Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: Brilliant.org/davidbombal // RUclips video REFERENCE // Free Exploit development training (beginner and advanced) ruclips.net/video/LWmy3t84AIo/видео.html Buffer Overflow Hacking Tutorial (Bypass Passwords): ruclips.net/video/c2BvS2VqDWg/видео.html // Stephen's Social // X: x.com/Steph3nSims RUclips: www.youtube.com/@OffByOneSecurity // Stephen RECOMMENDS // Disassemblers: Binary Ninja: binary.ninja/ IDA Pro: hex-rays.com/products/%20ida/ Ghidra: ghidra-sre.org/ Free Learning Resources: An Intro to C for Windows Dev: www.sans.org/webcasts/intro-c-windows-devs/ Books Gray Hat Hacking Series by various authors: US amzn.to/3B1FeIK UK amzn.to/3A920AL The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler Second Edition by Chris Eagle US amzn.to/3Yv3srw UK amzn.to/3Wtz8e6 // David's SOCIAL // Discord: discord.com/invite/usKSyzb X: www.x.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 00:00 - Intro 01:06 - Brilliant sponsored segment 02:36 - Stephen Sims // Off By One Security RUclips channel 04:02 - Hello World 06:11 - Learning the C programming language 09:34 - Introduction to reverse engineering 13:57 - Functions explained 16:43 - Stripped explained 18:03 - Disassemble explained // Differences between flavors 25:11 - History behind the two flavors 25:58 - Disassemble explained continued 26:22 - Return oriented programming explained 27:14 - Reverse engineering demo 01:07:46 - IDA Pro Demo 01:16:42 - Conclusion Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #android #ios #hacker
I remember doing assembler language for the intel 80386 30 years ago. We had a colourful IDE all the registers were neatly displayed. It was much easier to follow then purely a text based solution. I remember stepping through my code and connecting directly to the hardware. Ridiculously fast executions.
@@davidbombalThank you! I love your channel and videos, it’s honestly what inspires me to continue down the path of cyber security. I was also wondering about MOK management, Platform Keys, KeK Keys, etc (for UEFI bios) and TPM(secure boot) and what vulnerabilities this could prevent or even not prevent.
A good reference for folks who like to learn from a book is Practical Binary Analysis (no starch press) - it does require familiarity with C and assembly.
This is probably one of my favorite videos I’ve seen this year. It does go deeper than others, but if you’re interested in this, if you’re interested in malware analysis and reverse engineering, this is a powerful primer
Smart guests, smart host, smart community makes davidbambal the legendary youtuber for not only who starting out but for intermediate and pros as well.
It's great quick overview of the underlying basic principles of Reverse Engineering. Thank you for this amazing content, that too for Free!. It really helps.
Reverse engineering is really not for beginners. You need C, x86 asm, windows internals, system programming, know a dynamic debugging tool such as x64dbg, a static debugging tool like ghidra and hours of crackmes.
Thanks to all of you for this video I got better explanations. I want to learn advance things but most of the courses are expensive and trying to figure things out the hard way, since I am not following a well-known path.
There's a lot of "easy stuff" I haven't learned, so I don't mind if you cover the "easy" stuff because I still might learn something new! Steven is great, I watched every thing on his channel and learned a lot!
Pro tip: videos with sample code in them di much better because many can follow along and take oridw in ACTUALLY creating something to show off. Great video
When i listen to this level of knowledge it reminds me of watching John Hammond reverse engineering videos. My brain literally brakes and pukes on itself, but once i listen to it again and i keep improving, i eventually get 0% of it. lol just kidding but also not kidding !! Please keep them coming. OTW is fun as well. Keep it fun @david. Good stuff !!
1. Patching a DLL: How can I patch a DLL used by a Windows program so that when a function in the DLL is called, it logs a message to a file saying "I am called" and also logs the data in variables or the stack? 2. IDC Scripting: Can you help me write an IDC script for IDA Pro, or a similar script in Ghidra, that logs the functions being called, their addresses, the stack variables, and which part of the data file is being used when I run the program between two breakpoints? 3. How can I find out how a program reads an encrypted or obfuscated file and converts its content? Also, what are `bcrypt.dll` and `bcryptprimitives.dll` used for and how to use them?
Hello sir, this video is really great it gives a good idea about basics and how everything is going in reversing stuff this is very useful for people who are asking I want to learn reverse engineering, now this video made it clear in addition to the video was going in a simple and an interesting way at the end I want to thank you and him for that great effort best wishes ❤
30:01: It's emtpy because $rip's value needs to be incremented by 0x7; i.e.: value of rip is referenced after lea is prefetched (or whatever its called). (gdb) x/s $rip+0xec0+7 0x555555556004: "Hi Mars" (gdb)
This was great! Loved the the first part dealng with Linux heap. But honestly the way Microsoft has been down right bellecose by foisting software without even asking. The're blatant disregard for security and being underhanded about bug bounties. And If Windows goes to the cloud, forget about it. Linux, Linux.
I always preferred AT&T syntax!! because it’s the way I learned and started assembly on 68k when I was seven yo. don’t get me wrong, I had to switch to Intel years after, but it was painful because 68k is kinda my “mother tongue” (and my blood is big endian lol) but things got better with ARM!
Thank you for your continued sharing of valuable knowledge. Much appreciation for all you are doing. As I continue learning my ? is where would I look to see if an opensource distro is dialing out to someone after I install it.
This was amazing, but scary to think this was "very basic stuff". Can Stephen give a tutorial on how to go about reverse engineering and manipulating a saved game file?
awww, nice also can you make 'for dummies' introduction to this? give some analogy like morse code - code and decode the message then give a rough overview giving the starting point and the end result and then jump into the details lots of presenters jump right into nano details without linking them to the big picture
I want to move 5 apples into the basket... "move #5, basket" makes perfect logical sense. "move basket, #5" is, frankly, silly. "Ah but, with enough practice you can get used to anything" - true, but that's no excuse. It's the same with justifying "=" and "==" because context awareness doesn't exist.
Purchasing a stock may seem straightforward, but selecting the correct stock without a proven strategy can be exceedingly challenging. I've been working on expanding my $210K portfolio for a while, and my primary obstacle is the lack of clear entry and exit strategies. Any advice on this matter would be greatly appreciated.
6:01 Because if able to hex edit, imagine all the time you could save getting beyond the ninth level in super metroid using a custom exploit... 27:12 Yeah but this why y2k38 is so scary.
Purchasing a stock may seem straightforward, but selecting the correct stock without a proven strategy can be exceedingly challenging. I've been working on expanding my $210K portfolio for a while, and my primary obstacle is the lack of clear entry and exit strategies. Any advice on this matter would be greatly appreciated.
Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: Brilliant.org/davidbombal
// RUclips video REFERENCE //
Free Exploit development training (beginner and advanced) ruclips.net/video/LWmy3t84AIo/видео.html
Buffer Overflow Hacking Tutorial (Bypass Passwords): ruclips.net/video/c2BvS2VqDWg/видео.html
// Stephen's Social //
X: x.com/Steph3nSims
RUclips: www.youtube.com/@OffByOneSecurity
// Stephen RECOMMENDS //
Disassemblers:
Binary Ninja: binary.ninja/
IDA Pro: hex-rays.com/products/%20ida/
Ghidra: ghidra-sre.org/
Free Learning Resources:
An Intro to C for Windows Dev: www.sans.org/webcasts/intro-c-windows-devs/
Books
Gray Hat Hacking Series by various authors:
US amzn.to/3B1FeIK
UK amzn.to/3A920AL
The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler Second Edition by Chris Eagle
US amzn.to/3Yv3srw
UK amzn.to/3Wtz8e6
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
X: www.x.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: www.youtube.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Intro
01:06 - Brilliant sponsored segment
02:36 - Stephen Sims // Off By One Security RUclips channel
04:02 - Hello World
06:11 - Learning the C programming language
09:34 - Introduction to reverse engineering
13:57 - Functions explained
16:43 - Stripped explained
18:03 - Disassemble explained // Differences between flavors
25:11 - History behind the two flavors
25:58 - Disassemble explained continued
26:22 - Return oriented programming explained
27:14 - Reverse engineering demo
01:07:46 - IDA Pro Demo
01:16:42 - Conclusion
Disclaimer: This video is for educational purposes only.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#android #ios #hacker
Everyone's "Hello World" is the gateway drug to programming.
😂
„gateway drug to programming“. Where have I heard that? ;)
(For anyone wondering I think the comment is mentioning fireship.)
@@atlantic_love it's a drug, therefore abused, not over-used
It was originally (if your old 😆)
10 print "hello world"
20 goto 10
@@davidbombal Bro can you make a video on how to extract vuln websites plz bombal sir ❤
I remember doing assembler language for the intel 80386 30 years ago. We had a colourful IDE all the registers were neatly displayed. It was much easier to follow then purely a text based solution.
I remember stepping through my code and connecting directly to the hardware. Ridiculously fast executions.
Amazing how smart and how passionate he is, I have no idea what he was talking about half the time but I tried to lol. Great content as always David
We can all learn so much from Stephen! Look at the free C course he mentioned (linked in the video description).
@@davidbombalThank you! I love your channel and videos, it’s honestly what inspires me to continue down the path of cyber security.
I was also wondering about MOK management, Platform Keys, KeK Keys, etc (for UEFI bios) and TPM(secure boot) and what vulnerabilities this could prevent or even not prevent.
A good reference for folks who like to learn from a book is Practical Binary Analysis (no starch press) - it does require familiarity with C and assembly.
This is probably one of my favorite videos I’ve seen this year. It does go deeper than others, but if you’re interested in this, if you’re interested in malware analysis and reverse engineering, this is a powerful primer
I'm going to watch this one twice. This guy is a great teacher.
Way over my head, but I enjoyed it anyway. Thanks David!
yeah i'm so lost lmao, glad i'm not the only one
It's only over your head if you are short minded......😅
Oh my goodness! the amount of excitement I got when I saw the video
So happy to hear that! 😀
Love to see some real deep tech videos from your channel David!
Was just looking into this topic. The timing couldn’t be better. Thanks! 🎉
Smart guests, smart host, smart community makes davidbambal the legendary youtuber for not only who starting out but for intermediate and pros as well.
It's great quick overview of the underlying basic principles of Reverse Engineering. Thank you for this amazing content, that too for Free!. It really helps.
David talks!!!
Cyber Rocks!!!😎😎😎
Thank you
Oh my god! Welcome back!!
I remember you i thought your last interview was SO COOL with David!
I can't wait to watch this episode.
Reverse engineering is really not for beginners. You need C, x86 asm, windows internals, system programming, know a dynamic debugging tool such as x64dbg, a static debugging tool like ghidra and hours of crackmes.
yep it's hard but with song called omfg hello 😂 it fun am all in
Great video and tutorial as RE is so critical. Thank you both!
You're welcome! I hope you enjoy the video!
This was fun, i cant fathom how good stephen courses are he is great at what he does
@31:19, if x/s $rip+0xec4 doesn’t work, it’s because you also need to add the 7 bytes taken by the instruction, 0x…5ffd + 7 = 0x…6004
Thanks to all of you for this video I got better explanations. I want to learn advance things but most of the courses are expensive and trying to figure things out the hard way, since I am not following a well-known path.
There's a lot of "easy stuff" I haven't learned, so I don't mind if you cover the "easy" stuff because I still might learn something new! Steven is great, I watched every thing on his channel and learned a lot!
Pro tip: videos with sample code in them di much better because many can follow along and take oridw in ACTUALLY creating something to show off. Great video
Thank you for putting out great content David. Thank you as well Stephen!
Thank you. I hope you learn something new 😀
Let's go over to heap internals in the next video - David please :)
When i listen to this level of knowledge it reminds me of watching John Hammond reverse engineering videos. My brain literally brakes and pukes on itself, but once i listen to it again and i keep improving, i eventually get 0% of it. lol
just kidding but also not kidding !!
Please keep them coming.
OTW is fun as well. Keep it fun @david. Good stuff !!
1. Patching a DLL: How can I patch a DLL used by a Windows program so that when a function in the DLL is called, it logs a message to a file saying "I am called" and also logs the data in variables or the stack?
2. IDC Scripting: Can you help me write an IDC script for IDA Pro, or a similar script in Ghidra, that logs the functions being called, their addresses, the stack variables, and which part of the data file is being used when I run the program between two breakpoints?
3. How can I find out how a program reads an encrypted or obfuscated file and converts its content? Also, what are `bcrypt.dll` and `bcryptprimitives.dll` used for and how to use them?
Hello sir, this video is really great it gives a good idea about basics and how everything is going in reversing stuff this is very useful for people who are asking I want to learn reverse engineering, now this video made it clear in addition to the video was going in a simple and an interesting way
at the end I want to thank you and him for that great effort
best wishes ❤
Thank you David for this video. I like it
You are very welcome. Glad to hear that!
30:01: It's emtpy because $rip's value needs to be incremented by 0x7; i.e.: value of rip is referenced after lea is prefetched (or whatever its called).
(gdb) x/s $rip+0xec0+7
0x555555556004: "Hi Mars"
(gdb)
I was already subbed since last episode! And i read your book YEARS ago ^^
Huge fan Stephen!
this is exactly what I wanted
Absolutely love him. His channel is excellent too!
This was great! Loved the the first part dealng with Linux heap. But honestly the way Microsoft has been down right bellecose by foisting software without even asking. The're blatant disregard for security and being underhanded about bug bounties. And If Windows goes to the cloud, forget about it. Linux, Linux.
Keep sharing such amazing tutorials!!
I always preferred AT&T syntax!! because it’s the way I learned and started assembly on 68k when I was seven yo.
don’t get me wrong, I had to switch to Intel years after, but it was painful because 68k is kinda my “mother tongue” (and my blood is big endian lol)
but things got better with ARM!
Thank you for your continued sharing of valuable knowledge. Much appreciation for all you are doing. As I continue learning my ? is where would I look to see if an opensource distro is dialing out to someone after I install it.
Keep the Good work david😊😊😊
Thank you!
"Stephen Sims!"
the best!!!!
This was amazing, but scary to think this was "very basic stuff". Can Stephen give a tutorial on how to go about reverse engineering and manipulating a saved game file?
Awesome Thank you for Sharing 💯✴
Thank you so much David for this amazing video. I have a question what are the books for this field that are recommended for reading ?
Brilliant!
yeah, this is the content i want. Thanks
Amazing !!!
awww, nice
also can you make 'for dummies' introduction to this?
give some analogy like morse code - code and decode the message
then give a rough overview giving the starting point and the end result
and then jump into the details
lots of presenters jump right into nano details without linking them to the big picture
Awesome show lads 🎉
Reverse engineering is my fav
how lucky i was to get to know this channel
David my life ambition is to visit you atleast once
Hello David Bombal... ❤❤
Hello!
Thanks
Love this!
I want to move 5 apples into the basket...
"move #5, basket" makes perfect logical sense.
"move basket, #5" is, frankly, silly.
"Ah but, with enough practice you can get used to anything" - true, but that's no excuse. It's the same with justifying "=" and "==" because context awareness doesn't exist.
This is some good stuff
Purchasing a stock may seem straightforward, but selecting the correct stock without a proven strategy can be exceedingly challenging. I've been working on expanding my $210K portfolio for a while, and my primary obstacle is the lack of clear entry and exit strategies. Any advice on this matter would be greatly appreciated.
i followed your steps but i got a different results when i used gdb i got printif instead of puts@plt , i use gcc (Debian 13.2.0-24) 13.2.0
Can you do a video on how to run Kali Linux on Apple silicon?
I made this video in the past, but I'll make a new video: ruclips.net/video/fcrSmbUIHuo/видео.html
@@davidbombal thank you! I wanted to run Kali in docker on my M1 Max but couldn’t seem to get the GUI to work. 🤨
6:01 Because if able to hex edit, imagine all the time you could save getting beyond the ninth level in super metroid using a custom exploit...
27:12 Yeah but this why y2k38 is so scary.
I'm trying to understand, if program doesn't compile with -g flag it cannot reversed?
Excellent fundamentals! Thank you
Is this compatible with monitor mode: AWPCIE-1900U do u know?
NICE! 😃👍
Hi David,i am looking for an laptop can you tell is galaxy book 2 pro i5 1240p laptop is good for this field?
is it still worth it to student C? or should I go python. as beginner
Cool
Wow.
6th David reply to me plzzzzzzzzzz idk just give me quote of the day 🤣
I appreciate your support! Make the most of your life 😀
@@davidbombal alright 😎
David we need Reverse Engineering with Python
I'll ask Stephen 😀
27:15
Hello
Hello!
Pizzaa
🔥🔥❤
Am i the only one who get lost in the middle of the video???
Type shii
Dear sir
How to h**k cctv using wifi router
🤍
This video is too complicated. I'd say it is for advanced in cybersecurity and programming.
Purchasing a stock may seem straightforward, but selecting the correct stock without a proven strategy can be exceedingly challenging. I've been working on expanding my $210K portfolio for a while, and my primary obstacle is the lack of clear entry and exit strategies. Any advice on this matter would be greatly appreciated.