WEBVTT

00:07.370 --> 00:13.220
Debuggers are a tool in cybersecurity for software development, and they provide a way to analyze and

00:13.220 --> 00:15.890
understand the internal workings of a program.

00:15.920 --> 00:22.340
What this means is we're identifying different bugs or analyzing crashes to investigate security vulnerabilities

00:22.340 --> 00:23.600
within our programs.

00:23.630 --> 00:30.980
This allows us to go through and identify and understand why exactly a program is acting the way it

00:30.980 --> 00:31.580
does.

00:31.580 --> 00:36.920
If you've ever played a video game or had a program that you've utilized on a day to day basis suddenly

00:36.920 --> 00:42.710
crash or provide you with an error code, you'll be kind of like, ah, that sucks, and you move on

00:42.710 --> 00:43.520
with your life.

00:43.520 --> 00:49.010
But as a software developer or as from a security perspective, you need to understand that those errors

00:49.010 --> 00:54.800
and those crashes pose a significant risk to our overall system and those vulnerabilities that it creates,

00:54.800 --> 01:02.420
or those injection of error codes allow for attackers to understand and exfiltrate different aspects

01:02.420 --> 01:03.140
of the code.

01:03.140 --> 01:08.030
This can lead for them to understand the different vulnerabilities and then the flaws within the program,

01:08.030 --> 01:11.810
which then could allow them to attack or exploit those vulnerabilities.

01:11.810 --> 01:15.230
Making a debugging an essential part of cybersecurity.

01:15.230 --> 01:20.490
The first debugger I want to talk about is Immunity and is designed for the security industry, which

01:20.520 --> 01:23.970
allows a dynamic code analysis of the different applications.

01:24.000 --> 01:27.690
Now we've talked about dynamic code analysis versus static code analysis.

01:27.720 --> 01:33.480
And if you can't remember, dynamic code analysis is letting the program run and then identifying or

01:33.480 --> 01:36.510
tracking what it does while it goes through the program.

01:36.510 --> 01:43.200
The same aspect is within dynamic debuggers is they let the code run, and we can identify vulnerabilities

01:43.200 --> 01:47.130
to better understand the potential exploitations that an attacker may utilize.

01:47.130 --> 01:53.730
Immunity is known for tracking and identifying the different manipulation factors within the registrars

01:53.730 --> 01:58.800
the memory, the stock frames, and it enables an in-depth exploration of the application's internal

01:58.800 --> 01:59.490
workings.

01:59.490 --> 02:05.340
What this means is, is that it can look at the registers or the stack and identify, hey, is this

02:05.340 --> 02:07.440
program doing what it's supposed to be doing?

02:07.440 --> 02:13.020
And when it crashes, is it providing a vulnerability for someone to take advantage of the program itself?

02:13.020 --> 02:17.520
This can lead to vulnerabilities within the password or the encryption keys.

02:17.580 --> 02:22.470
And what we're really doing is we're looking for what is the programming do when it bugs out, does

02:22.470 --> 02:23.910
it form properly?

02:23.910 --> 02:27.720
If it does crash, is it handling that crash properly?

02:27.720 --> 02:31.740
If it's not, that can open up problems for the for the program as a whole.

02:31.740 --> 02:38.370
And immunity debugger works to identify those specific problems within the within the program.

02:38.370 --> 02:42.990
So what that means is, is that it's looking for the different bugs within the program or the different

02:42.990 --> 02:43.830
vulnerabilities.

02:43.830 --> 02:47.220
And when it detects the error, is it handling that error correctly.

02:47.220 --> 02:52.440
The next code we want to talk about or the next program I want to talk about is GNU debugger or GDB.

02:52.560 --> 02:59.250
This open source tool is utilized for, again, dynamic analysis and allows for the setting of breakpoints

02:59.250 --> 03:02.760
or to closely scrutinize the program execution that goes through.

03:02.790 --> 03:07.680
It provides a step by step process of going through the code, monitoring memory changes, and inspecting

03:07.680 --> 03:08.820
the register values.

03:08.820 --> 03:14.010
This allows you, as the analyst, to uncover potential software vulnerabilities, and it does memory

03:14.010 --> 03:19.950
inspection capabilities, particularly with valuable, uh, memory corruption, and it identifies other

03:19.950 --> 03:21.000
security risks.

03:21.030 --> 03:27.570
GDB is really kind of instrumental for us as security analysts to identify specific crashes and why

03:27.570 --> 03:30.000
it's crashing, what's happening with the memory?

03:30.000 --> 03:33.450
If it is a memory issue, how can we fix that issue?

03:33.450 --> 03:38.760
And it really kind of provides a different layer or a different kind of debugging methodology.

03:38.790 --> 03:42.690
Even though they're both dynamic, they search for different aspects of the code.

03:42.690 --> 03:48.720
This type of debugger is usually used to identify specific memory traits.

03:48.750 --> 03:52.290
And again, it's a dynamic code analysis.