-
Regex Is Too High Level - Equivalent Quantifiers
When talking about regular expression quantifiers like +, ?, *, and {x,y}, I like to logically relate them all to {x,y}. So: a+ is similar to a{1,2147483647} a* is similar to a{0,2147483647} a? is similar to a{0,1} On that last one, when considering the pros and cons between using a? or a{0,1}; this would be a pointless discussion. There not only is no logical difference (at least speaking for perl), there is absolutely no difference what so ever. Continue reading →
-
RE TLDR
I know regular expressions can get kind of heavy; there is complexity to constructing expressions, performance can be a concern, there are different engines (DFA/NFA), etc... But when it comes to just using them to do some simple-to-complex searches, it's not hard...at all! Below is a simple image that doesn't cover all of regex, but covers about 90% of the concepts you'll find yourself using. I find it odd that people need to use websites dedicated to helping them cheat at regex (" Continue reading →
-
Unused 8ball Art
I was originally going to include this image in the HOPE and Defcon talk I did earlier this year when talking about 8ball, but we conservatively decided not to. If you are viewing this blog post at a location that uses an IDS, then the people that review the logs may get an alert or two. Nice that I warn of that now ;). Explanation after the image. If you run strings on the jpg, after sifting through some of the garbage, you'll eventually notice this peculiar string: Continue reading →
-
Assembly Is Too High-Level - Redundant Mnemonics
Out of all things that don't translate 1-to-1 from assembly language to machine code, this may be one the most well known ones. For those that don't know, there are multiple mnemonics in assembly language that can end up translating to identical machine code. Even though I'll start with my discussion with conditionals, these are not the only redundant mnemonics. This post will cover most of the less complicated ones (because there are possibly quite a bit more examples than from just this series of posts). Continue reading →
-
Assembly Is Too High-Level - Branch Hints
While reading through the epic page-turning Intel Manual, I found something interesting in the SSE2 section (chapter 11 of Volume 1): I find little nuggets like this very interesting. What this tells me is that there is a feature that can be used in binary executable code that I am not allowed to explicitly use in Assembly Language (or any higher-level language for that matter). This is not to say that an assembly or compiler wont do this for you when seen fit, but I’m the programmer; if I wanted everything done for me, I wouldn’t be the programmer. Continue reading →
