πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayPlace where polar bears dwell

tag:blogger.com,1999:blog-4941201770868507617.post-1982038578890062895

Its really hard, to try so hard for months and not get the results you want.Β 

I dont know.

When looking at it objectively, the bugs I found in these last few months are many times more impactful then any of the LPEs found in the past. Yet, I feel no sense of achievement, just dread, for not getting the results I set out to get.Β 

In the end. The experience gained is much more valueable I guess. I've only been at Microsoft for 2 years. The things I've learned, I'm able to do things I couldnt possibly have imagined before.Β 

Perhaps I am dissappointed in myself for not achieving the goal I wanted to achieve. But I just need to keep keep going at it, keep growing, because in the end, that is all that matters.Β 

How to get into bug hunting

Required knowledge:

1. Reading code

2. Bug classes

3. DebuggingΒ 

Step one, reading code:

There is a lot of crash courses on c/c++ on youtube.Β 

I suggest binge watching a couple of them first.

Step two, Bug classes:Β 

Bug classes :https://www.youtube.com/watch?v=lbjS2mXyMEQ&list=PLZYVq5u0Eud1jj-8k4vMiAg2PVTUC7ojb&index=3&ab_channel=Nobody

Watch these videos on c/c++ bug classes.

These videos are based of the book "secure coding in c/c++", which I can also recommend.

Assembly crash course:Β https://www.youtube.com/playlist?list=PL038BE01D3BAEFDB0

I would recommend watching the intro to assembly. Just so you know what you're looking at when you see assembly instructions in the debugger. Assembly is very easy and most programs only use a handful of instructions (mostly just moving things from memory to registers, doing operations on them or conditionals and moving them back to memory)

Step three, Debugging:

You can find videos on youtube on how to use windbg.

The main things you need to figure out is:

1. placing breakpoints and break on access (bp and ba)

2. viewing memory (i.e dd <address>)

3. freezing threads to hunt for races (~* and ~<num> f, ~<num> u)

4. Dv command for local vars, and dt for displaying memory as a specific type

5. Callstack (i.e kc)

additionally, learn how to enable page heap in global flags or if in kernel mode, special pools in driver verifier. These are essential when hunting for bugs. You can figure out what these are used for using google.. using google is probably more important then reading code. Get good at using google.

Combining all three to become super 0day bug hunter leet hacker:

It is very important to become very skilled at reading code first.

Do not get into closed source before you become adept in reading code.

For some bug classes, you can get away with only superficial knowledge of reading code.

But for bug classes, such as object lifetime related bugs, you need to have a good understanding -not just 'theoretical understanding'- on how objects are used in real world code. You can only get that by reading a lot of code and looking at a debugger.

There are plenty of open source projects where you can start practicing 'reading code'. Plenty of open source server applications or open source programs where file format parsing happens.Β 

Once you have deep knowledge of c/c++, taking on a closed source program will be so much easier.Β 

The thing that seperates a good reverse engineer from a mediocre one, is the ability to get a picture of what the original code may have looked like, decompilers, which generate pseudo code will help, but if you are not deeply familiar with the original programming language a program was written in, staring at assembly all day is just like shooting yourself in the foot. You may find bugs, but you will find much more by first dedicating time learning to read code to the point it becomes your second language.

The way I would practice reading code is as I described here:Β https://sandboxescaper.blogspot.com/2021/10/the-polar-bear-method.html

1. Find an open source project

2. Find an entry point for attacker controlled input

3. Try to get a breakpoint for that entry point to hit in windbg

4. Modify attacker controlled input to hit different code paths

This is a very engaging way of learning code. You are combining all 3 'pillars' from above, reading code, debugging and knowledge of bug classes.

Closing word

The main thing you need to become aware of, is that, simply the act of reading code, learning more things, is progress. Finding bugs is not an indicator of progress.. and in the first few years it should not be your end goal. Just learn to enjoy reading code and learning more about it.

Finding a bug, especially when starting on a new component, it can take weeks.Β 

Just become proficient at reading code and debugging, you can worry about finding bugs later.

In the end, some code simply does not have the required complexity or large enough code base for there the actually be any bugs. An important skill is to know when to stop an audit of a component and move to another component with more complexity.Β 

I would also recommend strongly against fuzzing unless you first get proficient at these three things. You can find bugs fuzzing without having a deep understanding of your target, for sure.. but again, it is like shooting yourself in your foot and slowing down your progress. To find bugs with fuzzing in hard targets, you need to also have a deep understanding of the component you're fuzzing. And this can only be done by being proficient at reading code and debugging.

If you do not have code, use a program like ida, ghidra or binary ninja to explore a codebase, find an entrypoint for attacker controlled input or interesting code you want to trigger in your debugger. But again, you should only do this after already being proficient at reading c/c++.Β 








tag:blogger.com,1999:blog-4941201770868507617.post-523716679263336381

Β Thinking too much about life.

Being different from other people makes it so hard to make meaningful connections.

Maybe I have just seen too much in life.

I feel dead inside. My emotions only a variant of either sadness or anger.Β 

I guess, I'll just grind out bugs. Keep grinding out bugs.

I dont even know anymore why I find bugs. Maybe it is the only thing I actually know how to do.

I wish I could be excited about being alive, like other people. Some days I want to go to the Arctic, vanish in a raging snow storm, never to be found again. One final mad struggle.

Perhaps the storm is just inside my head.


tag:blogger.com,1999:blog-4941201770868507617.post-4465321735729408487

Β Yea, I want CVEs. So I can look for a different job when the time comes. Because I dont want to go through all the same bullshit I had to go through before.Β 

I dont know. Not happy lately. Tired of the isolation.

tag:blogger.com,1999:blog-4941201770868507617.post-8387473794911841206

Β My parents are visiting Canada. First time I'll see them in 2 years.

I can barely even remember the life I had before moving to Canada.Β 

Part of me is stressed, because I would rather throw myself into work.

It seems like work has been the only thread of sanity left.

I don't know what I want in life.

These last few months I seem to have been thrown into a deep sense of loneliness.

You keep hoping to find that place, where there is not the constant pain.

But perhaps it is my cynical nature, the way I see the world, that just makes me feel like a complete stranger in this world.

Recently, some asshole, threatened one of my homeless friends with violence, my friend is mentally ill and can't help his drunken outbursts. When he was threatening to have his buddies (some tall Bosnian guys) beat him up, I told him "not when I'm around". These threats of violence don't impress me. Fucking primates.

Just the ugliness of this world, I hate it, I absolutely hate it.

I also canceled my trip to BH/Defcon, telling management I'm absolutely refusing to go.Β 

I would probably just end up punching some of these infosec shitheads anyway. Can't stand this industry.

Sometimes I fantasize about becoming a cyber criminal.Β 

It would be satisfying to just burn down this cruel joke of a world.

Perhaps such will be the inevitable conclusion of my life.


tag:blogger.com,1999:blog-4941201770868507617.post-4064992279530239419

Β The only people ive been able to somewhat relate to here has been the homeless. Really just hate everyone else. Fucking parody world and dumb people.

tag:blogger.com,1999:blog-4941201770868507617.post-2721224066707137776

Β And fuck Microsoft. Should have never moved halfway across the world to work there. Guess i was still young and had stupid ideas. Really just hate people with a passion. Just want to see it all fucking burn.

tag:blogger.com,1999:blog-4941201770868507617.post-9033536731514601283

Β I really hope Microsoft hires this @klinix5 kid from Morroco.Β 

I have no problem admitting someone is smarter and more talented then me, unlike others in this industry.

I have taken apart some of his work in windows installer, a component that I know better then most in this industry (I found the first logic bugs in it, years ago) and the things this kid was able to come up with is fucking genius.Β 

Don't make this kid feel like an outsider and face endless rejection for years until he burns out.

I won't ever forgive this industry if you do.

tag:blogger.com,1999:blog-4941201770868507617.post-1333451591483569237

Maybe, its like climbing a mountain.

Climbing a mountain and people telling you you're not supposed to be on the mountain because it shatters their fragile idea of some supposedly order in this world.

Standing ontop of the mountain, looking back at all the angry people stuck, halfway on the mountain cursing all the climbers who dont fit their traditional views of what a climber is supposed to be and look like.

Fuck it, I have other mountains to climb, I exactly know already which direction I want to go in the next few years of my career. I'm done trying to prove people wrong. I dont want to waste my life just cursing at idiots. Have fun being stuck on that mountain, wankers.

tag:blogger.com,1999:blog-4941201770868507617.post-1168493381309722223

You know, with each bug I find, I just get angrier and angrier. All the industry veterans, they made it seems like 'their bugs' were somehow harder to find then the logic bugs I was doing. Yea, sure, its cool to remotely bluescreen a server, but the bugs are easy to find, I have found plenty in recent months, hell, even recent weeks. Memory corruption bugs all follow fairly rigid patterns. Its not hard to find them using only a debugger. This whole fucking field is not hard at all. Smug morrons. For years, I actually believed this shit, that my logic bugs were lame, and it wasnt, they were fun and creative and a good few of them actually required some out of the box thinking.

I dont want anything to do with infosec anymore. Most people in infosec are just a bunch of backpatting losers living off old glory and you can all go fuck yourselves. All you people with all your fancy degrees and backgrounds, thinking your somehow better, well, guess a highschool dropout who literally learned everything from youtube can do all the same things you folks do lol.


tag:blogger.com,1999:blog-4941201770868507617.post-772437184374866045

Not ever sharing stuff with anyone ever again.
If you want to find bugs, just read code non-stop for a year, maybe two years and run it through a debugger. Thats all. That how simple this shit is. But dont tell all the wankers in this industry. They want to believe there is more to it, so they can feel better then everyone else.Β 

I dont give a damn about computer security. Personally, the world can burn for all I care.

Its ironic, back when I was doing the logic bug stuff, everyone downplayed it. I wasnt good enough because I couldnt find memory corruption bugs. You're all fucking dumb. Memory corruption bugs are easy as hell. Atleast with logic bugs, you had to get creative.Β 

I know its because I was an outsider. I guess it threatened all the fucking wankers in this industry. You know, even finding these fucking remote bugs, like in windows TLS, its not that hard, its just persistence.. funny that this noob who wasnt good enough can take down all your stupid servers. I can do it without source code too, its just fucking tracing input in a debugger.

Anyway, selling my stuff now to people who hate the fbi, bye morrons.

tag:blogger.com,1999:blog-4941201770868507617.post-3818101669728424874

Β Really makes you think about human psychology. A tweet by Elon Musk where he makes fun of bill gate's appearance. And getting a million likes. What is he, a fucking 6 year old? It's the same with all these right wing lunatics. All their rhetoric is just, hate, hate, hate. Targeting minorities. Weaponizing bullying under the guise of free speech.

What happened with doing good, believing in integrity, treating everyone as equal. What happened with the noble pursuit of making this world better for everyone.Β 

I'm done, I live in down town Vancouver. I'm not afraid of lunatics and I will never be ashamed of who I am. It's you who are the cowards. Hateful people screaming from behind their keyboards. Fucking losers.

It's queer folks who created the information age and we can take it away again whenever we decide to. Fucking posers.

tag:blogger.com,1999:blog-4941201770868507617.post-7182492911032046139

Β It is funny.Β 

People, they have no clue how easy it is to be disruptive to millions of devices. Fuck, it wouldnt take much for some random person with just enough hate and spite in their heart to find the bugs to take out vast swats of the internet. Computers, they are so unstable, and yet the whole world relies on them. A world, full of cruel shitheads and transphobia. Its all just a fucking parody. Perhaps it should all just burn.

tag:blogger.com,1999:blog-4941201770868507617.post-2623061427286854257

Β Deleted my twitter. Wont reactivate it and will let it get perma deleted. If you see new accounts claiming to be me, its not me.Β 

Infosec can go fuck itself. Want nothing to do with this industry. Industry that made me feel worthless for years. And knowing the things I know today, I know youre all so full of shit.Β 


Retrospect

Having found many types of software bugs now.Β 
I think infosec sucks.

A lot of people in infosec are smug assholes.

I think, for a large part of my career, I was driven mainly to prove them all wrong.

42 CVEs later.. in browser sandboxes, windows LPEs, TLS, IKEv2, Ipsec.. memory corruption bugs, logic bugs.. after 7 years, there is few boxes I have not checked yet, and the ones I havnt is mainly due to a lack of interest. I know this stuff, better then most of the smug assholes.

There are still challenges I want to claim, such as cryptography and side channel attacks. But this time, not to prove people wrong. But for the fun of breaking shit. The reason I started this.Β 

People, they will always find reasons to downplay you, it probably comes from aΒ  place of insecurity. I think I have gotten to an age, where I'm slowly starting to find mental peace. For a long time, I wanted to belong somewhere, find my tribe, fit in somewhere. But honestly, I just want to stay as far away from people as I can. There is a lot about people I dont like. And I'm fine with that. Isolation does not cause distress anymore as it used to. I prefer isolation over the ugliness and cruelty of people.

Its important to get rid of the noise from people. Find mental peace. Pursue the things you like.

I really cant play the social media game anymore. I dont feel like I connect with this industry. My teamlead really wants to go to BH/Defcon this summer.. but I really do not. I dont know a single person in this industry, and after 7 years of being in this industry, neither do I want to. Fuck, I dont ever care about the talks. I dont need inspiration.. I got enough ideas in my head to keep me occupied for a lifetime.Β 

I literally feel more of a connection with the homeless folks here. They are much more sincere then infosec people.




tag:blogger.com,1999:blog-4941201770868507617.post-5555727023312363267

Β Most of my friends, are homeless people in Vancouver.

I like them more then infosec or Microsoft people.Β 

I really dislike people in general.

Especially here in Vancouver, most people here are of the posh rich type, who believe themselves better then everyone else.Β 

Reminds me too much of infosec, or the folks here at Microsoft who graduated from all the fancy schools.Β 

I like honest people.Β 

Honesty seems to be a trait more often found among the homeless.


❌