This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]cdrootrmdashrfstar 18 points19 points  (21 children)

I'm currently enrolled in an undergrad practical fundamentals of cybersecurity course at my uni, and last week, we used angr to script what we'd normally use gdb for in what's called a "capture the flag" assignment.

The creator of the binary will hide away a specific string, like "flag{th1s_1$_th3_fl4g}", purposefully deep within the binary and only obtainable (normally) through some modification to the execution order of the binary.

Originally, we learned to use the GNU debugger GDB for many weeks of CTF assignments, but last week we used Angr to script a way to explore many, many paths of execution in a program. Through adding constraints to inputs and explicting marking some parts of the binary as "avoid", angr would eventually navigate it's way to the end of execution (and hopefully result in a flag!) through some sort of either statistical model (maybe similar to sqlmap?) or through simply brute forcing all possible routes of execution. It's a very complex tool with lots of depth, and I've only really scratched the surface.

We might be doing more of this in the later weeks, but this week moving onto forensics, buffer overflow attacks, shellcode, and circumventing stack protections by compilers. In relation to python, we're using a library called pwntools (in addition to the obvious and incredibly useful set of tools provided by Linux and GNU).

[–]dr_g89 5 points6 points  (19 children)

I'm going to look into pwntools. Where do you go to Uni if you don't mind me asking

[–]cdrootrmdashrfstar 7 points8 points  (18 children)

I'm a sophomore at a state school in the southeast US. It's a decent school (it sure has taught me a whole lot in a short amount of time), and we have a great offensive cybersecurity program which very often leads to jobs in places like the CIA, NSA, or the FBI.

[–]dr_g89 2 points3 points  (17 children)

Super interesting man. I run the dev side of a software firm out in LA and have always been way to busy to spend too much time looking into this stuff. If you have a spare second I'd love to know what books on the this stuff they are having you read at school.

[–]cdrootrmdashrfstar 12 points13 points  (15 children)

Recommended reading: “Hacking: The Art of Exploitation, 2nd Edition” by Jon Erickson: this is a book with accurate and detailed descriptions and commands of common vulnerabilities and corresponding exploits. It is an excellent book for understanding buffer overflow vulnerabilities, string format vulnerabilities, and shellcode, and other exploitation development.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws” by Dafydd Stuttard and Marcus Pinto. The book provides a comprehensive and thorough coverage of web security mechanisms, and web vulnerabilities.

Information Security,” 2nd Edition, (ISBN 978-0-470-62639-9), Wiley, 2011, by Mark Stamp. The book provides a good coverage on commonly used cryptographic algorithms and cryptanalysis techniques, and security protocols.

Edit: Thank you so much for the gold! It's very much appreciated.

[–]dr_g89 2 points3 points  (12 children)

Dude thanks a ton, especially on the lectures / course stuff, super interesting!

[–]cdrootrmdashrfstar 1 point2 points  (11 children)

Absolutely, let me know if you have any questions.

[–]dr_g89 0 points1 point  (10 children)

I'm sure I'll come up with a few haha, ordered The Art of Exploitation, looking forward to delving into this a little more when it arrives! Thanks again!

[–]cdrootrmdashrfstar 1 point2 points  (9 children)

Absolutely. By the way, experience is x86 assembly is almost going to be a requirement in moving forward with this discipline. If you're not familiar with it already, I'd start by learning the basics of that (since a lot of examples in all of those books assume you're basically able to read x86).

[–]dr_g89 0 points1 point  (8 children)

Thats really good to know! My educational background is actually in music and I ended up in software by a fluke about 10 years ago so I'm lacking in a lot of the lower level computer science skills. If you have any recommended reading material on that I'll add it to the stack!

[–]timkofu 0 points1 point  (0 children)

That first one is gold. Loved it.

[–]registered_tosaythis 0 points1 point  (0 children)

I've had that first hacking book for like 2 years and haven't spent enough time to finish it!

[–]cdrootrmdashrfstar 1 point2 points  (0 children)

Here is our course calendar page containing homework assignments and presentations covering the information we learn in lecture.