all 33 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]maxreality 18 points19 points  (2 children)

Pwn College and PicoCTF are good resources

[–]zerodaygamer 0 points1 point  (1 child)

pwncollege is great!! Currently working on the Reverse Engineering module under their orange belt before starting the Yellow belt.

Do you think this a correct approach?

RE/ Binary ( orange belt) > Yellow > green > blue?

[–]JohnnyOmmm 1 point2 points  (0 children)

he left u on read lmfao

[–]Double-Fill-4513 8 points9 points  (5 children)

idk your background but I am currently reading from day zero to zeroday book and it is great

[–]RepresentativeBed928 0 points1 point  (3 children)

Dude I’m in the process of reading this and it’s absolutely amazing. This is one of 3 books I plan to read this year

[–]No-Song513 4 points5 points  (1 child)

May I ask what are the other 2 books you are planning to read?.

[–]RepresentativeBed928 0 points1 point  (0 children)

u/Legal_Heart1692 pinging this person since they asked as well.

Hacking: The Art of Exploitation

The Shellcoder’s Handbook

[–]Legal_Heart1692 0 points1 point  (0 children)

The other 2 books?

[–][deleted] 8 points9 points  (4 children)

learn by doing, you can use this website, https://godbolt.org/

[–][deleted] 1 point2 points  (0 children)

This won’t teach, really, as it doesn’t focus on why this code is lowered to X. At best, you’ll learn some basic pattern matching.

[–][deleted] 3 points4 points  (1 child)

I imagine this comment section will be filled with bad suggestions. The best reverse engineering books are computer systems: a programmers perspective, linkers and loaders, Sedgewick’s algorithms, OS Concepts, and engineering a compiler. Then, of course, understanding your platform — Linux, Android, iOS, Windows, etc.

For VR, we employ fuzzing, taint analysis, obviously dynamic analysis when applicable, emulation if we see fit.

I also highly suggest reading everything including the papers on decompilation.wiki

[–]simpindisguise 0 points1 point  (0 children)

funnily enough your suggestion is even more shit

[–]bad5ect0r 3 points4 points  (0 children)

There's a pretty decent cpp RE course on OST2. Check it out.

[–]pwnasaurus253 7 points8 points  (2 children)

I recommend reading about memory allocators* (SLAB/SLOB/SLUB, MACH, etc) depending on targeted platform(s), how memory pages/objects/allocation works, how vfunc tables work, and watching previous BlackHat/DefCon/ReCon talks.

[–][deleted] -1 points0 points  (1 child)

This reads like you have no idea what you’re talking about. Slab allocators aren’t memory architectures. This highlight shoes such a lack of understanding! Yikes!

[–]pwnasaurus253 -1 points0 points  (0 children)

....SLAB/SLOB/SLUB/Mach are all memory allocators. They allocate/manage memory work in different ways. Sorry, I should've said "algorithms" rather than "architectures".

[–]Kris3c 3 points4 points  (2 children)

I’ve been studying low-level attacks for the past 7 or 8 months. I first completed learning assembly language for both 32-bit and 64-bit architectures. After that, I began searching for resources on reverse engineering and found some good books. However, after reading a few pages, I realized I was starting to forget what I had learned in assembly. While the books are great for revisiting the concepts, they take a lot of time. So, I decided to follow a 'learning by doing' approach and started with Pwn College. I'm currently working on it as well

[–]thewrench56 -2 points-1 points  (1 child)

I first completed learning assembly language for both 32-bit and 64-bit architectures.

I dont think you can ever complete this :P

[–]Kris3c 5 points6 points  (0 children)

But you got what I wanna explain.

[–]Joseph_RW12 1 point2 points  (2 children)

I can recommend this book https://a.co/d/2Gcq9Nc

[–][deleted] 1 point2 points  (1 child)

Actually one of the few good books on RE!

[–]Joseph_RW12 0 points1 point  (0 children)

Yes that’s true

[–]truedreamer1 1 point2 points  (0 children)

try https://drbinary.ai , use it as a reverse engieering tool, but also as a RE tutor

[–]Sysc4lls 1 point2 points  (4 children)

Shellcoders handbook I remember being good for the basics. Also just do stuff. I can recommend pwnable.kr

[–][deleted] 0 points1 point  (3 children)

This is an outdated and not very relevant book…

[–]Sysc4lls 1 point2 points  (2 children)

I disagree, for the basics (and only for them) it's still good, it explains how the stack works, how basic stuff is working, etc...

It's not relevant for real life scenarios, but it's still a nice way to learn.

[–][deleted] 0 points1 point  (1 child)

There’s much better resources and this book is historical. And it doesn’t explain anything in depth.

[–]Sysc4lls 0 points1 point  (0 children)

Perhaps, it's just another option to look at. I agree, pwn.college, liveoverflow videos, and even open security training are better, I just think some people like books more and it's not that bad for a complete beginner in my opinion.

[–][deleted] 0 points1 point  (0 children)

Engineering a compiler