From: Jason Long <hack3rcon@yahoo.com>
To: Guinevere Larsen <blarsen@redhat.com>,
SCOTT FIELDS via Gdb <gdb@sourceware.org>
Subject: Re: Debugging vs Reverse Engineering
Date: Sun, 24 Sep 2023 18:12:42 +0000 (UTC) [thread overview]
Message-ID: <1700896107.3285250.1695579162353@mail.yahoo.com> (raw)
In-Reply-To: <4e6bdb93-4671-9ee6-5a89-b9ffba797cff@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2354 bytes --]
Hi Larsen,Thank you so much for your reply.Your answer raised other questions in my mind.
What do you mean by "Giving the program unexpected or malicious inputs."? Do you mean Fuzzing?
Please take a look at these vulnerabilities:
https://www.cvedetails.com/cve/CVE-2022-31705/
https://www.cvedetails.com/cve/CVE-2023-32209/
What technique did the person who found these vulnerabilities use? Debugging or Reverse Engineering?
On Sun, Sep 24, 2023 at 4:53 PM, Guinevere Larsen<blarsen@redhat.com> wrote: On 24/09/2023 15:09, Jason Long via Gdb wrote:
> Hello folks,I have two questions:
Hello, thanks for the questions!
> 1- Can a debugger like GDB be used to find the vulnerability?
Yes, you could use GDB to find some security vulnerabilities, though it
is hardly the best tool for this job. The kind of stuff you'd find with
GDB is a logic mistake that leads to information leaks or similar. In my
experience, though, GDB is more useful to look at one unexpected
behavior and figure out if that leads to a security vulnerability or
not, rather than going form scratch and giving the program unexpected or
malicious inputs.
>
> 2- When a hacker finds a vulnerability in a program, has that hacker used debugging techniques or reverse engineering?
Reverse engineering doesn't necessarily have to do with security.
Reverse engineering is the act of getting something that is not
understood and trying to understand it without having access to any kind
of documentation. I don't recommend running unknown binaries in your
machine, since GDB doesn't provide any security, but if you are doing
that, stepping slowly and trying to understand how the program works,
you are doing reverse engineering. It doesn't have to relate at all to
security.
With that in mind, the answer to your question is "it depends". The
stuff you can find with GDB alone will always involve debugging
techinques, but with regards to reverse engineering techniques, the
question is does the vulnerability come in from the fact that the
attacker knows the internal mechanisms for the program or not? If it
does, then yes you could say you found a vulnerability by reverse
engineering.
> Any idea welcomed.
>
> Thank you.
>
I hope this helps!
--
Cheers,
Guinevere Larsen
She/Her/Hers
next prev parent reply other threads:[~2023-09-24 18:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2065504698.3252109.1695560949235.ref@mail.yahoo.com>
2023-09-24 13:09 ` Jason Long
2023-09-24 13:23 ` Guinevere Larsen
2023-09-24 18:12 ` Jason Long [this message]
2023-09-26 13:33 ` Guinevere Larsen
2023-09-27 8:24 ` Jason Long
2023-09-27 8:31 ` Guinevere Larsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1700896107.3285250.1695579162353@mail.yahoo.com \
--to=hack3rcon@yahoo.com \
--cc=blarsen@redhat.com \
--cc=gdb@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).