 Hey everyone, welcome back to another episode of John talks. I guess, I don't know. How's it going everybody? Thanks for tuning in. I have been going through my OSED course or the offensive security exploit developer. I think it's their EXP tech 301 course. So like Windows user mode, exploit development from offensive security. And I'm just getting started in it, right? So I have OSCE, kind of the old school original, original gangster OG, the vintage OSCE that was like back with a backtrack VM that came with the course. It was kind of old school, right? And now offensive security has updated it for OSED, which is their new premier cool course that they've come out with for the trio of OSCE three, OSCE three, right? The Holy Trinity, where you have OSWE for web exploitation over here. You've got OSEP for experience penetration tester. And now OSED, which is exploit developer that kind of has the more binary exploitation, reverse engineering flair that the original OSCE without a subscript actually had. So, or superscript in that case. So I'm going through OSED and I'm just getting into like right now, right now it's just review. Right now it's just been using a classic stack based buffer overflow, which I've showcased before and you see actually a video for that. My, I think going through it with VulnHub, I think the Trun command, right? So you can check out a video on that if you're interested in that sort of thing. And now I'm getting into the structured exception handler portion. Different so far with OSED is that it is doing all this with WinDebug, WINDBG, WinDebug, the Windows debugger. Which is awesome and super cool and new. Like I haven't actually gone ahead and used that before other than like a fragment portion of OSEP where we're looking at how AMSI, the anti-malware scan interface actually goes ahead and works. So that is something new for me. And you know, you know me. Like I get in my head and I start thinking like, man, wouldn't it be super cool to automate some of this? Like the whole point, eventually, like right now in the course we're looking through these kind of cookie cutter example challenges, these proof of concepts that we can work through. But when it comes to show time, when it comes to the exam, I have a feeling and this is not speaking by any means for or in case of the exam. But eventually you're gonna get to the point where you don't have the training wheels on anymore. You're not, no one's holding your hand. So how do we go ahead and look for vulnerabilities and then try to determine if we can exploit them smartly when it's something that's completely new that's facing you in the realm of binary exploitation or even the realm of anything. I guess I'm using binary exploitation as the vehicle for this conversation. But it talks about like, look, if you've got a program in front of you, you've got a binary in front of you, then it's typically the way you can find vulnerabilities is by source code auditing, right? One thing or fuzzing, right? Or actually looking at someone else's exploit code, which I guess doesn't really count. I wouldn't consider that. There's two in my mind and maybe I'm wrong, but fuzzing takes some automation, it does to be able to look for, hey, what inputs and what order in what way can follow down whatever code path and get a crash. And does this crash have anything special about it? Do I have control? Is my input of all A's or other nonsense actually reflected into those registers or do I have immediate control over EIP or RIP or the instruction pointer to decide where the program goes next? Right, so that is definitely in need of some computer programming and smart way to test this binary against a lot of different cases, a lot of different input. That's fuzzing. Even when it comes to doing exploitation, like whether or not you're crafting something that is a classic stack-based overflow or you're using structured exception handler or you know you're going to need an egg hunter or you need to determine the bad characters in your shell code, you're going to end up bypassing ASLR, depth, control flow guard, whatever, whatever, whatever, whatever. Wouldn't it be neat if there was something that was smart about that? Like what if it wouldn't be so cool if you could just hand a program a binary and say, yo dude, exploit this, do something with it, figure out everything that you can tell me immediately. Automated pining, right? So if there's a tool that exists out there like that, let me know, please, I wanna learn. I'm here to learn, that's kind of what I showcase what I'm doing and it can help benefit everyone if you're doing that thing. But I was looking through, I was Googling, I was doing some research and I was looking at this PiDK, I think. I literally straight up Googled on Twitter. I Googled to Twitter to look for a tweet because I remember I saw someone who shared something some time ago of like this super cool workspace in Windybug that would make it look a little bit more like immunity debugger or oligodbugger where it shows you the stack and it shows you the disassembly and it shows you the registers and it shows you the command and it shows you all these different things in a better display than just a flat classic vanilla Windybug output and it's default workspace. And I stumbled across, like while I was searching through that, a Twitter account for Windybugger tips, which is cool, so I followed that and I was looking at PiDK, that actually popped up. It's Python and it's API bindings for Windybug. And I started to like get the gears turned in my mind to be like, oh, maybe this isn't impossible because there are so many libraries, there are so many APIs, there are so many modules that you can do so much by trying to automate something that you want to. And you get exposure, I think, to different, like I'm saying this all in advance so take it with a grain of salt or whatever. But I think like the same way you automate GDB or the GNU debugger, if you're writing a script to solve a capitalist flag challenge in the Pwn category or the Diviner Exploitation where you have Pwn tools set up in your Python script that can hook into GDB and can automate its own interaction with the debugger to find out more information or leak new things, maybe something that's only displayed or registered through certain amounts of time throughout the binary. Just, I don't know, cool stuff that I had in my mind. And I was thinking like, man, maybe we could do something that we have a general purpose, general case of looking at a binary and then, hey, what protections are in this thing in the case of a Windows binary? What are those DLL characteristics that are set in different modules or what code caves are accessible to me? Having that in its own utility, I think it would be super cool. And I got to thinking, you know, I'm having all these dumbo thoughts. I go back to the conversation a lot of times about like manual analysis and automated analysis. Look, you have to have both. When I went to SANS, when I went to go take a SANS course, I think back in like 2015, I was taking the SANS 560, the ethical hacking and network penetration testing course and Ed Skotis was my teacher. And I love that guy. That was like, I don't know. It was just such a cool experience being at SANS, being with all these smart people and hanging out after hours to work through networks or do the cyber city or whatever else was going on. It was just nerd camp and I loved it. I remember something that Ed said during that course where he said, manual is a must. Like manual investigation, manual analysis is absolutely necessary. You need it. But automation is divine. So Kudos and quote credit to Ed or wherever he got that, I don't know. But if you can get to tinkering, if you can play around with the libraries and the modules that let you automate something, then do it. Even if you don't build anything out of it, just see like what you can do. So you know, like I still wanna dive into PiDK and figure out what can I actually do to get the wheels moving for wind debug. So I don't have to do it all every time as I'm facing new challenges, whether it's exam time, whether it's show time, whether it's something later on in real life, weaponizing it a little bit more into a script and building up my own tools to do those things. I think there is insane value in that. So that's my pitch. That was this video chatting and talking about automating stuff versus manual analysis. Automation wins every time, especially in the realm of like security or especially when you're doing capture the flag or you're trying to build out your own toolkit. Yes, you do need to poke through it and explore kind of with your own eyes, right? But having something to supplement that, having automation in your back pocket is something that you really gotta do. So whether it's whatever language you like, whether if you're in Python, whether you're in Ruby, you're like, go, I don't care. Any language that you find that tickles your fancy, just see what it can do in what you do in your day-to-day life or whatever you have in front of you, whether it's a task, whether it's exam, whether it's something you're studying for, because we're all studying, we're all trying to learn. Take it one step further and automate it or just see what you can do. All right, cool. That was enough conversing, right? Now let's get to the fun stuff. Let's get to some memes, everybody. I think maybe I can reserve some time at the very end of these videos to go back to our roots and goof off a little bit. Here I am in my JH memes channel in the Discord server. Link in the description. If you're interested, you wanna come hang out. It is a community Discord and we created this channel for community memes where you can make fun of me. It's fun, we have a good time. Void Update, we love him so much. He shared this picture of the Hog ransomware or the Hog Stealer thing from the Discord malware video and he photoshopped my old profile picture onto the pig. Hog Hammond. I have so many good ones that came from that. A lot of fun. I like this, MTO sent a really, really good one. This is a little Jurassic thing where I have my classic Hey, please sub. And then it's like, yeah, okay, help. So that's a good win for me. I like that one a lot. I like, yo, this is hilarious. Ooh. The Jonas girlfriend memes always seemed to like perfectly depict me. Like I'm always looking at the next shiny new thing over there. Oh, there was one stream, there was one live stream we did. We were like, dude, let's go through crypto pals. Let's go through Madison on crypto pals and look through these crypto challenges. Now I'm bad at most everything, especially cryptography stuff, at least like higher end cryptography, I still have a lot to learn in there. So remember like during the stream, we're like, nope, no more. We're not gonna do crypto pals anymore. Let's go install Arch Linux. Good right turn on that. The classic Hamhands. This got shared during Nomcon, this got shared during Nomcon CTF 2021. And I like my best, my favorite part about this is the horrifically like awful, whoever Photoshop or GIMP skills that have like this residue from whoever I am in my picture there. And the Hamhands. Ping everyone, after all, why not? Why shouldn't I ping them all? This is me every time I upload a video. Like every time I upload a Discord video or I upload a video on YouTube that I think is like genuinely decent, like tech, technical, I will send it everyone ping in Discord. Even those are, there's an announcements rule. They designed this so that I wouldn't do that. But I did it anyway. And I can promote the ping to like all the other servers that follow this one. So I'm like screaming, come check out my video guys. Shameless plug, guerrilla marketing. And the feedback form meme, whenever we host a capture the flag competition, like between Nomcon, Versetcon, Grimcon, B-Size, Activitycon. There's so many that we've done now and hopefully more. Hit us up, hit me up. Hit me up if you want to CTF. The feedback form is the most valuable thing because that's how I know what to improve. That's how I know what you guys liked, what you guys didn't like. So I'm always screaming about the feedback form. Adele to Dell, that's clever. I don't know. I think I tweeted that out at some point because I used to, and I maybe might do in the future and I would just tweet occasional cybersecurity stuff. And a lot of them were memes and I was like, that's, I don't know, you can only get so much quality. You can only get so much content out of memes. I don't know why I tack this on to these videos, but there's me having a little family-friendly fun. F, F, F, family-friendly fun right there. That's the old apartment. That's when I was living with Caleb and Julian with the boys. It was the hacker household. You can see the sticker wall in the background though. He's still alive and well. Sticker wall is kind of behind me as you see, but it's a lot of fun, so. So hey, that's it. That was this video. Thank you so much for hanging out with us. Maybe that was a decent conversation to get your wheels turning, get you thinking about something. But if you aren't studying OSED, Offensive Security Exploited Developer, or whatever course you are studying, maybe it's worth a try. Seeing what you can do, seeing what you can whip up. And if anyone has any other incredible cool tools they wanna let me know about, let me know. Interacts, Engage. Please do those YouTube algorithm things. I'd love to see if you could like the video. If you could leave a comment, that'd be great. And subscribe. Smash that bell. Like obliterate the bell. Literally, literally, I'm, you know, death. Murder.