Sunday, August 25, 2013

Binary Auditing Training Package - Vulnerability Analysis Challenges (stack1.exe) - ImmunityDebugger

This is the first video I made for the "Binary Auditing Training Package" of http://www.binary-auditing.com. If you are already familiar with the package you'll see that it contains LOTS of challenges, and I decided to go to the chapter 10 "Vulnerability Analysis", no reason in particular; Basically because it sounds sexy. hehe.

Today, I am presenting the solution for the first challenge which consists basically in giving a solution for /010 - vulnerability analysis/01_warming_up_on_stack/stack1.exe of the package playing around with the stack through buffers using the ImmunityDebugger as a main tool. I am going to create the same solution but now using the IDA disassembler.

It is good to mention that all of the challenges for this chapter are the old Gera's InsecureProgramming challenges compiled as Windows executables. Originally, the researchers interested in source-code auditing can use those challenges -written in C- to understand how the code looks and then also identify/exploit such vulnerabilities contained within the code. Of course we can get the source for all the challenges, but we are good boys and we are not cheating and our target is to solve the challenges from a Reverse Code Engineering (RCE) perspective.

Said so, here the video:



Suggestions? Comments? Drop me an e-mail: chr1x@izpwning.me

Links: 
Binary Auditing Training Package (http://www.binary-auditing.com)

No comments:

Post a Comment