Static Analysis

Hey team!
Its time for our montly workshop! In the past, we have seen a few web challenges, but this friday we will cover a few networking fundamentals, solve web challenges and do an introduction to reverse engineering.

Would be nice if you could prepare a running version of ghidra, otherwise if you encounter issues we can install it together.

This workshop will be useful for the HTB University Competition happening in December and expecting you all to participate!
It will be beginner friendly :)

today we explained general info about reverse engineering, some basic assembly info and the most useful functions of ghidra, while solving a medium HackTheBox challenge (https://app.hackthebox.com/challenges/BinCrypt%20Breaker ). (pwndbg part in next workshop) resources: http://dogbolt.org - static analysis from different tools ghidra - static analysis pwndbg - dynamic analysis note :for the people that had to leave in the end you didnt miss much, but:

1. how did I know which function was executed first? "So in the program that we ran, you saw before you left that I looked over all the available functions and found where it was asking for the flag "Insert the flag" (or smth like that - because I knew from the execution that this was the first thing it did). But in other cases there may be hundreds of functions (because of imported libraries) so in that case you can go to the strings in the end of the file and look for the XREFs. Another way to find the strings' usage is to double click them from the strings window (look for "windows" at the top). TLDR: usually you can find the program functonality you want from strings
2. showed how assembly is read much easier if you read it from the assembly graph.
3. This was just a demonstration of how static reverse engineering works and how most challenges are solved so that you get the idea and intuition behind it. But you have to practice it on your own because solving while explaining is pretty slow and we have limited amount of workshops (sorry). Also I used python to not waste time but most of the times especially if the math/encryption is complicated I will use c because i know exaclty how the function behave and can literally copy them from the lifter.