binary-analysis
Binary Analysis Skill
Quick Workflow
Progress:
- [ ] Run checksec (identify protections)
- [ ] Identify binary type and dangerous functions
- [ ] Find vulnerability (BOF/format string/heap)
- [ ] Calculate offsets
- [ ] Develop exploit with pwntools
- [ ] Test locally, then remote
Quick Analysis Pipeline
# 1. File identification
file <binary>
# 2. Security features
checksec --file=<binary>
# 3. Interesting strings
strings <binary> | grep -iE "flag|ctf|password|correct|wrong|win|shell|secret"
# 4. Function symbols
nm <binary> 2>/dev/null | grep -E " T | t " | head -20
# 5. Dangerous functions
objdump -d <binary> 2>/dev/null | grep -E "gets|strcpy|sprintf|scanf|system|exec"
# 6. Auto vulnerability scan
cwe_checker <binary>
Reference Files
| Topic | Reference |
|---|---|
| Protections & Vuln Detection | reference/protections.md |
| Exploitation Templates | reference/exploits.md |
| Advanced Tools | reference/tools.md |
Quick Commands
# Generate cyclic pattern
python3 -c "from pwn import *; print(cyclic(200))"
# Find offset
python3 -c "from pwn import *; print(cyclic_find(0x61616167))"
# Find ROP gadgets
ROPgadget --binary <binary> | grep "pop rdi"
# Find one_gadget
one_gadget <libc>
Tools Summary
| Tool | Purpose |
|---|---|
| checksec | Check binary protections |
| pwntools | Exploit development |
| ROPgadget | Find ROP gadgets |
| one_gadget | Find libc one-shot gadgets |
| cwe_checker | Auto vuln detection |
| qira | Runtime analysis |
| Triton | Symbolic execution |
More from kiwamizamurai/cctf
web-security
Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge.
30mobile-security
Reverses and exploits mobile applications. Use when working with Android APK files, iOS IPA files, mobile app reversing, Frida hooking, or app security analysis challenges.
28osint
Gathers intelligence from public sources. Use when searching for usernames, geolocating images, investigating social media, analyzing domains, or solving information gathering challenges.
19pyjail
Escapes Python sandbox restrictions. Use when working with restricted Python eval/exec environments, sandbox escapes, filtered input challenges, or Python jail challenges.
9networking
Analyzes network traffic and exploits protocols. Use when working with PCAP files, Wireshark captures, packet analysis, protocol exploitation, traffic forensics, or data exfiltration detection.
7crypto-analysis
Breaks cryptographic systems and decrypts ciphertext. Use when working with RSA, AES, XOR, classical ciphers, hash functions, or when challenge involves encryption, decryption, keys, or mathematical crypto attacks.
7