As someone who worked in the problem space for close to a decade by now (proof to the fact), the dreary reality is still ’does it (cortesi*, volatility, cantor dust, .bindump..) tell you anything more than actual skills with (ghidra/ida/binary ninja/…) or basic binwalk mining? Nope, nothing, zip, zilch, nada. You get further in a few seconds of domain targeted tracing. There is >something< missing in the intersection here.
They do ‘look cute’ - in the sense of “oh I can see them patterns”. Then what? what can you do with them? how is it operationalizable other than a cross-stiched quilt for the wall to tell grand-children of hacking prowess? Is there any semblance of explanatory power that these visualizations bring? It is a challenge to even find ANY CTF like writeup where this kind of knowledge got the upper hand over what hacker intuition reached with pwntools or gdb.
The major disassembler/RE tools have something like it embedded for quite a while, typically coloured with data from automated analysis (and no longer being the data-agnostic approach like in the article). Look at screenshots from Binary Ninja “feature map”, cantor::dust plugin to Ghidra, Hopper and so on.
As someone who worked in the problem space for close to a decade by now (proof to the fact), the dreary reality is still ’does it (cortesi*, volatility, cantor dust, .bindump..) tell you anything more than actual skills with (ghidra/ida/binary ninja/…) or basic binwalk mining? Nope, nothing, zip, zilch, nada. You get further in a few seconds of domain targeted tracing. There is >something< missing in the intersection here.
They do ‘look cute’ - in the sense of “oh I can see them patterns”. Then what? what can you do with them? how is it operationalizable other than a cross-stiched quilt for the wall to tell grand-children of hacking prowess? Is there any semblance of explanatory power that these visualizations bring? It is a challenge to even find ANY CTF like writeup where this kind of knowledge got the upper hand over what hacker intuition reached with pwntools or gdb.
Couldn’t it just simply be a minimap scrollbar? Like Sublime/Atom/VSCode have.
The major disassembler/RE tools have something like it embedded for quite a while, typically coloured with data from automated analysis (and no longer being the data-agnostic approach like in the article). Look at screenshots from Binary Ninja “feature map”, cantor::dust plugin to Ghidra, Hopper and so on.