DOCSLIB.ORG

Lecture 1 Introduction

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Lecture 1 Introduction Lecture 1 Introduction. Basic Exploration Tools Computer and Network Security 30th of September 2019 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 1/52 Outline Introduction Things You Need to Know Tools of the Trade (That You May or May Now Know) Basic Tools for Exploration Demo Conclusion CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 2/52 On this class I Computer and Network Security I offensive security, hacking, reverse engineering, runtime application security I programming/practical oriented I focus on binary exploitation (pwn levels in CTFs) I lecture: Monday, 6pm-8pm, room PR002, R˘azvan I labs: I Monday, 4pm-6pm, room PR706, S, tefania I Monday, 8pm-10pm, room PR706, Mihai I Monday, 8pm-10pm, room EG106, Adrian I Monday, 8pm-10pm, room EG306, Dennis I http://ocw.cs.pub.ro/cns/ I but first: https://ocw.cs.pub.ro/courses/cns/need-to-know I labs start on Monday, 30th of September 2019, 8pm I last instance of the first lab on Monday, 7th of October 2019, 4pm, room PR706 CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 3/52 The Team I R˘azvanDeaconescu: lectures, lecture tests, exam I Mihai Dumitru: labs, infrastructure I S, tefania Popescu: labs I Dennis Plosceanu: labs I Adrian S, endroiu: labs, assignments, lectures CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 4/52 Resources I wiki (content): http://ocw.cs.pub.ro/cns/ I Moodle (news, deadlines, exam, dicussions, links to content, feedback) I SRIC (enrolable) I SCPD (enrolable) I common/meta (not-enrolable, actually used) I Facebook (news, trivia): http://facebook.com/cns.upb I mailing list (news, dicussions): https://ocw.cs.pub.ro/courses/cns/resources/mailing-list I assignment write-only mailing-list (assignments): http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/oss-support I calendar & planning: https://ocw.cs.pub.ro/courses/cns/calendar I virtual machines (labs, assignments, CTFs): https://ocw.cs.pub.ro/courses/cns/resources/vm I CTF platform (assignments, labs): https://cns-ctf.security.cs.pub.ro/home I lab rooms: PR706, EG106, EG306 I team: to yell at CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 5/52 Lab Split I happens on the acs.curs.pub.ro Discussion forum I threads for each of the 4 lab slots I almost complete I you need to be enroled I you can enrol by yourself by accessing the CNS acs.curs.pub.ro instance I limit is 16 students per lab slot CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 6/52 Class Keywords I reverse engineering I shell execution I binary inspection I exploiting I stack overflow I runtime application security I buffer overflow I return oriented programming I shellcode I CTF (Capture the Flag) CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 7/52 Table of Contents planning: https://ocw.cs.pub.ro/courses/cns/calendar 1. Introduction. Basic Exploration Tools 2. Program Analysis 3. The Stack. Buffer Management 4. Exploiting. Shellcodes 5. Exploiting. Shellcodes (part 2) 6. Exploit Protection Mechanisms 7. Strings. Information Leaks 8. Return Oriented Programming 9. Return Oriented Programming (part 2) 10. Use After Free 11. Practical Attacks (part 1) 12. Practical Attacks (part 2) 13. Guest Lecture CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 8/52 Bibliography I Robert Seacord { Secure Coding in C and C++, Addison Wesley Professional, 2005 I Robert Seacord { The CERT C Secure Coding Standard, Addison Wesley Professional, 2008 I Anton Chuvakin, Cyrus Peikari { Security Warrior, O'Reilly, 2004 I Grey Hat Hacking. The Ethical Hacker's Handbook, 3rd Edition, McGraw Hill, 2011 I Enrico Perla, Massimiliano Oldani { A Guide to Kernel Exploitation, Syngress, 2011 I Jon Erickson { The Art of Exploitation, 2nd Edition, No Starch, 2008 I Michael A. Davis, Sean M. Bodmer, Aaron LeMasters { Hacking Exposed. Malware and Rootkits, McGraw Hill, 2010 I Bruce Schneier { Applied Cryptography, John Wiley & Sons, 1996 CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 9/52 Grading I 2 points { lab involvement I 4.5 points { 3 assignments I 2 points { lecture tests I 2.5 points { final exam CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 10/52 Tests during Lectures I at the beginning of lectures 3, 5, 7, 9, 11, from the past two lectures I start at 6:05pm; please don't be late I 10 minutes, 4 short questions I 0.4 points each CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 11/52 Final Exam I one part is a multiple answer questions test (22 questions, 20 minutes) I the other part is an on paper test (60 minutes) CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 12/52 CTF { Capture the Flag I computer security competition I educational, practice I attack/defense vs. jeopardy I web, stegano/forensics, crypto, binary/reverse, pwn/exploit, protocol, misc I wargames I may equate assignment points CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 13/52 Outline Introduction Things You Need to Know Tools of the Trade (That You May or May Now Know) Basic Tools for Exploration Demo Conclusion CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 14/52 C Programming Language I lingua franca of low-level programming I powerful enough to build amazing software and flexible enough to shoot yourself in the foot I close to hardware, everything is at some point coming from C code I direct access to memory management (buffers, strings, arrays, pointers): mixed blessing CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 15/52 Linux / Unix CLI. Shell Scripting I move around quickly I investigate, analyze system I quickly develop, build, debug, analyze applications I automate tasks CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 16/52 Assembly Language I everything turns to machine code I one may not have access to the source code, but it can be disassembled I hardware specific { the \guts" of the computer I required knowledge to fully be able to exploit and protect the system CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 17/52 Data Representation I binary, octal, hexadecimal I ASCII I signed / unsigned integers: size, range, 2's complement representation I endianess I there are 10 types of people in the world . I disassembled code, addresses and hardware instructions are shown in hexadecimal I one is required to easily convert hexadecimal to decimal and the other way around CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 18/52 Operating Systems I system and application inner workings I process virtual address space I application run time: CPU, memory, I/O usage I system calls, kernel space CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 19/52 Process Investigation I processes and resource usage: ps, pstree, pgrep, procfs filesystem I memory mappings: pmap I open file descriptors: lsof CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 20/52 If You Feel Lacking I this is a master class, you need to be on the level I work, work, work I C programming: https://ocw.cs.pub.ro/courses/programare I Linux / Unix CLI, shell scripting: https://ocw.cs.pub.ro/courses/uso I assembly language + hexadecimal: https://ocw.cs.pub.ro/courses/iocla I operating systems + process investigation: https://ocw.cs.pub.ro/courses/so CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 21/52 Outline Introduction Things You Need to Know Tools of the Trade (That You May or May Now Know) Basic Tools for Exploration Demo Conclusion CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 22/52 Scripting Languages I Python, Perl I automation I generate/print binary data and feed it to an executable I generate strings, generate variating integers & addresses I do redirects, make conversions, process strings CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 23/52 Python I quick'n'dirty scripting language I more powerful than shell scripting I create binary payloads (use struct package) I convert data I work with strings I work with files I work with processes (use subprocess package) I advanced exploit techniques (use pwn package) I use Python3, FTW!!! CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 24/52 Hex Viewers and Editors I dump and edit data in binary files (object files, executables, encrypted files) I hexdump, xxd, od: make hexdumps I hte: terminal hex editor I ghex, Bless: GUI hex editor CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 25/52 GDB I dynamic analysis I default debugger on Unix systems I may be used to trace programs, check variables and return values CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 26/52 PEDA I Python Exploit Development Assistance for GDB I enhance GDB for exploit development I improved commands I improved views I search for ROP gadgets I generate shellcodes I generate buffer cyclic patterns I http://ropshell.com/peda/ CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 27/52 Binary Code Analysis I inspect object and executable files I disassembling: objdump I forensics: strings I executable parsing: readelf, nm I dependencies: ldd CSE Dep, ACS, UPB Lecture 1, Introduction. Basic Exploration Tools 28/52 Call Tracing I dynamic analysis I capture system calls, function callls of program I check out system call arguments I check out system call return values I see whether process blocks in a system call I strace, ltrace CSE Dep, ACS, UPB Lecture 1, Introduction.
Load more

Recommended publications
  • Towards a Toolchain for Exploiting Smart Contracts on the Ethereum Blockchain
    Towards a Toolchain for Exploiting Smart Contracts on the Ethereum Blockchain by Sebastian Kindler M.A., University of Bayreuth, 2011 Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Bachelor of Science in the Computer Science Program Faculty of Computer Science Supervisor: Prof. Dr. Stefan Traub Second Assessor: Prof. Dr. Markus Schäffter External Assessor: Dr. Henning Kopp Ulm University of Applied Sciences March 22, 2019 Abstract The present work introduces the reader to the Ethereum blockchain. First, on a con- ceptual level, explaining general blockchain concepts, and viewing the Ethereum blockchain in particular from different perspectives. Second, on a practical level, the main components that make up the Ethereum blockchain are explained in detail. In preparation for the objective of the present work, which is the analysis of EVM bytecode from an attacker’s perspective, smart contracts are introduced. Both, on the level of EVM bytecode and Solidity source code. In addition, critical assem- bly instructions relevant to the exploitation of smart contracts are explained in detail. Equipped with a definition of what constitutes a vulnerable contract, further practical and theoretical aspects are discussed: The present work introduces re- quirements for a possible smart contract analysis toolchain. The requirements are viewed individually, and theoretical focus is put on automated bytecode analysis and symbolic execution as this is the underlying technique of automated smart contract analysis tools. The importance of semantics is highlighted with respect to designing automated tools for smart contract exploitation. At the end, a min- imal toolchain is presented, which allows beginners to efficiently analyze smart contracts and develop exploits.
    [Show full text]
  • 1 SEC Consult – Cyber Security Challenge Austria / CTF Tips & Tricks
    SEC Consult – Austria Cyber Security Challenge Tips & Tricks Responsible: R. Freingruber Version/Date: 1.0 / 26.04.2018 Confidentiality class: Public 1 SEC Consult – Cyber Security Challenge Austria / CTF Tips & Tricks This article is intended to give useful tips and tricks for participants of the Cyber Security Challenge Austria, however in general, it can be seen as a guideline to Capture-the-Flag (CTF) competitions. The first chapter is for beginners who don’t know where they can acquire the required skills to participate and how to get started. The later chapters give some hints for various categories in CTFs. Please note that the tips range from basic tips to more complex ones like “how to solve hard binaries” or “how to win attack-defense CTFs” (which is very likely not required for Cyber Security Challenge Austria). Please also note that the article has a strong focus on the binary / exploit category because that’s the authors main category. 1.1 How to get started? This chapter is for people who want to do more in the field of IT security, but who don’t know how to get started and where the required knowledge can be learned. The best source of information are books that summarize the most common attack techniques and protections against them. Since the entire topic of IT security is very extensive there is not a “one-size-fits- all” book which lists all attacks in-depth. Instead, there are standard books which cover specific topics. The following list is not exhaustive, but tries to list the best books (in the authors opinion) for the respective topics: • Web o The Web Application Hackers Handbook by Dafydd Stuttard ▪ The standard book on web attacks which covers lots of different topics.
    [Show full text]
  • Reverse Software Engineering As a Project-Based Learning Tool
    Paper ID #33764 Reverse Software Engineering as a Project-Based Learning Tool Ms. Cynthia C. Fry, Baylor University CYNTHIA C. FRY is currently a Senior Lecturer of Computer Science at Baylor University. She worked at NASA’s Marshall Space Flight Center as a Senior Project Engineer, a Crew Training Manager, and the Science Operations Director for STS-46. She was an Engineering Duty Officer in the U.S. Navy (IRR), and worked with the Naval Maritime Intelligence Center as a Scientific/Technical Intelligence Analyst. She was the owner and chief systems engineer for Systems Engineering Services (SES), a computer systems design, development, and consultation firm. She joined the faculty of the School of Engineering and Computer Science at Baylor University in 1997, where she teaches a variety of engineering and computer science classes, she is the Faculty Advisor for the Women in Computer Science (WiCS), the Director of the Computer Science Fellows program, and is a KEEN Fellow. She has authored and co- authored over fifty peer-reviewed papers. Mr. Zachary Michael Steudel Zachary Steudel is a 2021 graduate of Baylor University’s computer science department. In his time at Baylor, he worked as a Teaching Assistant under Ms. Cynthia C. Fry. As part of the Teaching Assistant role, Zachary designed and created the group project for the Computer Systems course. Zachary Steudel worked as a Software Developer Intern at Amazon in the Summer of 2019, a Software Engineer Intern at Microsoft in the Summer of 2020, and begins his full-time career with Amazon in the summer of 2021 as a software engineer.
    [Show full text]
  • Flexible Software Protection
    Flexible Software Protection JENS VAN DEN BROECK, BART COPPENS, and BJORN DE SUTTER, Department of Electronics and Information Systems, Ghent University, Belgium To counter software reverse engineering or tampering, software obfuscation tools can be used. However, such tools to a large degree hard-code how the obfuscations are deployed. They hence lack resilience and stealth in the face of many attacks. To counter this problem, we propose the novel concept of flexible obfuscators, which implement protections in terms of data structures andAPIs already present in the application to be protected. The protections are hence tailored to the application in which they are deployed, making them less learnable and less distinguishable. In our research, we concretized the flexible protection concept for opaque predicates. We designed an interface to enable the reuse of existing data structures and APIs in injected opaque predicates, we analyzed their resilience and stealth, we implemented a proof-of-concept flexible obfuscator, and we evaluated it on a number of real-world use cases. This paper presents an in-depth motivation for our work, the design of the interface, an in-depth security analysis, and a feasibility report based on our experimental evaluation. The findings are that flexible opaque predicates indeed provide strong resilience and improved stealth, but also that their deployment is costly, and that they should hence be used sparsely to protect only the most security-sensitive code fragments that do not dominate performance. Flexible obfuscation therefor delivers an expensive but also more durable new weapon in the ever ongoing software protection arms race. CCS Concepts: • Security and privacy ! Software security engineering; Software reverse engineering.
    [Show full text]
  • INFILTRATE Ghidra
    Three Heads Are Better Than One: Mastering NSA's Ghidra Reverse Engineering Tool Alexei Bulazel Jeremy Blackthorne @0xAlexei @0xJeremy github.com/0xAlexei/INFILTRATE2019 Disclaimer This material is based on the publicly released Ghidra, there is no classified information in this presentation Alexei Bulazel @0xAlexei ● Senior Security Researcher at River Loop Security ● Research presentations and publications: ○ Presentations at REcon (MTL & BRX), SummerCon, DEFCON, Black Hat, etc. ○ Academic publications at USENIX WOOT and ROOTS ○ Cyber policy in Lawfare, etc. ● Collaborated with Jeremy on research at RPI, MIT Lincoln Laboratory, and Boston Cybernetics Institute ● Proud RPISEC alumnus Jeremy Blackthorne @0xJeremy ● Instructor at the Boston Cybernetics Institute ● PhD candidate at RPI focused on environmental keying ● Former researcher at MIT Lincoln Laboratory ● United States Marine Corps 2002 - 2006 ● RPISEC alumnus Outline 1. Intro 2. Interactive Exercises a. Manual Static Analysis b. Scripting Ghidra 3. P-Code & SLEIGH 4. Discussion 5. Conclusion Participating 1. Install OpenJDK 11, add its bin directory to your PATH ● jdk.java.net/11 2. Download Ghidra ● ghidra-sre.org ● github.com/NationalSecurityAgency/ghidra/releases 3. Download our demo scripts and binaries ● github.com/0xAlexei/INFILTRATE2019 Ghidra ● Java-based interactive reverse engineering tool developed by US National Security Agency - similar in functionality to IDA Pro, Binary Ninja, etc… ○ Static analysis only currently, debugger support promised to be coming soon ○ Runs on Mac, Linux, and Windows ● All credit for creating Ghidra goes to the developers at NSA ● Released open source at RSA in March 2019 ○ 1.2M+ lines of code ● NSA has not discussed the history of the tool, but comments in source files go as far back as February 1999 Outline 1.
    [Show full text]
  • Pypanda: Taming the Pandamonium of Whole System Dynamic Analysis
    PyPANDA: Taming the PANDAmonium of Whole System Dynamic Analysis Luke Craig∗, Andrew Fasano∗y, Tiemoko Ballo∗, Tim Leek∗ Brendan Dolan-Gavittz William Robertsony ∗MIT Lincoln Laboratory {Luke.Craig,Andrew.Fasano,Tleek,Tiemoko.Ballo}@ll.mit.edu yNortheastern University [email protected], [email protected] zNew York University [email protected] Abstract—When working with real world programs, dy- IDA Pro1, and Ghidra2 all support conducting analyses namic analyses often must be run on a whole-system instead of from scripting languages, such functionality is rarely just a single binary. Existing whole-system dynamic analysis present in whole-system dynamic analysis platforms lead- platforms generally require analyses to be written in compiled languages, a suboptimal choice for many iterative analysis ing to cumbersome workflows. For example, consider the tasks. Furthermore, these platforms leave analysts with a split task of conducting a whole-system dynamic taint analysis view between the behavior of the system under analysis and on data sent to a custom kernel module that ultimately the analysis itself—in particular the system being analyzed flow into a user space application. An analyst must must commonly be controlled manually while analysis scripts approach this task through two distinct, but complemen- are run. To improve this process, we designed and imple- mented PyPANDA, a Python interface to the PANDA dynamic tary, processes. First, they must drive the guest system’s analysis platform. PyPANDA unifies the gap between guest behavior: boot the system, log in, obtain the relevant virtual machines behavior and analysis tasks; enables painless source code and toolchains, compile the code (or copy in a integrations with other program analysis tools; and greatly prebuilt binary), and load the kernel module.
    [Show full text]
  • Get the Most from Capture the Flag
    Maximum CTF Get the most from capture the flag Friday, July 31, 2009 capture the flag (Two Toy Soldiers) http://www.flickr.com/photos/janramroth/2264184078/ http://creativecommons.org/licenses/by/2.0/deed.en jot.punkt lightning round "Hack the planet______" Friday, July 31, 2009 Trivia 100 from 2006 qualifier. And yeah this should be insanely obvious. The funny part though is that the next year, the 100 point question was The thunder and lightning RonAlmog http://www.flickr.com/photos/ronalmog/2053473900/ http://creativecommons.org/licenses/by/2.0/deed.en lightning round "Hack the planet______" Friday, July 31, 2009 Trivia 100 from 2006 qualifier. And yeah this should be insanely obvious. The funny part though is that the next year, the 100 point question was The thunder and lightning RonAlmog http://www.flickr.com/photos/ronalmog/2053473900/ http://creativecommons.org/licenses/by/2.0/deed.en lightning round "_____Hack the planet" Friday, July 31, 2009 And likewise, the year after that: lightning round "_____Hack the planet" Friday, July 31, 2009 And likewise, the year after that: lightning round "Hack the___ planet" Friday, July 31, 2009 A fair amount of CTF has been inside jokes and homages to years past. If you plan on participating, check out and practice on previous years answers and writeups as they will make your life much easier. lightning round "Hack the___ planet" Friday, July 31, 2009 A fair amount of CTF has been inside jokes and homages to years past. If you plan on participating, check out and practice on previous years answers and writeups as they will make your life much easier.
    [Show full text]
  • Ghidra Vs Radare2
    Ghidra Vs Radare2 Radare2 – is a framework built for reverse engineering and analyzing binaries. js File size differs 2462470 vs 2461765 Buffer truncated to 2461765 byte(s) (705 not compared) 86611 So… the WebAssembly is essentially generating JavaScript on-the-fly. With the addition, the latest UFC 257 lineup includes: Conor McGregor vs. Plugin manager for x64dbg. radare2 tools. Я открываю программу в Cutter — GUI для radare2 со встроенным декомпилятором ghidra, имеющим возможность эмуляции, а с недавних пор и отладки. Plugin manager for x64dbg. 7 місяців тому. Watch the UFC 257 "McGregor vs. With radare2 you can analyze, disassemble. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. radare2 was added by Tim_B in Sep 2016 and the latest update was made in Apr 2018. Free and Open Source RE Platform powered by Rizin. Ve srovnání s komerčním IDA je pomalejší a má víc chyb. Even if you know how to disassemble a Brown iron, this will not help. IDA Pro is a programmable, interactive, and multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment. 0 has been released!. We are using radare2 together with avr-gdb and simavr to reverse engineer the challenge "Jumpy" which implemets a password checking algorithm В видео речь пойдет про Ida Pro (free) x64dbg (плагины snowmen, x64dbg2ghidra) Ghidra Radare2 Затрону поверхностно windbg, binary ninja. pdf - Free ebook download as PDF File (. Patching Binaries (with vim, Binary Ninja, Ghidra and radare2) - bin 0x2F.
    [Show full text]
  • Mobile Data Analysis Using Dynamic Binary Instrumentation and Static Analysis
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-2020 Mobile Data Analysis using Dynamic Binary Instrumentation and Static Analysis Christopher Dukarm Follow this and additional works at: https://scholar.afit.edu/etd Part of the Computer Sciences Commons Recommended Citation Dukarm, Christopher, "Mobile Data Analysis using Dynamic Binary Instrumentation and Static Analysis" (2020). Theses and Dissertations. 3157. https://scholar.afit.edu/etd/3157 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. Mobile Data Analysis using Dynamic Binary Instrumentation and Static Analysis THESIS Christopher Dukarm, 2d Lt, USAF AFIT-ENG-MS-20-M-016 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio DISTRIBUTION STATEMENT A APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this document are those of the author and do not reflect the official policy or position of the United States Air Force, the United States Department of Defense or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT-ENG-MS-20-M-016 Mobile Application Data Analysis using Dynamic Binary Instrumentation and Static Analysis THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command in Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Operations Christopher Dukarm, B.S.C.S.
    [Show full text]
  • An Empirical Study on ARM Disassembly Tools
    An Empirical Study on ARM Disassembly Tools Muhui Jiang Yajin Zhou∗ Xiapu Luo [email protected] [email protected] [email protected] The Hong Kong Polytechnic Zhejiang University The Hong Kong Polytechnic University China University China China Ruoyu Wang Yang Liu Kui Ren [email protected] [email protected] [email protected] Arizona State University Nanyang Technological University Zhejiang University USA Singapore China Institute of Computing Innovation, Zhejiang University China ABSTRACT CCS CONCEPTS With the increasing popularity of embedded devices, ARM is becom- • Software and its engineering ! Assembly languages. ing the dominant architecture for them. In the meanwhile, there is a pressing need to perform security assessments for these devices. KEYWORDS Due to different types of peripherals, it is challenging to dynami- Disassembly Tools, ARM Architecture, Empirical Study cally run the firmware of these devices in an emulated environment. Therefore, the static analysis is still commonly used. Existing work ACM Reference Format: Muhui Jiang, Yajin Zhou, Xiapu Luo, Ruoyu Wang, Yang Liu, and Kui Ren. usually leverages off-the-shelf tools to disassemble stripped ARM 2020. An Empirical Study on ARM Disassembly Tools. In Proceedings of binaries and (implicitly) assume that reliable disassembling binaries the 29th ACM SIGSOFT International Symposium on Software Testing and and function recognition are solved problems. However, whether Analysis (ISSTA ’20), July 18–22, 2020, Virtual Event, USA. ACM, New York, this assumption really holds is unknown. NY, USA, 14 pages. https://doi.org/10.1145/3395363.3397377 In this paper, we conduct the first comprehensive study on ARM disassembly tools.
    [Show full text]
  • Download Disassembler Windows
    Download disassembler windows click here to download Browse All Files Windows BSD Mac Linux. Description. Udis86 is an easy-to-use minimalistic disassembler library for the x86 and x PEBrowse Professional - a Windows portable executable file viewer/dissection utility and disassembler. Windows Disassembler for bit & bit Programs. Download PEBrowse64 Professional. for Windows 10, Windows. Win32Program Disassembler, free and safe download. Win32Program Disassembler latest version: A free Development program for Windows. Win32Program. the most popular disassemblers recently. /downloads/browse/OllyDbg_Plugins ​x86 Disassemblers · ​Disassembler Issues · ​Decompilers · ​A General view of. Windows Disassembler for bit & bit Programs. 23/12/ | by maldevel. PEBrowse64 Screenshot of PEBrowse Professional: Download from here. Download software in the Debuggers/Decompilers/Disassemblers category. Windows 10 / Windows 8 / Windows 7 / Windows Vista / Windows XP. executable. Pros: None. Cons: None. Other Thoughts: Download debugger from site,but watch out for the 2nd or 3rd 'extra' debugger files available for. The IDA Disassembler and debugger is a multi-processor disassembler and debugger hosted on the Windows, Linux and Mac OS X Platforms. JD Java Decompiler. The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte Overview; Download; Changes. The Ultimate Disassembler. Download bit/bit DLLs & static libraries for Microsoft Windows bit/bit. cstool (www.doorway.ru). Win The Proview (a.k.a PVDasm) Disassembler is Free, Interactive, Multi-CPU (Intel 80x86/ Chip8) that includes many features which Debuggers / Disassemblers [ Useful debugger and disassembler engines ] Download. IDA Pro Disassembler and Debugger [ Find previous and the latest IDA Pro can be used as a local and as a remote debugger on the 80x86 (typically Windows/Linux) and the ARM plaform (typically Windows Download.
    [Show full text]
  • Function Identification and Recovery Signature Tool
    Function Identification and Recovery Signature Tool Angel M. Villegas Cisco Systems Inc., Talos [email protected] project file (IDB). The IDB allows users to share their analysis via sending others their IDB file. Abstract The ability for users to markup functions with Reverse Engineering benign or malicious samples can useful information like the function name, its take a considerable amount of time. Reversing many prototype, comments, etc. greatly impacts the ability samples, or tracking changes in malware families, can to analyze software quickly and efficiently. Though cause an analyst to see similar or even the same IDA has many features and supports developer created functions used over and over. The similar, or same, plugins to expand its capabilities, it does not provide functions could be seen recently, allowing the analyst an easy way to work with others. to recall the metadata they associated with it. Analyzing disassembly for a given binary is However, most likely, the disassembly will be familiar typically an individual task versus a group effort. but the analyst will need to review the function to However, several reverse engineers can work together associate metadata with it. Broadening this to a team to quickly analyze a binary or others could benefit setting, time and effort is required to keep everyone’s from the knowledge gleamed and documented by metadata sync-ed up between the same or similar another analyst. An IDA IDB contains function samples. Reverse engineering the same routines is a annotations, but those annotations cannot be shared or waste of time and can be reduced by applying the right restored outside of the IDB.
    [Show full text]