Learning: Assembly, Shellcode, Buffer Overflows, Debuggers

Hey there,

I'm having the hardest time learning what's in the title. I've tried youtube video's, looked for books and online reading. Nothing really makes sense to me and even trying to do these things are taking a while for me to even wrap my head around the basics. I'm working on the eCPPT at the moment and I'm not going anywhere as far as these subjects. Feeling kinda dumb lol. Does anyone have any suggestions on learning these subjects?

Find more posts tagged with

Comments

JasminLandry

I did this course x86 Assembly Language and Shellcoding on Linux and I really thought it was great. At the end of the course, I was even able to submit a shellcode to Exploit-DB. @Jollyfrogs started a great thread about it here http://www.techexams.net/forums/security-certifications/119686-slae-jollyfrogs-tale.html. PentesterAcademy also has courses for x64 Assembly and for Windows Buffer Overflows.

globalenjoi

I am in the same boat actually. I started the ELS material in the System Security section and my brain hurt by the second module. I had a pretty good understanding of buffer overflows, or at least I thought... I'll gladly accept any advice that shows up in this thread.

BlackBeret

The SLAE/64 course Jasmin recommended is great. I've started it over twice now because work requirements keep getting in the way of my person study time, but I can't recommend it highly enough. If you purchase the course part of what you get is the GDB course, which covers using GDB as the debugger of choice for the SLAE course. If you're looking for free resources Security Tube's megaprimer series is good as well. It's basically SLAE light. Start with the Linux assembly, then Windows assembly, buffer overflows, and end with exploit research.

http://www.securitytube.net/groups?operation=view&groupId=5

the_Grinch

Great thread with some great info! Definitely going to help with where I am hoping to go! Three weeks to finish my thesis and then it's deep dive time into exploitation

paul78

Just my 2 cents - but I've always thought that starting with a foundation on assembly language is usually the best way before trying to dive into these topics.

I usually recommend the classic The Art of Assembly Language Programming by Hyde. I'm not entirely sure about the copyright status but I've seen PDF's available at various universities if you google. Hardcover can be purchased at your favourite book retailer.

jamesleecoleman

Thanks for the input everyone. I'm sure I could get away without all of the stuff I wrote in the title but it's great stuff to know. I did check out the securitytube stuff and the subscription is a little high at the moment so I'm stuck looking for other things. The megaprimer looks great, hopefully it'll help everyone out who needs it.

SaSkiller

The best IMO has been the GREM material. I have the SLAE stuff too, but the GREM material is presented really well.

jamesleecoleman

Sorry, what is GREM?

NetworkNewb

jamesleecoleman wrote: »

Sorry, what is GREM?

I'm assuming he is referring to the GCIA certification. Technically he would than be talking about to the SANS FOR610 course material.

BlackBeret

In that case, also check out Practical Malware Analysis. It goes in to Assembly from a malware analysis perspective. It doesn't necessarily teach you to program in it or write exploits, but it does give you a goal for analysing and learning along the way.

jamesleecoleman

I was thinking about checking out Practical Malware Analysis but figured it would be way over my head when I read the title. I'll see if I can find it at the book store.

BuzzSaw

So this is going to sound crazy ... but depending on your level of experience, a REALLY great course with high quality content, and even the ability to get a piece of paper is Harvard's free CS50 course. I realize the first few lessons may be pretty basic, but it ramps up quickly, is engaging, and even got me to think differently about some old knowledge I had. While it wont dive deep into malware, and shellcoding, it will give you all the basics and foundation you need to then start to understand those https://www.edx.org/course/introduction-computer-science-harvardx-cs50x

SaSkiller

NetworkNewb wrote: »

I'm assuming he is referring to the GCIA certification. Technically he would than be talking about to the SANS FOR610 course material.

I'm talking about GREM, Reverese Engineering Malware, which discusses ASM, shellcode, debuggers. GCIA does not.

NetworkNewb

SaSkiller wrote: »

I'm talking about GREM, Reverese Engineering Malware, which discusses ASM, shellcode, debuggers. GCIA does not.

Right. Don't shoot the messenger

SaSkiller

Lol, no biggie.

BlackBeret

GREM, the GIAC certification name tied to the test based on the SANS FOR610 course. That's what everyone here is talking about. NetworkNewb just put GCIA instead of GIAC. To be fair, the test wont teach you much, the FOR610 course will teach it all to you. I hold my position, after seeing both, PMA covers more material, in more depth, with more exercises, for 1/200th of the price.

BuzzSaw

BlackBeret wrote: »

The SLAE/64 course Jasmin recommended is great. I've started it over twice now because work requirements keep getting in the way of my person study time, but I can't recommend it highly enough. If you purchase the course part of what you get is the GDB course, which covers using GDB as the debugger of choice for the SLAE course. If you're looking for free resources Security Tube's megaprimer series is good as well. It's basically SLAE light. Start with the Linux assembly, then Windows assembly, buffer overflows, and end with exploit research. http://www.securitytube.net/groups?operation=view&groupId=5

Megaprimer for the win. -- To the OP: check it out. It's free, short, and pretty easy to absorb.