Dave Kukfa Security bub

Resources

Speaking

BinDbg: Easy Windows Debugging for Binary Ninja

  • April 2018
  • Presented at BSidesROC
  • Overview and demo of a new reverse engineering tool

“IDA Pro – the “gold standard” of binary analysis tools – is very good at what it does, but it comes with a hefty price tag that is usually only justifiable to professional reverse engineers. Several alternatives have begun to challenge the status quo of reversing tools, including Binary Ninja: a powerful, affordable static-analysis tool. While I attempted to convert to using Binary Ninja, I often missed the fusion of static and dynamic analyses that IDA provided, and existing Binary Ninja debugger integrations were not designed with Windows users in mind. So, I wrote a plugin that syncs WinDbg to Binary Ninja to combine Binary Ninja’s static analysis features (such as the disassembly graph and the IL) with the power of dynamic analysis (such as virtual function table resolution and knowing the outcome of branch instructions).”

The Hardest CTF I’ve Ever Done: My Experiences Reverse Engineering an MMORPG

  • April 2017
  • Presented at BSidesROC
  • Provides a high-level overview, methodology, and technical details of reverse engineeering an MMORPG

“MMORPGs provide countless hours of entertainment by allowing gamers to escape into exciting virtual worlds and form communities through their online interactions. However, these games are almost entirely at the mercy of their publishers: if the game is decommissioned and the server is shut down, these virtual worlds cease to exist, game communities are broken up, and the game is left virtually unplayable. At this point, many turn to reverse engineering the game to restore gameplay – a long, arduous technical challenge that is riddled with pitfalls and gotchas. This talk covers the journey I’ve gone through while reverse engineering a decommissioned MMORPG over the past 2 years. Technical aspects will be discussed, as well as legal implications and a project demo.”

Other

Web Application Cheat Sheet

  • Reference document that provides a quick overview of web application security issues