Reverse engineering is not just about uncovering the hidden behaviour of a given technology, system, program or device. It's actually an art and a mindset. Reversing is used by some government agencies, secret services, antivirus software companies, hackers and students. It can be used for many purposes: cracking/bypassing software, botnet analysis, finding 0day exploits, interpreting unknown protocols, understanding malware or finding bugs in apps.
These slides describe rules for running Architectural Katas, essential for running architectural katas. This was created as part of Software Architecture Meetup January 2019 session.
ISO26262-6 Software development process (Ver 3.0)Hongseok Lee
ISO26262-6 Software Development Process in the automotive domain. Planning(Coding Guideline. MISRA guideline), Requirement, Design, Safety Analysis, Testing
These slides describe rules for running Architectural Katas, essential for running architectural katas. This was created as part of Software Architecture Meetup January 2019 session.
ISO26262-6 Software development process (Ver 3.0)Hongseok Lee
ISO26262-6 Software Development Process in the automotive domain. Planning(Coding Guideline. MISRA guideline), Requirement, Design, Safety Analysis, Testing
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
This presentation explains what is software development methodology. It also explores various methodologies such as Waterfall Model, Prototype Model, Incremental Model, Spiral Model, RAD Model, and V-Model.
http://www.ifour-consultancy.com/
http://www.ifourtechnolab.com
Video in Russian: http://www.youtube.com/watch?v=cJFVAbWZInE
Talk given with Agile-Latvia.org at TSI.lv for CS students, revealing Agile principles through real life stories and examples.
List of Software Development Model and MethodsRiant Soft
RiantSoft a Software Development Company derived the most useful and different types of Software Development Model for the users who want to know the development process. RiantSoft is specialized in custom software development with latest cutting edge technologies.
Psychology of testing is a type of testing which is fully depends on the mindset of developers and tester. When we are building the software, we working positively towards the software never think about negative things.
The systematic use of proven principles, techniques ,languages and tools for the cost-effective analysis ,documentation and on-going evolution of user needs and the external behavior of a system to satisfy those user needs.
Requirement Elicitation
Facilitated Application Specification Technique(FAST)
Quality Function Deployment
USE-CASES
Bringing Down the House - How One Python Script Ruled Over AntiVirusCTruncer
This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
This presentation explains what is software development methodology. It also explores various methodologies such as Waterfall Model, Prototype Model, Incremental Model, Spiral Model, RAD Model, and V-Model.
http://www.ifour-consultancy.com/
http://www.ifourtechnolab.com
Video in Russian: http://www.youtube.com/watch?v=cJFVAbWZInE
Talk given with Agile-Latvia.org at TSI.lv for CS students, revealing Agile principles through real life stories and examples.
List of Software Development Model and MethodsRiant Soft
RiantSoft a Software Development Company derived the most useful and different types of Software Development Model for the users who want to know the development process. RiantSoft is specialized in custom software development with latest cutting edge technologies.
Psychology of testing is a type of testing which is fully depends on the mindset of developers and tester. When we are building the software, we working positively towards the software never think about negative things.
The systematic use of proven principles, techniques ,languages and tools for the cost-effective analysis ,documentation and on-going evolution of user needs and the external behavior of a system to satisfy those user needs.
Requirement Elicitation
Facilitated Application Specification Technique(FAST)
Quality Function Deployment
USE-CASES
Bringing Down the House - How One Python Script Ruled Over AntiVirusCTruncer
This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
Formation complète ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-sophos-xg-firewall-administration
Après les deux premières formations sur la solution Sophos UTM 9, cette formation vient pour compléter la série de formation Sophos permettant l’obtention de la certification Sophos Certified Engineer SCE et Sophos Certified Architect SCA.
Durant cette formation Sophos XG Firewall, qui est la version 15 en numéro de Firmware de l’éditeur, vous allez comprendre le fonctionnement de la solution de pare-feu de nouvelle génération de Sophos et le déploiement de ses fonctionnalités les plus importantes : Installation et configuration de initiale, découverte de la toute nouvelle interface l’AdminConsole, gestion des Licences, gestion de la sauvegarde et restauration, définition des différents types d’objets, le routage statique et dynamique, l’Authentification et le SSO, Intégration Active Directory, gestion des interfaces du boitier, service DNS, service DHCP, Pare-feu, NAT, les différentes Policy, le UserPortal, IPS, ATP et la protection contre le déni de service DoS.
Tout au long de cette formation, le formateur vous montrera comment monter un Lab Sophos XG Firewall très complet pour faire toutes vos manipulations, ainsi, il vous montrera comment tirer profit de ce magnifique produit en suivant les astuces et les best practicies.
A l’issue de cette formation Sophos XG Firewall, vous allez être capable d’implémenter les fonctionnalités du Firewall Sophos dans sa version 15, et de le configurer suivant votre besoin interne dans votre entreprise, ou pour vos intégrations chez vos clients.
Alphorm.com Formation Excel 2016 Expert I - partie 1Alphorm
Formation complète ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-excel-2016-niveau-expert
Pendant la formation Excel 2016, vous découvrirez les fonctionnalités avancées pour faciliter l’analyse de vos données.
Avec cette formation Excel 2016, vous progresserez vers la mise en oeuvre des formules complexes avec des formules conditionnelles imbriquées et l’utilisation des lignes de statistiques ainsi que des zones nommées. Pour aider à la saisie, vous saurez créer des listes déroulantes de données et valider la conformité de la saisie.
Enfin, la puissance des tableaux de données vous permettra de gérer vos données plus facilement à l’aide de fonctionnalités de calculs et de présentation déjà présentes dans ces tableaux tout au long de cette cette formation Excel 2016.
Pour faciliter votre progression avec cette formation Excel 2016, un projet fil rouge vous permettra de mettre en oeuvre les notions étudiées de façon opérationnelle.
Nouveaux outils et dérives de la communication politique : interview exclusiv...Damien ARNAUD
Anne-Claire Ruel (@AnneClaireRuel) est enseignante à l’Université de Cergy-Pontoise, conseillère en stratégie d’opinion et chroniqueuse sur FranceTV Info et LCI.
Fortinet UTM - les Fonctionnalités avancéeseAlphorm
Formation complète ici:
http://www.alphorm.com/tutoriel/formation-en-ligne-fortinet-fortigate-utm-nse4-les-fonctionnalites-avancees
Cette formation Fortinet UTM : les Fonctionnalités avancées est la suite de la précédente formation Fortinet Fortigate UTM (NSE4).
Dans cette formation Fortinet UTM, vous allez découvrir les fonctionnalités avancées du pare-feu Fortigate : le routage avancé, le mode transparent, les VDOMs, les certificats, la HA, les outils de diagnostic.
Les chapitres traités au cours de cette formation Fortinet UTM visent à compléter vos connaissances des pare-feu Fortigate UTM et vous permettre de déployer des architectures de sécurité réseau complexes.
La formation Fortinet Fortigate UTM (NSE4) et cette formation Fortinet UTM : les Fonctionnalités avancées vous préparent et vous aident à réussir la certification NSE4 (Network Security Expert).
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area the used operating systems are summarized with the term firmware. The devices by themself, so called embedded devices, are essential in the private, as well as in the industrial environment and in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection. With EMBA you always know which public exploits are available for the target firmware. Beside the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is an open-source firmware scanner, created by penetration testers for penetration testers.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://troopers.de/troopers22/agenda/tr22-1042-emba-open-source-firmware-security-testing/
In this presentation, Jared Atkinson and Jonathan Johnson discuss the problem that many security professionals are facing today. How exactly do I know if my detection will actually detect the thing I want to detect? We discuss the importance of testing telemetry coverage and using abstraction to build a representative sample set of Atomic tests to validate detection coverage.
Scripts used in presentation can be found below:
Process Access: https://gist.github.com/jaredcatkinson/9c7a1af2261a752432230a4148ecfe02
Process Read: https://github.com/redcanaryco/AtomicTestHarnesses/blob/master/Windows/TestHarnesses/T1003.001_DumpLSASS/DumpLSASS.ps1
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area, the used operating systems are summarized with the term firmware. The devices themselves, also called embedded devices, are essential in the private and industrial environments as well as in the so-called critical infrastructure.
Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection: With EMBA you always know which public exploits are available for the target firmware. Besides the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this, EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more.
EMBA is the open-source firmware scanner, created by penetration testers for penetration testers.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://www.blackhat.com/us-22/arsenal/schedule/index.html#emba--open-source-firmware-security-testing-26596
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
Dr. Fahim Arif who is the Director R&D at MCS, principal investigator and GHQ authorized consultant for Nexsource Pak (Pvt) Ltd) discussed the capability of building cyber defense in the Data Protection and Cyber Security event that was hosted recently by Maven Logix. In his session he gave the audience valuable information about the life cycle of a cyber-threat discussing what and how to take measures by performing formal code reviews, code inspections. He discussed essential elements of code review, paired programming and alternatives to treat and tackle cyber-threat
We examine various techniques for the static and dynamic analysis of malware, highlighting potential limitations and pitfalls in the analytic process. For more information about malware detection and removal visit https://www.intertel.co.za
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
Presented at Phdays 9 2019 Moskow.The real model of an Application Security Pipeline based on Jenkins. The talk covers the key principles how to build and scale up the AppSec program using automation, orchestration. Giving samples of useful tools for security scans such as Snyk, DefectDojo, Retire.js, Node audit, Owasp Dependency check, Safety.
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://forum.defcon.org/node/242109
Thursday night is fine with us know what time we should go and if you are approached to make sure you get the best for the wonderful and soon they were going on the top management across
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
3. Reverse Engineering
• Uncovering the hidden behaviour of a given
technology, system, program, protocol or device,
by analysing the structure and operation of its
components
• Extracting knowledge about any unknown
engineering invention
6. Reverse Engineering
History
• Reversing was used to copy inventions from other
countries or business competitors
• Frequently used in the WW2 and Cold war:
• Jerry can
• Panzerschreck
• Tupolev Tu-4 / B-29
7. Binary Reverse Engineering
Motivation
• Software and hardware cracking
• Malware analysis - botnets, spyware, ransomware
• Finding bugs and developing 0day exploits
• Creating or improving docs
• Interpreting unknown protocols
• Academic purposes
• Industrial or military espionage
• Software interoperability
8. Who knows how to do this stuff?
• Hackers in general
• Intelligence agencies / cybercrime divisions
• Antivirus companies
• Students and curious people
9. Binary Reverse Engineering
• It’s the process of getting knowledge about
compiled software, in order to understand how it
works and how it was originally implemented.
10. Binary Reverse Engineering
• It’s the process of getting knowledge about
compiled software, in order to understand how it
works and how it was originally implemented.
Without the source code???
11. • It’s the process of getting knowledge about
compiled software, in order to understand how it
works and how it was originally implemented.
WTF?
WTF?WTF?
Without the source code???Binary Reverse Engineering
WTF?
WTF?
WTF?
WTF? WTF?
WTF?
WTF?
WTF?
WTF?
WTF?
WTF?
WTF?
WTF?
WTF?
17. Debuggers
These programs are used to test
other programs.
Debuggers allow us to inspect
memory and CPU registers, modify
of variables in runtime, set
breakpoints and call functions
outside the program flow.
In reverse engineering we usually
use them for dynamic analysis.
18. Decompilers
These programs try to achieve the
near-impossible task of translating
compiled software to the original
source code.
Sometimes, the generated code is
more than enough to perform
reversing tasks
19. Patchers
A patcher is very useful for changing binary code in order to modify the
software behaviour. Hex editors can be used as patchers, but there are
better tools in the wild, that allow us to patch assembly instructions.
22. Static Analysis
• Do not execute the program
• Read the spooky assembly/decompiled code
• Inspect flow charts
• Take lots of notes
• Translate procedures to the programming language of
your choice
• It’s a pain in the ass to reverse obfuscated of very
complex programs
23. Dynamic Analysis
• Execute the program
• Inspect the program behaviour
• Use a debugger to understand the values of the
CPU registers, memory (stack, heap) and the
guessed arguments for functions calls in a
specific state of execution
• It’s difficult to achieve if any anti-debugging
protections exist (Some even crash IDA PRO)
27. Cracking
• This demo was a very simple cracking scenario
• The real stuff involves a much more complex task
(static analysis, dynamic analysis, concolic
analysis)
• E.g. If you want to create a keygen you need to
understand the serial number validation algorithm
• You need to be a patching ninja to remove anti-
cracking protections (usually triggered in runtime)
28. Cracking
• In the good old times: to crack a game you just
needed to patch code to bypass PC-CDROM ID or
Integrity checks
• Reverse engineering is one of the main categories in
Security CTFs
• In CTFs, the contestants are typically challenged to
solve cracking problems
• The simplest case is just like the last demo. Find the
correct input
30. Cracking
Advanced techniques
• Timing attacks
• When a char is correct: one more cycle is executed, i.e.
more instructions
• It’s possible to launch a timing attack, char by char
• The attack complexity is reduced from to
• How can we prevent this kind of attacks?
• Tools for local binary timing attacks: Pin tool, GDB scripts
31. Cracking
Advanced techniques
• Solvers
• Serial number validation algorithms are usually composed
by complex verifications, whose components are the
values of certain indexes of the serial number.
E.g.
• These verifications can be translated to systems of
equations, that can be easily solved by powerful tools like
Z3 Theorem Prover, Sage, Maple, Matlab
• Z3 supports both arithmetic and bitwise operators, and
custom functions as well.
37. DARPA CGC
• A very important mark in the history of infosec
• It was the first-ever all-machine hacking
tournament
• These machines were able to automatically find
and patch vulnerabilities in binaries
• The Mechanical Phish project, from the Shellphish
team, was able to identify vulnerabilities using both
fuzzing and symbolic execution techniques.
39. DARPA CGC
Mechanical Phish - ANGR
• ANGR is a very powerful binary analysis framework. It was
implemented mostly by the Shellphish team and is one of the main
components of Driller
• It’s one of the most recent open source technologies to perform
reversing/cracking tasks
• We can easily accomplish control-flow analysis, i.e., realize the damn
conditions that make the program reach a specific state of execution
• First, it translates the binary in VEX Intermediate Representation.
Then, simulates instructions in a simulation engine: SimuVEX
• Finally, they use a custom Z3 wrapper. It is called claripy: “a
abstracted constraint-solving wrapper”
41. Ponce
IDA plugin contest - 2016
• Taint analysis: this mode is used to understand
and track where a user input occurs inside a
program
• Symbolic analysis: in this mode, the plugin
maintains a symbolic state of registers and
memory at each step in a binary’s execution
path, allowing the user to solve user-controlled
conditions to do manually guided execution
44. Useful links to fry your brain
(Over 1337 ºC)
• Chill
• https://github.com/RPISEC/MBE (lectures 2 and 3)
• Reddit
• https://reddit.com/r/reverseengineering
• https://reddit.com/r/netsec
• Practice
• http://reversing.kr
• https://ringzer0team.com
• http://crackmes.de
• https://ctftime.org (Read CTF writeups and try to solve some challenges)
• Play CTFs (Hackover CTF just started and HITCON CTF starts in 7 hours)