windows reverse engineer | Hacking Book | Free Online Hacking Learning

Familiar with the basic concepts and principles of vulnerability related concepts in 4 weeks (basic principles of binary vulnerability, vulnerability types, vulnerability utilization methods, common vulnerability mining, shellcode writing). Through keywords (stack overflow, heap overflow, integer overflow, UAF, double free, shellcode) to understand the basic concepts of Google / secwiki; read Q version buffer overflow, 0day vulnerability mining and other books, learn the basic principles and basic utilization methods of binary vulnerability formation, and carry out practical operations; learn some chapters of encryption and decryption, and be familiar with wind Basic knowledge of important data structure, function parameter transfer method and PE file structure of ows system. written by: coolsmurfs

Familiar with the basic concepts and principles of vulnerability related concepts (binary vulnerability basic principles, vulnerability types, vulnerability utilization methods, common vulnerability mining, shellcode writing).

Through keywords (stack overflow, heap overflow, integer overflow, UAF, double free, shellcode) to understand the basic concepts of Google / secwiki;
Read "Q version buffer overflow", "0day vulnerability mining" and other books, learn the basic principles and basic utilization methods of binary vulnerability formation, and carry out practical operation;
Learn some chapters of encryption and decryption, and be familiar with the basic knowledge of important data structure, function parameter transfer method and PE file structure of windows system.
written by: coolsmurfs
4 weeks familiar with related tools and platforms, familiar with IDA, WinDbg, OllyDbg, immune debugger, bindiff, Metasploit and other common vulnerability analysis debugging and integration platform use; understand the use background and purpose of these tools, which can be learned through Google / secwiki and other searches. Download and install the corresponding tools and build the corresponding platform. Learn the functions and basic usage of these tools, and collect useful tool plug-ins (such as Mona, idapython). Tutorials can be searched on Google or secwiki. Learn the plug-in and footstep writing methods of common tools, such as WinDbg plug-in writing, IDC and idapython footstep writing, OD script writing. For details, please refer to Google related tutorials. Familiar with the use of Metasploit penetration tools, focusing on vulnerability module selection, viewing, configuration utilization, shellcode export configuration and other functions, and using Metasploit for practice. Specific tutorials can be Google: for example, Metasploit tutorials, after basic tools are familiar, make relevant tools into a toolbox. written by: coolsmurfs

Familiar with related tools and platforms, familiar with IDA, WinDbg, OllyDbg, immune debugger, bindiff, Metasploit and other common vulnerability analysis debugging and integration platform use;

Learn about the use background and purpose of these tools, which can be found through Google / secwiki and other searches.
Download and install the corresponding tools and build the corresponding platform.
Learn the functions and basic usage of these tools, and collect useful tool plug-ins (such as Mona, idapython). Tutorials can be searched on Google or secwiki.
Learn the plug-in and footstep writing methods of common tools, such as WinDbg plug-in writing, IDC and idapython footstep writing, OD script writing. For details, please refer to Google related tutorials.
Familiar with the use of Metasploit penetration tools, focusing on vulnerability module selection, viewing, configuration utilization, shellcode export configuration and other functions, and using Metasploit for practice. Specific tutorials can be Google: for example, Metasploit tutorial
After the basic tools are familiar, make a toolbox of related tools.
written by: coolsmurfs
After mastering the basic vulnerability principles and utilization ideas, the 8-week vulnerability sample analysis starts to analyze various types of vulnerabilities and write analysis reports. Through the major vulnerability disclosure platforms (exploit dB, CVE, binvul, etc.) of search engines, we collect and classify the classic binary vulnerabilities that have been exposed over the years, and collect the corresponding vulnerability analysis tutorials at the same time. According to the vulnerability description, build the corresponding vulnerability debugging and analysis environment, use Metasploit to generate samples to reproduce the vulnerability, and debug and analyze according to the vulnerability analysis report. After the debugging analysis is completed and the causes of vulnerability triggering and corresponding utilization methods are mastered, a careful summary is made and a debugging analysis report is written. According to the analysis of ruby source code and debugging process in Metasploit, I try to write vulnerability POC and verify it. Analyze 3-5 types of vulnerabilities, summarize the formation mechanism of various types of vulnerabilities and summarize them in time. written by: coolsmurfs

After mastering the basic vulnerability principles and utilization ideas, vulnerability sample analysis starts to analyze various types of vulnerabilities and write analysis reports.

Through the major vulnerability disclosure platforms (exploit dB, CVE, binvul, etc.) of search engines, we collect and classify the classic binary vulnerabilities that have been exposed over the years, and collect the corresponding vulnerability analysis tutorials at the same time.
According to the vulnerability description, build the corresponding vulnerability debugging and analysis environment, use Metasploit to generate samples to reproduce the vulnerability, and debug and analyze according to the vulnerability analysis report.
After the debugging analysis is completed and the causes of vulnerability triggering and corresponding utilization methods are mastered, a careful summary is made and a debugging analysis report is written.
According to the analysis of ruby source code and debugging process in Metasploit, I try to write vulnerability POC and verify it.
Analyze 3-5 types of vulnerabilities, summarize the formation mechanism of various types of vulnerabilities and summarize them in time.
written by: coolsmurfs
9 weeks

9-week vulnerability mining platform to master the mainstream vulnerability mining methods fuzzy testing and the use of each fuzzy testing platform. Familiar with the basic principles of fuzzy testing, and understand the mainstream fuzzy testing platform, such as peach fuzzy, AFL, etc. Build a peach fuzzy testing framework, be familiar with the use scope of peach fuzzy, the basic working principles of each module of peach fuzzy, and master the rules of peach pit grammar. Read the template of peach pit, write the corresponding peach pit file by reference and test the target software with fuzzy based on the simple document format. Understand the basic working principle of AFL, master the basic use method of AFL, download and install winafl of Windows platform, be familiar with its use, and use it to test the non open source software under Windows platform. On the basis of proficient use of the above fuzzy test platform, read the source code of the tool, have a deeper understanding of its working principle, and develop customized tools according to their own needs on this basis. Familiar with other fuzzy testing framework or platform. written by: coolsmurfs

The use of vulnerability mining platform master the mainstream vulnerability mining methods fuzzy testing and the use of various fuzzy testing platforms.

Familiar with the basic principles of fuzzy testing, and understand the mainstream fuzzy testing platform, such as peach fuzzy, AFL, etc.
Build a peach fuzzy testing framework, be familiar with the use scope of peach fuzzy, the basic working principles of each module of peach fuzzy, and master the rules of peach pit grammar.
Read the template of peach pit, write the corresponding peach pit file by reference and test the target software with fuzzy based on the simple document format.
Understand the basic working principle of AFL, master the basic use method of AFL, download and install winafl of Windows platform, be familiar with its use, and use it to test the non open source software under Windows platform.
On the basis of proficient use of the above fuzzy test platform, read the source code of the tool, have a deeper understanding of its working principle, and develop customized tools according to their own needs on this basis.
Familiar with other fuzzy testing framework or platform.
written by: coolsmurfs
0 weeks
0 week step programming and symbol execution framework learning choose one of the step languages python, Perl, JavaScript, to be familiar with the syntax, to learn the common libraries, recommend learning python, python library is relatively perfect, which can greatly improve the work efficiency. Build the corresponding development environment, choose the corresponding ide according to your own preferences, recommend sublime, etc. Choose a suitable tutorial to learn Python basic syntax, such as Python core programming. After learning the basic syntax of python, you can learn some libraries of Python used in reverse engineering. It is recommended to learn Python grey hat, which introduces the common Python libraries used in reverse engineering and the applications of Python used in the fields of identity debugger and Ida python. Using these libraries, you can develop many automatic analysis tools and save analysis time. Learn some dynamic pile insertion analysis tools, such as pin developed by Intel, and use pin pile insertion platform to develop some stain tracking analysis tools. At the same time, you can search for pin related projects on GitHub, join and learn. Learn some symbolic execution frameworks or platforms. Symbolic execution is regarded as the most potential research direction in program analysis and vulnerability mining. There are mature frameworks for symbolic execution used in program analysis and automatic vulnerability mining and utilization. Recommended learning platforms: S2E, Klee, angr. Collect some academic papers related to symbol execution and study them. written by: coolsmurfs

Step programming and symbol execution framework learning choose one of the step languages python, Perl and JavaScript to be familiar with the syntax, learn the common libraries, recommend learning python, python library is relatively perfect, which can greatly improve the work efficiency.

Build the corresponding development environment, choose the corresponding ide according to your own preferences, recommend sublime, etc.
Choose a suitable tutorial to learn Python basic syntax, such as Python core programming.
After learning the basic syntax of python, you can learn some libraries of Python used in reverse engineering. It is recommended to learn Python grey hat, which introduces the common Python libraries used in reverse engineering and the applications of Python used in the fields of identity debugger and Ida python. Using these libraries, you can develop many automatic analysis tools and save analysis time.
Learn some dynamic pile insertion analysis tools, such as pin developed by Intel, and use pin pile insertion platform to develop some stain tracking analysis tools. At the same time, you can search for pin related projects on GitHub, join and learn.
Learn some symbolic execution frameworks or platforms. Symbolic execution is regarded as the most potential research direction in program analysis and vulnerability mining. There are mature frameworks for symbolic execution used in program analysis and automatic vulnerability mining and utilization. Recommended learning platforms: S2E, Klee, angr.
Collect some academic papers related to symbol execution and study them.
written by: coolsmurfs

With the development of artificial intelligence, the research of security field will also develop to replace human with machine. In this year's CGC challenge, its theme is "the world's first all-machine hacking "Journey" embodies the idea that the machine will replace the human to carry out network attack and defense confrontation, and the development of automatic tools will be the next direction of further development. After in-depth study and understanding of the causes of various types of vulnerabilities, the corresponding vulnerability model is gradually established for each type of vulnerability. By using symbol execution, machine learning and other methods, combined with the established vulnerability model, the corresponding automatic vulnerability mining prototype system is developed, which can automatically mine vulnerabilities with less human participation. Based on the analysis of the causes and conditions of vulnerability triggering, and the method of symbol execution, a set of platform for vulnerability automatic analysis is established, which can support the high-level functions such as the availability evaluation and utilization generation of the exception samples produced by the mining system. In-depth analysis of the process of vulnerability utilization and utilization skills, establish the corresponding attack detection model, and develop the corresponding detection system, which can detect and alarm various types of vulnerability attacks. written by: coolsmurfs

With the development of artificial intelligence, the research of security field will also develop to replace human with machine. In this year's CGC challenge, its theme is "the world's first all-machine hacking "Journey" embodies the idea that the machine will replace the human to carry out network attack and defense confrontation, and the development of automatic tools will be the next direction of further development.

After in-depth study and understanding of the causes of various types of vulnerabilities, the corresponding vulnerability model is gradually established for each type of vulnerability.
By using symbol execution, machine learning and other methods, combined with the established vulnerability model, the corresponding automatic vulnerability mining prototype system is developed, which can automatically mine vulnerabilities with less human participation.
Based on the analysis of the causes and conditions of vulnerability triggering, and the method of symbol execution, a set of platform for vulnerability automatic analysis is established, which can support the high-level functions such as the availability evaluation and utilization generation of the exception samples produced by the mining system.
In-depth analysis of the process of vulnerability utilization and utilization skills, establish the corresponding attack detection model, and develop the corresponding detection system, which can detect and alarm various types of vulnerability attacks.
written by: coolsmurfs