WEEK 4 REFLECTION

WEEK 4

On Monday, a industry professional expert ‘Ruben’ that introduced us to the world of reverse engineering. Pic1 [Reverse Engineering and Binary Exploitation 0x00]()

Reverse Engineering

Reverse Engineering is the skill of figuring out what a black box is doing. This includes being able to figure out what a set of assembly instructions means. This doesn’t mean you have to understand every single instruction. With enough practice you’ll start recognising structures pretty quickly.
Pic2

Some common instructions are:

je: Jump to an address if its equal to something. If unequal, continue with the flow.
jmp: Perform a jump to an address.
call: Jump to a new function while also pushing the current EIP/RIP value to the stack.
cmp: compare two values with each other.
lea: Load effecive address: load a pointer into a register
mov: Move the value (at the pointer) into a register


The most important part for reverse project is to looking for data flow and logic control. There are also many data that been encoded. Sometimes we need to recognise and decode them. Pic3

(I did not really understand what is going on here, so I just make it generally. Is that human-readable?)


Deakin Oweek CTF

Portal: https://ctf.deakininfosec.com.au/challenges These challenges are really friendly for those who are new to cyber security.

I solved half of them and here I will list the details about Reversing challenge - Unbreakable.

To accept the challenge, you need to download a .exe file which can easily open in Windows system. This application can be opened and pops up a box only let you to try the right password.

I just did reversing to view the source code using Strings, ILSpy and Reflexil.for.ILSpy.

Strings is the tool that provided by Microsoft

Introduction

Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. So we decided to roll our own. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters. Note that it works under Windows 95 as well.

It’s easy to use and Strings can scans the file to human readable UNICODE characters, and it shows all components of this application.

Pic4

I actually found the Password and the FLAG from here (when 2nd time I reviewed these strings). I think I found it without following this designer’s design but I just got it. Piece of cake :p
Pic5

At the end, here is my Rank score. Pic6

Through these Oweek challenges, I found it is easy for me (after 3 weeks cyber security study). Simple question I knew how to do so that I found a few flags immediately. That is cooool!


EXPO !

Friday was a big day! The whole summer studio stay together and enjoyed free pizza! Also, it was the time we show our final artifects to other fields students. After talking a while, I found that everyone think cyber security is pretty cool and full of challenges. I showed a little to my friends about how to get Invite Code from HackTheBox. He was fully attracted like he was watching a magic show by the pentesting and encode/decode staff. To be honest, there are more students who did summer studio from other fields, expect to joined Cyber Security if there is another chance to choose.

Pic7

Took a selfie with Crist :p Pic8

Jason was focused on his fantastic presentation. Pic9

I also visited to Real-World Nerual Network team. One team did one recognition system that it can label every human images in the video. And shared me a open course video link to study NN from the beginning.
https://www.lynda.com/Keras-tutorials/Neural-Networks-Convolutional-Neural-Networks-Essential-Training/689777-2.html?org=uts.edu.au

In conclusion, week 4 everyone was engaged and excited. At the end of 2019 summer seesion, I feel great and be powered by all other guys in the studio. And I still need do more research to get one box for the final report.

Reference: https://stackoverflow.com/a/80113 http://uts-cs.securitygrounds.org/reverse-engineering/0x00/index.html