how do I into binary exploitation I have a basic understanding

>>58078081
>pretty decent programming background
Doesn't sound like it.

>>58078275
sent ;)

>>58078081
Perhaps you should try writing some programs in asm so you know wtf you're looking at.

File: 13dd7f68bcf828d5.jpg (14KB, 375x366px) Image search: [Google]

14KB, 375x366px

>>58078293

>>58078329

not a bad idea, what are some good resources for understanding all the registers and everything for x86?

>>58078357
Google?
Seriously, fucking gas yourself.

>>58078357
I'll be honest I don't know the first thing about assembly but google is your friend.

>>58078357
yeah google should be a good start.
If you know C do this: write simple programs, compile them with the -g flag, and open them with gdb (gotta learn some gdb commands too). Make the programs increasingly more complex and look at the disassembly, step through it.
You need also know the stack discipline: what a stack frame is, what's each thing in a stack frame, how local variables are addressed in stack frames, etc.
There are plenty of tutorials for x86 assembly, a lot of them. Most of them are for 32 bit x86 though, which is really not so different, the registers are smaller and have slightly different names (%eax corresponds to 64 bit %rax for example). Just pick a good "x86 assembly programming tutorial" and you'll be fine.
If I remember the name of the book with which I learned I'll tell you

File: sfw2.jpg (4MB, 3628x6760px) Image search: [Google]

4MB, 3628x6760px

>be american
>come home from shipping missiles to isreal
>believe repeating digits on an anime forum changed the election
>shit myself while shopping for wonder bread
>get attacked by protesters
>get shot in a mass shooting
>nurse slaps me for not using xer preffered pronouns
>can't get obamacare because i spent my data cap on asian cartoons
>lose my job because it got moved to mexico
>get arrested for collecting rainwater
>serve three life sentences for resisting arrest
>cellmate trades my asshole for toilet wine
>get shot

but at least my flag is on the moon

>radiation has caused the flag to become completely white

...

Sounds to me you just need to have a better understanding of assembly.

>>58080257
roll

Do ctfs, pwnable dot kr and picoctf are good places to start. A lot of it is just reading other people's exploits and understanding how they work

>>58079771
why learn for 32 instead of 64 bit

File: 1471979013097.jpg (93KB, 677x631px) Image search: [Google]

93KB, 677x631px

>>58080257
Roll

>>58080257
pls give me jillian

>>58079771
X86-64 only uses RVAs, x86 uses full addresses. The 86-64 also only has one calling convention vs the 8000 on 86

>>58080257
roll

is it really hard to get job in RE?

anyone here working in RE?

>>58080257
rollin'

>>58080257
ayy roll

>>58081398
It's not, do ctfs with your college and apply for internships at a contractor or NSA
I know a shitload of people who have done it

>>58081942
I can not into NSA because I can get h1b at best.

I wish it was that easy, maybe murrica is different but here in yourpoo I they always look for advenced people with documented xp and several years of practice.

>>58080257

let's see what we get

>>58078081
Would like to help but unfortunately I only assembly languages I know are 6502, z80, and m68k

>>58081988
A lot of it is just finding people with similar interests, hang around freenode and just ctf

>>58080942
well when I learned assembly a few years ago I could only find 32 bit texts. Occasionally a 64 bit text but they usually all sucked and pretty much assumed you already knew 32 bit

>>58081398
Yes I do software dev and vulnerability research.

Found a nice logic bug in a product where it can be exploited, but can't tell you as we have NDA's.

>>58081988
Not at all. I live in a country in Europe. I went straight from MSc to dev/research. Show a bit of initiative, like RE at home (I just said about my game cracking stuff, they don't mind as long as you "promise" not to break the law if you get in. Proof of IDA knowledge, along with WinDbg. And your golden. Well as you noticed I'm a Windows dev, can do Linux to, but my strength is PE files.

>>58081988
not to mention that Trump will ban all muslims and Europe is an arab land now

>>58082843
What's your favorite winternals meme? Mine has to be the global desktop heap where you can see every window name and dimension on the same desktop from your own executable

>>58082843
How do you find bugs? I know about fuzzers n shit, but I always think that if an automated tool could find me a bug/hole, it would've been found already. What else do you do?
I'm thinking of getting the program in question in a jail/VM where I feed it a lot of bogus input from all fronts. Any suggestions?

>>58082889
Biggest windows fail is the fact that your PEB/TEB is in usermode, and kernel access your UM data.

>>58082931
I've never had luck with fuzzers. I usually stick it in Ida, and look for where any I/O occurs (from userinput, to regkey accesses, to file read etc), and work from their. And also sticking it WinDbg to analyze what it's doing, e.g. where hash generation for game keys are generated etc, and extracting it to make a keygen.

>>58082975
The peb/teb make a bit of sense, relocations/exception shit and the tls live in them, but it is dumb that kernel trusts anything coming from them.

>>58079771
By any chance learned from ; assembly language step by step from Jeff duntermann ?

>>58080257
Lol I love this picture

>>58083206
hoyga ci
Ehm, I mean, yes, actually that was it. I remember the chapter on alien bases in particular.

I also suggest for OP The Shellcoder's Handbook for exploiting on all sorts of platforms

>>58078401
>Jewgle
Fucking gas yourself