While I have no aspirations to be a pentester by trade, I do have an interest in learning assembler programming to a competent level. I learned somewhat basic assembler programming in the ’90s but never really used it outside of writing viruses… and have forgotten most of that knowledge.
So, I looked for courses that would offer this training online and found Pentester Academy. Their target audience is folks looking to get in or already in the pentesting field, but the content is available for anyone. I feel I can get a lot of value from the courses. There are a few I find interesting.
- x86 Assembly Language and Shellcoding on Linux
- x86_64 Assembly Language and Shellcoding on Linux
- GNU Debugger Megaprimer
- ARM Assembly
The courses are obviously not targeted at NetBSD, but I think that I could figure out how to target NetBSD once I understand the basics of how things are done. As in other things I’ve learned, I assume that once I know how to do something one way, I can better figure out how to do it in another way. I’ll know the right questions to ask!
My goal is to learn enough about assembler, shellcode, and memory exploitation to find and fix bugs in NetBSD relating to those subjects. Maybe other platforms, too, who knows… but baby steps first. I need to learn fundamental knowledge, put it in practice, and get tested on it via labs, etc. Then I feel I’ll have enough knowledge to talk to folks that actually know this stuff, and they can point in the right directions.
I have no desire to break things for the joy of breaking things. I simply want to learn how the pieces unknown to me work, what issues may exist, and then fix them.
I was looking into shell code and how to generate it, and found Jonathan Salwan‘s shellcode archive which then points to “An introduction to the Return Oriented Programming and ROP chain generation” PDF file which also points to alternate methods to ROP (JOP, SOP, BROP, SROP).
I have so much to learn but looks like this is more real-world oriented for exploiting in the current environment of advanced protections kernels have. I’m interested in seeing how to leverage this knowledge against the NetBSD kernel.