Penetration Testing and Vulnerability Analysis

Reverse Engineering 101

Reverse Engineering for Vulnerability Analysis with Aaron Portnoy and Peter Silberman.

Play with IDA, your debugger, and x86 assembly ahead of this week's class.

hello.c, hello.exe, hello_static.exe
Intel 64 and IA-32 Architectures Software Developer's Manual: Volume 1: Basic Architecture
Intel 64 and IA-32 Architectures Software Developer's Manual: Volume 2: Instruction Set Reference (A-M, N-Z)

Answer the following five questions with the lab VM

Describe the process you would follow to investigate whether the "Print Spooler" service would be an interesting service to audit (list all tools, gathered information). Google for 'foo.exe vulnerability' where foo.exe is the Print Spooler process name. What is the first result?
Locate and identify the process that maintains a handle to the wkssvc named pipe. What is the name of its parent process?
Describe why it is important to locate an object's constructor and destructor methods within a binary when looking for vulnerabilities. (hint: the Fortify VulnCat might be able to help again)
In IDA Pro, open C:\Windows\system32\ieframe.dll. When the 'load a new file' dialog pops up, just click OK. Give IDA a minute to analyze the binary. Then go to the Exports view (View -> Open subviews->Exports). Sort them by name by clicking on the Name column. What is the name of the first exported function in that list?
Double-click that function to jump to the function definition in the disassembly. How many arguments does this function take? Which function does this function call in to? (note the only call instruction in the function)