Gábor Pék (CTO, Avatao)
Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) that help you to understand their internal structure, however, most of these tools are not generic enough and do not expose APIs or SDKs. As a result, when automated analysis is required you have to implement your own scripts to parse those binaries. It may bring you some joyful moments in the beginning, but after your third parser, you realize that this is not necessarily the thing you would like to spend your RE hours with.
The solution is a domain-specific language
To resolve these issues a DSL (domain-specific language) called Kaitai Struct was suggested by Mikhail Yakshin. According to the original website “Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
The main idea is that a particular format is described in Kaitai Struct language only once and then can be compiled with a ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file/stream and give access to it in a nice, easy-to-comprehend API.”
webIDE for Kaitai Struct
This sounds really good. To make your life even more easier Tamás Koczka, the ex-captain and one of the key members of the !SpamAndHex CTF team created a WebIDE for Kaitai Struct. In this way, you can generate parsers for all the file formats supported by Kaitai Struct with only a few clicks.
Tamás also prepared some nice challenges on Avatao to help you learn the use of Kaitai WebIDE and also get a quick understanding of different file formats.
Chasing the application security rainbow – Do we run after software bugs instead of finding root causes?
Reading Time: 10 minutes Application security is one of the cornerstones of cybersecurity, and it is critical to defend a successful business operation. To strengthen cybersecurity defenses, businesses have to apply rigorous testing and remediate the issues that were found.
Reading Time: 9 minutes Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.
Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.