crazylazy.info

txt

For Hackers and Reverse Engineers?

"Security professional" as a term doesn't really sell that well? In any case the book in Germany was hard to get. Maybe because some people get especially nosy if they read the "Hacker" term - even if referenced by the MIT definition.

It turns out that's not the only reason why it's hard to get. Reverse Engineering skills in today's Malware infested distributed systems, like internet or LANs, are essential to maintain a certain amount of effective countermeasures. Speaking of Stormworm or Confickr, where it's intelligence vs. intelligence.

So it's not that surprising: the book begins, introducing setups, and with debugging examples. But that's briefly and introductorily. The more advanced stuff starts in chapter 3.

Writing your own debugger? - Yes!

Chapter 3 is awesome. It's about how design your own Windows debugger, implement it, and how to use it. - That's the best way to dive deeply into something: touching it as deep as possible.

Further chapters utilize pyDBG and imDBG. Latter is free, the new kid on the block, and has got effective features: for example Python support. The books stays consistent while introducing the tools. It's about where to use Python, not how: and for the the debuggers you need Python.

Fuzzers

I personally used RE:trace yesterday and attached a process to it, while fuzzing it with Peach and analyzing it's memory behavior with Valgrind. When I did that I realized that on Windows machines there's no Dtrace and there's no Valgrind.

So it's going to be much harder. Justin for the book uses Sulley instead of Peach, and it seems the features are very convenient in case of virtualization and automation; because reversing takes time. He introduces Windows Driver Fuzzing as example situations. I never did this before. So here it started getting interesting. Thing is: it ends very abruptly. Like somebody used a scissors and cut of the exploitation.

Disassemblers and Emulators

IDApython is well known and has it's own chapter. The example scripts show how to locate function-cross-references and code-coverage-techniques. That's essential for bug-hunting, because you've to know how often certain code-parts get called. Sometimes orphaned functions which don't get much attention in the vendor's developing process don't get many code-reviews either. Here's the pragmatic part of the book. And a part where I expected a little more, too. Like usage of Pai Mai for binary-code-coverage tasks. Or exploitation in general.

Just for finding?

The Art of Exploitation by Jon Erickson or the Shellcoder's Handbook by Dave Aitel, Jack Koziol, David Lichfield - and many other contributers are essential companions to this book. Without proper knowledge of exploitation techniques even successful bugfinding is useless nowadays, because it proofs nothing. It's a lot of fun reading it while enhancing ones own capabilities in Python, reversing, fuzzing, debugging, disassembling... but it needs a basic fundament of very security specific knowledge: in exploit development, in reverse engineering, and even in Windows backend functions. Because the book just features Windows.

It's not a beginner's book. As a beginner starting with exploiting on less restricted and open platforms like Linux is preferable. For advanced security professionals the book is aiming in the right direction and connecting lots of awesome Python tricks together. Maybe you've already seen the techniques Justin mentions. But getting a deeper insight is worth it.

Have fun,
wishi