
Nightmare – Guided Intro to Binary Exploitation/Reverse Engineering - throwaway_7718
https://guyinatuxedo.github.io/
======
galacticaactual
The best thing one can do when setting out on the journey to learn reverse
engineering is to avoid the temptation of trying to understand every line of
assembly. Instead, try and gain an intuition around common patterns in various
dialects (ARM / x86 / MIPS / etc).

You can then abstract that understanding into macro-intuitions of control
flow. When opening a black box binary in IDA for the first time, this allows
you to think in terms of "X input results in control flow path Y which gives
me access to function Z and - because of calling convention - register A to
redirect execution to memory location M." Now you're in business and can worry
about shellcode, ROP chains, whatever.

Just a couple of cents from the trenches.

------
candeira
[https://microcorruption.com/](https://microcorruption.com/)

~~~
xenocratus
Can't recommend this enough. It's an exponential increase in difficulty/time
spent on the exercises, but it's really worth it, you end up learning both how
to read assembly and different low-level security issues, countermeasures (NX,
ASLR, stack canaries, safer programming paradigms) and bypasses to said
countermeasures.

~~~
sitzkrieg
i agree, and its for the wonderful msp430 architecture

------
throwaway_7718
Props to @travmatt for this find
([https://news.ycombinator.com/item?id=22401990](https://news.ycombinator.com/item?id=22401990))

------
epr
For anyone who is new to assembly and has $10 to spare, I would recommend
getting Human Resource Machine on steam. It's essentially a game that teaches
you basic assembly programming. It's a lot of fun, and very hackable since you
can import and export between the game and your favorite text editor.

~~~
icholy
Shenzhen IO is also worth checking out.

------
xenocratus
Thanks for the links you've been posting, @throwaway_7718! All great material
that will be tried in due time :)

~~~
throwaway_7718
Happy to help!

------
saagarjha
Nice, this looks fairly comprehensive! It should be a fairly decent resource
for people trying to get into the area.

------
Grimm1
Nice to see CSAW represented so much there. Shout out from an OSIRIS Lab alum.

------
thomk
"We write code that is handed to a compiler, and the compiler takes that code
and generates assembly code that will accomplish whatever the C code tells it
to."

Uhhhh....

~~~
travmatt
It sounds like you have a much clearer way of summarizing the compilation and
linking process. As the book is the product of a college student who wanted to
start a community around learning these skills it doesn’t promise perfection,
and I’m sure we’d benefit from your expertise.

~~~
thomk
No actually my comment was glib, i'd delete it if I could. This is a fine
resource, I was grousing about semantics, it was unwarranted.

