Spending a lot of time debugging code. Eventually, the pattern recognizer in your brain will pick out the bugs. The term for this is "code smell".
For example, when I'd review C code I'd look at the str???() function use. They are nearly always infested with bugs, usually either neglecting to add a terminator zero or neglecting to add sufficient storage for the terminating zero.
It is crazy that anytime someone works on application layer and wants to manipulate string, which is a very, very common thing to do when writing application, one has to consider \0 which would be an implementation detail.
Programming is the consideration of implementation details. When you manipulate strings in C you consider the terminating nul byte just like when you manipulate strings in Python you consider how its stores codepoints or when you manipulate strings in Swift you think about grapheme clusters. There is no free lunch. (Though, of course, you can get reduced price lunches based on the choices you make!)
I get the feeling these kind of skills are very rare because they fall in the category "understanding and debugging other people code/mess", while most people prefer to build new things (and often struggle to debug their own work).
It takes a lot a passion and dedication to security and reverse engineering to get there.
By reading and keeping up with the published work in browser exploit development, replicating it yourself, and then finding you have a knack for spotting vulnerabilities in C++ code.
Spending a lot of time debugging code. Eventually, the pattern recognizer in your brain will pick out the bugs. The term for this is "code smell".
For example, when I'd review C code I'd look at the str???() function use. They are nearly always infested with bugs, usually either neglecting to add a terminator zero or neglecting to add sufficient storage for the terminating zero.
It is crazy that anytime someone works on application layer and wants to manipulate string, which is a very, very common thing to do when writing application, one has to consider \0 which would be an implementation detail.
How can that language still be so popular?
Programming is the consideration of implementation details. When you manipulate strings in C you consider the terminating nul byte just like when you manipulate strings in Python you consider how its stores codepoints or when you manipulate strings in Swift you think about grapheme clusters. There is no free lunch. (Though, of course, you can get reduced price lunches based on the choices you make!)
3 replies →
The language is just fine. The real question is: Why do people not use a string library that abstracts this away safely?
8 replies →
C was popular because, if one is familiar with assembler, it takes about an hour to become adept at programming in it.
It's also an easy language to write a compiler for. At one point I counted over 30 C compilers available for DOS.
Okay, I want to make a desktop app that runs on Linux. Which language should I use? Java?
5 replies →
Because whatever language you think should be popular instead is running on a mountain of C code, but the reverse isn't true.
2 replies →
Lots of C applications nowadays don’t actually use any of the str functions or null termination.
I get the feeling these kind of skills are very rare because they fall in the category "understanding and debugging other people code/mess", while most people prefer to build new things (and often struggle to debug their own work).
It takes a lot a passion and dedication to security and reverse engineering to get there.
Practice, and having supernatural perseverance (although probably not in that order)
I'd guess the curriculum is half reverse engineering and half reading any write-ups to see the attacks and areas of attack for inspiration
By reading and keeping up with the published work in browser exploit development, replicating it yourself, and then finding you have a knack for spotting vulnerabilities in C++ code.
https://pwn.college/
Read the blogs of the guys creating the bugs.
[flagged]