston Cybernetics Institute. It was ostensibly offered as part of the Infiltrate Conference, but 2020 being what it is, there was no conference and it was just an online training. Unfortunately for me, it was being run on East Coast time and I’m on the West Coast, so I got to enjoy some early mornings.

Weekly Reading List for 5/23/14

david@systemoverlord.com (David Tomaschik) — Fri, 23 May 2014 07:00:00 +0000

###Radare2 Book Maijin on GitHub is in the process of putting together an online book for Radare2. I’ve been looking for a good resource for using Radare2, and this is a great start.

###Reverse Engineering for Beginners Dennis Yurichev has a free eBook on Reverse Engineering. I haven’t gotten through it yet, but it looks interesting, and you can’t beat the price.

###Hacker Playbook Finally, I finished up The Hacker Playbook: Practical Guide To Penetration Testing this week. You can find my full review here.

Weekly Reading List for 1/18/14

david@systemoverlord.com (David Tomaschik) — Sat, 18 Jan 2014 05:00:00 +0000

I’ve decided to start posting a weekly reading list of interesting security-related articles I’ve come across in the past week. They’re not guaranteed to be new, but should at least still be relevant.

Using a BeagleBone to bypass 802.1x

Most security practitioners are already aware that NAC doesn’t provide meaningful security. While it’ll keep some random guy from plugging in to an exposed ethernet port in the lobby (shouldn’t that be turned off?), it won’t stop a determined attacker. You can just MITM the legitimate device, let it perform the 802.1x handshake, then send packets appearing to be from the legitimate device. To make it easier, ShellSherpa has put together a BeagleBone-based device to automatically MITM the NAC connection.

LD_PRELOAD for Binary Analysis

david@systemoverlord.com (David Tomaschik) — Mon, 13 Jan 2014 02:18:16 +0000

During the BreakIn CTF, there were a few challenges that depended on the return value of of libc functions like time() or rand(), and had differing behavior depending on those return values. In order to more easily reverse those binaries, it can be nice to control the return values of those functions. In other cases, you have binaries that may call functions like unlink(), system(), etc., where you prefer not to have those functions really called. (Though you are running these untrusted binaries in a VM, right?)

Lessons From the Nebula

david@systemoverlord.com (David Tomaschik) — Sun, 24 Mar 2013 00:46:59 +0000

Exploit-Exercises.com's Nebula, that is. I just spent a good 8 hours or so working through the levels there, and I'm pretty sure I took much longer than I should have. In any case, there were a couple of things I was disappointed by: running "getflag" to get a flag (or otherwise being delivered a token) didn't provide you with anything to really validate what you were doing. You can actually jump directly to any level (which is good when you reset your VM) but not so interesting for "progression" or the sense of accomplishment -- at least for me.