{"version":1,"pages":[{"id":"-LWRAm7TEjkcbh86qGlK","title":"What this gitbook is","pathname":"/breaking-bits","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"-LYxV6T34vs1z_vkRFX3","title":"Reverse Engineering","pathname":"/breaking-bits/vulnerability-discovery/reverse-engineering","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"}]},{"id":"-Lcd7i3gtbT-UBfwUFUM","title":"Modern Vulnerability Research Techniques on Embedded Systems","pathname":"/breaking-bits/vulnerability-discovery/reverse-engineering/modern-approaches-toward-embedded-research","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Reverse Engineering"}]},{"id":"-LYxVIMm7bKuHw7v38WZ","title":"Remote Dynamic Blackbox Java App Analysis","pathname":"/breaking-bits/vulnerability-discovery/reverse-engineering/remote-dynamic-blackbox-java-jar-analysis","siteSpaceId":"sitesp_TDUbH","description":"Java Bytecode Debugging and Dynamic Instrumentation Through Eclipse","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Reverse Engineering"}]},{"id":"-LWRBAvIcwwZ_ZEpqj2T","title":"Emulation","pathname":"/breaking-bits/vulnerability-discovery/emulation","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"}]},{"id":"-LWmw3eWu41m66oHJ42I","title":"QEMU Usermode Tracing","pathname":"/breaking-bits/vulnerability-discovery/emulation/qemu-usermode-tracing","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Emulation"}]},{"id":"-LWbvQbkn6CKE9AdOq4k","title":"Building QEMU on Ubuntu","pathname":"/breaking-bits/vulnerability-discovery/emulation/building-qemu-on-ubuntu","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Emulation"}]},{"id":"-LWRBJIZ6QgxMV_gs125","title":"Fuzzing with AFL","pathname":"/breaking-bits/vulnerability-discovery/fuzzing-with-afl","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"}]},{"id":"-LWRBWvU3qKFd2yli57M","title":"Automated Vulnerability Discovery","pathname":"/breaking-bits/vulnerability-discovery/automated-exploit-development","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"}]},{"id":"-LWTnEXu73MPjlsLgbG5","title":"Buffer Overflows","pathname":"/breaking-bits/vulnerability-discovery/automated-exploit-development/buffer-overflows","siteSpaceId":"sitesp_TDUbH","description":"Using angr to find overflows","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Automated Vulnerability Discovery"}]},{"id":"-LWTyqCmevHIlIj-I1N8","title":"Analyzing Functions","pathname":"/breaking-bits/vulnerability-discovery/automated-exploit-development/analyzing-functions","siteSpaceId":"sitesp_TDUbH","description":"angr to analyze and trace functions","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Automated Vulnerability Discovery"}]},{"id":"GT2YmeRAnPyITYt13E1Z","title":"Automatic Exploit Generation","pathname":"/breaking-bits/vulnerability-discovery/automatic-exploit-generation","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"}]},{"id":"wqfg5hj7LBKCt0rKxZyO","title":"Automatic Rop Chain Generation","pathname":"/breaking-bits/vulnerability-discovery/automatic-exploit-generation/automatic-rop-chain-generation","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Vulnerability Discovery"},{"label":"Automatic Exploit Generation"}]},{"id":"n2IIvzSVpNQ6DLDJB3cc","title":"Battelle Shmoocon 2024","pathname":"/breaking-bits/battelle-shmoocon-2024","siteSpaceId":"sitesp_TDUbH"},{"id":"OWvmcLHFec98WYTvFLl1","title":"Time Jump Planner","pathname":"/breaking-bits/battelle-shmoocon-2024/time-jump-planner","siteSpaceId":"sitesp_TDUbH","description":"No ROP, no SROP, full RELRO, ASLR, DEP, no execve pwn inside of QEMU","breadcrumbs":[{"label":"Battelle Shmoocon 2024"}]},{"id":"fV8ECxiMn8zy4Xd6VHWe","title":"Spaceheros CTF 2022","pathname":"/breaking-bits/spaceheros-ctf-2022","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"bXkcdj66sc8XOeE5Gerw","title":"RE: Shai-Hulud","pathname":"/breaking-bits/spaceheros-ctf-2022/re-shai-hulud","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Spaceheros CTF 2022"}]},{"id":"-M5JAOeTjQajGIt6j-Y9","title":"UMDCTF 2020","pathname":"/breaking-bits/umdctf-2019","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"-M5JA59jYFCzm1461jcX","title":"UMDCTF 2020: Evil Santa's Mysterious Box of Treats","pathname":"/breaking-bits/umdctf-2019/umdctf-2019-evil-santas-mysterious-box-of-treats","siteSpaceId":"sitesp_TDUbH","description":"Patching and Instruction counting towards first blood.","breadcrumbs":[{"label":"UMDCTF 2020"}]},{"id":"2OC3cMsL7R4U2ifOEyv1","title":"UMDCTF 2022","pathname":"/breaking-bits/umdctf-2022","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"yYFWn1jqvhH8eh6yiTbY","title":"Tracestory","pathname":"/breaking-bits/umdctf-2022/tracestory","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"UMDCTF 2022"}]},{"id":"vo6lV0NItcWXY7IGZSGn","title":"Spaceheroes CTF 2023","pathname":"/breaking-bits/spaceheroes-ctf-2023","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"keV9G1mF6FL9oic2ZQPn","title":"Everything-is-wrong","pathname":"/breaking-bits/spaceheroes-ctf-2023/everything-is-wrong","siteSpaceId":"sitesp_TDUbH","description":"Writing a debugger to side-channel out comparisons with RAX values","breadcrumbs":[{"label":"Spaceheroes CTF 2023"}]},{"id":"-MiswoUsq1JhkgAKGfnm","title":"US CyberGames RE-Cruise 4","pathname":"/breaking-bits/us-cybergames-re-cruise-4","siteSpaceId":"sitesp_TDUbH","description":"The wrong way to solve this problem"},{"id":"-MOnhMt27qgtehW9JECV","title":"Interactive Firmware Emulator Usage","pathname":"/breaking-bits/interactive-firmware-emulator-usage","siteSpaceId":"sitesp_TDUbH","description":""},{"id":"-MOntAVfCf_hYXJ1zH6X","title":"Recreating CVE-2015-1187 in the DIR-820L","pathname":"/breaking-bits/recreating-cve-2015-1187-in-the-dir-820l","siteSpaceId":"sitesp_TDUbH","description":"Adding Cat gifs to the DIR-820L using CVE-2015-1187 with the firmware emulator"},{"id":"-Ml6va9ufLm5B_gznn2P","title":"Linux kernel exploit development","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"}]},{"id":"-Ml73m49R7Z8C-JB4YTO","title":"Setup","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/setup","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"-Ml73qeHVkz8MrokGxBL","title":"Interacting with Kernel Modules","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/interacting-with-kernel-modules","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"-Ml73x7WwGgRo2iMhN8G","title":"Kernel stack cookies","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/stack-cookies","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"T1qiTqXUmh0jY2MDUR97","title":"Kernel Address Space Layout Randomization (KALSR)","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/kernel-address-space-layout-randomization-kalsr","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"FH58wl01sGPWBgz9cfsv","title":"Supervisor mode execution protection (SMEP)","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/supervisor-mode-execution-protection-smep","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"0ehNNY8CXxrOUEkYW9Tq","title":"Kernel page table isolation (KPTI)","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/kernel-page-table-isolation-kpti","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]},{"id":"yKwVfiWL1JL8XkKI7fUm","title":"Supervisor Mode Access Prevention (SMAP)","pathname":"/breaking-bits/exploit-development/linux-kernel-exploit-development/supervisor-mode-access-prevention-smap","siteSpaceId":"sitesp_TDUbH","description":"","breadcrumbs":[{"label":"Exploit Development"},{"label":"Linux kernel exploit development"}]}]}