I really like these videos. It is just like the early ones that I subscribed for. Although I do like your recent content, this format is my favourite. Covering 1 topic concisely as part of a series that gets gradually more in-depth.
I'm good with this type of video too, however I really have a hard time with the low audio. I don't see anyone in the comments mentioning it, so maybe it's just me, but I have to crank my laptop volume almost up to full to hear you in this format. Upping the volume a bit would be greatly appreciated!
PLS KEEP the comntent good. Q_Q Im happy you have daily but I'm a bit concern about it. Bit of thinking. Actually this small bits keep me entertained and I also learn the same time. It's very digestable. It's a win. Wish you good luck /life/etc. .
Could you make a list of all resources that could help in learning like wargame sites ? I don't know if you have something like this already on your site. Thanks for these videos mate.
I would love to see some reversing with cutter (if you abandoned gdb/r2...) which also added the ghidra decompiler....
4 года назад
Hello. I am studiying and developing a Deep learning algorithm. I wonder, is there any deep learning method to extract and recognize the binary sembols. Deep learning is very good at it. It can learn almost all sembols and behaviour of compiler. I know it takes very long time but it can learn.
I spent a good 1 hour understanding this video and the weird flow of the statically linked stripped binary. So if I'm not wrong, whenever dynamic linking happens in a process with a debugger attached to it the debugger watches for the symbols being used for the linking and can subsequently tell the user the function names?
The stripped binary only has its own debug symbols removed, but still has its import table (symbols referring to external functions/variables to be dynamically bound). So no need for a debugger, a proper disassembler is enough. (It is the most common form of executable, no debug symbols and dynamic linking). The second part of the video is about using signatures to identify functions that we know of from another binary, it's a difficult task since the assembly can change between different compilations and thus different versions of a library. There are different identification methods around: flair (pattern + cross references), yara (behavior based, return value), ..
How are these signatures made? it's some kind hash function of all the bytes used by the function, substituting `call`s by the bytes of the internal functions?
This seems to be a lesson in why you don't decompile code, you disassemble it. If you understand x86 enough, you can always see exactly what is happening and you don't run into problems where you end up with rogue function calls that shouldn't be there.
Ah well. Then I don’t know why any programmer would still write code with buffer overflow vulnerabilities. Or why XSS still exists. Or why iPhones still get jailbroken. Why are they not just writing secure code?!?!?
@@LiveOverflow That is not a fair comparison. People consciously choose to use MD5 where buffer overflows, XSS, and jail vulnerabilities happen on accident. Buffer overflows can be effectively eliminated by using a language that keeps tracks of buffer sizes with dependent types. XSS can be effectively mitigated by using refinement types to keep track of whether data is sanitized. Preventing escaping from a jail is much more complicated, but using formal verification of your specification and design can help avoid it.
md5 is pretty fast, pretty wide spread, and it's good enough for most tasks. the holes that it has aren't too significant enough for everyone to switch to another hash function. it's "good enough" when generating checksums and the like.
Real Hackers don't use Ghidra, or GDB Back in the good old days -- the "Golden Era" of computers, it was easy to separate the men from the boys (sometimes called "Real Men" and "Quiche Eaters" in the literature). During this period, the Real Men were the ones that understood binary code, and the Quiche Eaters were the ones that didn't. A real computer programmer said things in assebly. (they actually talked in capital letters, you understand)
I’m just trying to have some fun with daily videos in december. Calling it haxember. It’s just the 4th day old style videos are not gone. I just have to do a different style to be able to make daily stuff. It’s just an experiment ;)