Nightmare – Guided Intro to Binary Exploitation/Reverse Engineering
guyinatuxedo.github.ioThe best thing one can do when setting out on the journey to learn reverse engineering is to avoid the temptation of trying to understand every line of assembly. Instead, try and gain an intuition around common patterns in various dialects (ARM / x86 / MIPS / etc).
You can then abstract that understanding into macro-intuitions of control flow. When opening a black box binary in IDA for the first time, this allows you to think in terms of "X input results in control flow path Y which gives me access to function Z and - because of calling convention - register A to redirect execution to memory location M." Now you're in business and can worry about shellcode, ROP chains, whatever.
Just a couple of cents from the trenches.
Can't recommend this enough. It's an exponential increase in difficulty/time spent on the exercises, but it's really worth it, you end up learning both how to read assembly and different low-level security issues, countermeasures (NX, ASLR, stack canaries, safer programming paradigms) and bypasses to said countermeasures.
i agree, and its for the wonderful msp430 architecture
Props to @travmatt for this find (https://news.ycombinator.com/item?id=22401990)
For anyone who is new to assembly and has $10 to spare, I would recommend getting Human Resource Machine on steam. It's essentially a game that teaches you basic assembly programming. It's a lot of fun, and very hackable since you can import and export between the game and your favorite text editor.
Shenzhen IO is also worth checking out.
Thanks for the links you've been posting, @throwaway_7718! All great material that will be tried in due time :)
Happy to help!
Nice, this looks fairly comprehensive! It should be a fairly decent resource for people trying to get into the area.
Nice to see CSAW represented so much there. Shout out from an OSIRIS Lab alum.
"We write code that is handed to a compiler, and the compiler takes that code and generates assembly code that will accomplish whatever the C code tells it to."
Uhhhh....
It sounds like you have a much clearer way of summarizing the compilation and linking process. As the book is the product of a college student who wanted to start a community around learning these skills it doesn’t promise perfection, and I’m sure we’d benefit from your expertise.
No actually my comment was glib, i'd delete it if I could. This is a fine resource, I was grousing about semantics, it was unwarranted.