Archive for October, 2018

21 Oct

A walk with radare2 analysis

Posted by Peter Teoh in reverse engineering, security.

Analysing the binary: “resident”

https://github.com/radare/radare2/issues/3433

https://github.com/radare/radare2/issues/3684

https://github.com/radare/radare2/issues/9166

https://samsymons.com/blog/reverse-engineering-with-radare2-part-1/

Click to access Tomas_Antecky-Disassembling_with_radare2.pdf

https://radare.gitbooks.io/radare2book/disassembling/intro.html

https://www.g0jirasan.com/2017/08/radare2-cheat-sheet.html

https://twitter.com/binitamshah/status/535968768371859457

https://eforensicsmag.com/reverse_engi_cheatsheet/

And this:

https://gist.github.com/williballenthin/6857590dab3e2a6559d7

https://scoding.de/uploads/r2_cs.pdf

http://b404.xyz/sources/r2-cheatsheet.pdf

https://reverseengineering.stackexchange.com/questions/11653/method-disassembly-of-objective-c-mach-o-with-radare-2

Analysis:   load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main
  • show basic block disassembly: pdb
  • show function disassembly: pdf
  • show function arguments: afa
  • show function variables: afv
  • rename function variable: afvn
  • set function variable type: afvt
  • add/analyze function: af
  • enter graph modes: VV
  • cycle types of graphs:
    • forward: p
    • backwards: P

21 Oct

RUST programming

Posted by Peter Teoh in security, technical.

Wow…I am very impressed…..soon or later all C programs (meaning Operating SYstem) will be migrated to RUST soon…..

https://www.reddit.com/r/rust/comments/2snn7a/hashmaprcstring_v/

https://doc.rust-lang.org/book/second-edition/ch15-04-rc.html

https://www.youtube.com/watch?v=_jMSrMex6R0 (good, but not as inspiring as the next video below)

https://os.phil-opp.com

https://github.com/redox-os/redox

RUST security:

https://www.rust-lang.org/en-US/security.html

https://users.rust-lang.org/t/what-makes-rust-a-high-security-language-what-could-be-done-better/9879

https://www.reddit.com/r/rust/comments/5y3cxb/how_many_security_exploits_would_rust_prevent/

https://www.youtube.com/watch?v=cDFSrVhnZKo

Memory Safety
Thread Safety (ie, NO data race)
Unit tests
Type system
No Exceptions, which allows warnings for unused Err Results meaning all errors can be provably caught and handled
No Garbage collector

https://blog.getreu.net/projects/embedded-system-security-with-Rust/

Cyclone (predecessor for RUST): http://www.cs.umd.edu/projects/cyclone/online-manual/main-screen002.html

https://medium.com/@shnatsel/auditing-popular-rust-crates-how-a-one-line-unsafe-has-nearly-ruined-everything-fab2d837ebb1

https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6

Vickblöm

Research scattered with thoughts, ideas, and dreams

WPScan

Site Title

Penetration Testing Lab

Offensive Techniques & Methodologies

Astr0baby's not so random thoughts _____ rand() % 100;

@astr0baby on Twitter for fresh randomness

Data Science & Deep Learning

WildML

The Data Explorer

playing around with open data to learn some cool stuff about data analysis and the world

Conorsblog

Data | ML | NLP | Python | R

quyv

Just a thought

cuponthetop

IFT6266 - H2017 Deep Learning

A Graduate Course Offered at Université de Montréal

Deep Learning IFT6266-H2017 UdeM

Philippe Paradis - My solutions to the image inpainting problem

IFT6266 - Deep Learning : Inpainting Project

Deep Learning Applied to PMU Data in Power Systems

Pedro Emanuel Almeida Cardoso

Deep Learning W17 project page

IFT6266 – H2017 DEEP LEARNING

Pulkit's thoughts on the course project

Thomas Dinsmore's Blog

No man but a blockhead ever wrote except for money -- Samuel Johnson

the morning paper

a random walk through Computer Science research, by Adrian Colyer

The Spectator

Shakir's Machine Learning Blog