Binary Reconnaissance
First-look analysis of any new binary target. Run these checks before deeper analysis.
Checklist
- •File type:
file target - •Security mitigations:
checksec target - •Symbols:
nm targetorreadelf -s target - •Strings:
strings target | grep -i flag\|win\|shell - •Disassembly:
objdump -M intel -d target > target.asm
Checksec Interpretation
| Protection | Enabled | Disabled | Bypass |
|---|---|---|---|
| NX | Can't execute shellcode on stack | Shellcode works | ROP, ret2libc |
| Canary | Stack smash detected | No protection | Leak canary, brute force |
| PIE | Addresses randomized | Fixed addresses | Leak code address |
| RELRO | GOT protected | GOT writable | Can't use GOT overwrite |
Quick Wins to Look For
- •Functions named
win,get_flag,shell,backdoor - •Strings containing
flag,/bin/sh,cat flag - •
system()orexecve()in PLT - •No canary + no PIE = likely simple overflow
Output
Produce context/binary-info.md using the template.