0% found this document useful (0 votes)

123 views

Getting Started With Reverse Engineering: Dr. Josh Stroschein

This document provides an introduction to reverse engineering native code. It discusses the reverse engineering process, including common tools like disassemblers and debuggers. It covers static and dynamic analysis techniques. It also discusses instruction set architectures, like x86, and how reverse engineers use a combination of static and dynamic analysis in a workflow to understand unknown binary files. Finally, it notes that malware authors may use obfuscation techniques to make reverse engineering harder.

Uploaded by

phoetest01

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

123 views

Getting Started With Reverse Engineering: Dr. Josh Stroschein

Uploaded by

phoetest01

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 17

Getting Started with Reverse

Engineering

Dr. Josh Stroschein

MALWARE ANALYST AND SECURITY RESEARCHER

@jstrosch 0xevilc0de.com
Introduction to the course
Course
Overview Assembly basics
Working with native code
Using debuggers
Practical assembly
Reverse engineering
Conclusion
Why Learn to Reverse Engineer?
It’s Not All 1s and 0s

Career opportunities Necessary for some Deeper understanding

careers into how things work

Technically Defend your assets Adversarial thinking

challenging
Career Paths

Incident Malware Penetration Vulnerability Software

Responder Analyst Tester Research Developer
Module Introduction
Introduction

Overview The reverse engineering process

- Tools and Concepts
- Instruction set architectures
- Static versus dynamic analysis
- Workflow
- Native code obfuscation

Conclusion
The Reverse Engineering Process
This Course Will Focus On…

native code and not interpreted languages

a Windows environment

essential tools for becoming an effective reverse engineer

Tools and Concepts

Assembly language CPU architecture Static analysis

The core of reversing Registers, virtual IDA Pro, hex editors &
native code memory and more binary parsing tools

Dynamic analysis Methodology

WinDbg and tracing How to apply these
programs tools to find answers
Instruction Set Architectures (ISA)

Abstract model of a computer

Examples include Intel x86
– defines what is needed to
program it and x86-64, ARM and AMD

This course will focus on Intel Concepts will overlap with

x86 & x86-64 other architectures
Static analysis
- Involves analyzing a program and its
code without execution
- Activities go from looking at strings to
digging in with a disassembler

Static vs.
Dynamic analysis
Dynamic - Involves analyzing the program during
Analysis execution
- Process monitors, debuggers, network
captures

A combination approach can be very

effective
A Reversing Workflow
Unknown
binary file

Look for next

Basic analysis
sample

Reporting and Advanced

documentation analysis
Native Code Obfuscation

Authors will attempt to make their code difficult to analyze –

whether for malicious or non-malicious purposes

Anti-analysis techniques can also be employed to slow down your

ability to reverse engineer software

Native code obfuscation can be difficult to detect, given enough time

and effort it’s not impossible though
Examples of Code Obfuscation

Interpreted Code (JavaScript) Native code

Conclusion
Introduction

Summary The reverse engineering process

- Tools and Concepts
- Instruction set architectures
- Static versus dynamic analysis
- Workflow
- Native code obfuscation

Conclusion

Password Manager Report
83% (12)
Password Manager Report
67 pages
x86 Software Reverse-Engine - (Z-Library)
100% (1)
x86 Software Reverse-Engine - (Z-Library)
402 pages
Software Architecture Fundamentals: A Study Guide for the Certified Professional for Software Architecture® – Foundation Level – iSAQB compliant
From Everand
Software Architecture Fundamentals: A Study Guide for the Certified Professional for Software Architecture® – Foundation Level – iSAQB compliant
Mahbouba Gharbi
5/5 (2)
Sap PP User Manual
89% (9)
Sap PP User Manual
152 pages
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
From Everand
Exploring Hadoop Ecosystem (Volume 2): Stream Processing
Wei Liu
No ratings yet
Software RE RevII
No ratings yet
Software RE RevII
47 pages
Intro To Reverse Engineering - No Assembly Required
100% (1)
Intro To Reverse Engineering - No Assembly Required
19 pages
Part 1
No ratings yet
Part 1
4 pages
Reverse Engineering 101
100% (3)
Reverse Engineering 101
109 pages
04 Reversing Tools
No ratings yet
04 Reversing Tools
22 pages
Reverse Engineering For Everyone! 1st Edition Mytechnotalent instant download
100% (2)
Reverse Engineering For Everyone! 1st Edition Mytechnotalent instant download
44 pages
Reverse Engineering For Everyone! 1st Edition Mytechnotalent - Download the ebook today and own the complete content
100% (4)
Reverse Engineering For Everyone! 1st Edition Mytechnotalent - Download the ebook today and own the complete content
67 pages
(03 - 2013) - Reverse Engineering Tutorials
100% (2)
(03 - 2013) - Reverse Engineering Tutorials
60 pages
Reverse Engineering For Everyone! 1st Edition Mytechnotalent all chapter instant download
100% (2)
Reverse Engineering For Everyone! 1st Edition Mytechnotalent all chapter instant download
40 pages
(Ebook) x86 Software Reverse-Engineering, Cracking, and Counter-Measures by Stephanie Domas, Christopher Domas ISBN 9781394199891, 1394199899 - The latest ebook is available, download it today
100% (2)
(Ebook) x86 Software Reverse-Engineering, Cracking, and Counter-Measures by Stephanie Domas, Christopher Domas ISBN 9781394199891, 1394199899 - The latest ebook is available, download it today
56 pages
Malware Analysis Series Article 1 1638935075
No ratings yet
Malware Analysis Series Article 1 1638935075
36 pages
How To Write Malware and Learn How To Fight It!
No ratings yet
How To Write Malware and Learn How To Fight It!
40 pages
Software Architecture with Python
From Everand
Software Architecture with Python
Anand Balachandran Pillai
3/5 (1)
Software Cracking and Patching
100% (3)
Software Cracking and Patching
19 pages
Malware Analysis Fundamentals Workshop
No ratings yet
Malware Analysis Fundamentals Workshop
13 pages
Introduction To Reverse Engineering: Inbar Raz Malware Research Lab Manager
No ratings yet
Introduction To Reverse Engineering: Inbar Raz Malware Research Lab Manager
51 pages
Pyemu: A Multi-Purpose Scriptable Ia-32 Emulator: Cody Pierce
No ratings yet
Pyemu: A Multi-Purpose Scriptable Ia-32 Emulator: Cody Pierce
38 pages
Ida Pro Tutorial
100% (1)
Ida Pro Tutorial
18 pages
133853
No ratings yet
133853
54 pages
Chapter 31
No ratings yet
Chapter 31
39 pages
Reverse Engineering Malware Analysis
No ratings yet
Reverse Engineering Malware Analysis
1 page
Mastering the Craft: Unleashing the Art of Software Engineering
From Everand
Mastering the Craft: Unleashing the Art of Software Engineering
Kiran Nagesh
No ratings yet
Reverse Engineering Malware: Hassen Saidi
No ratings yet
Reverse Engineering Malware: Hassen Saidi
67 pages
Cours3-Malware Analysis and Reverse Engineeringv2 en
No ratings yet
Cours3-Malware Analysis and Reverse Engineeringv2 en
14 pages
Practical Malware Analysis: CH 4: A Crash Course in x86 Disassembly
No ratings yet
Practical Malware Analysis: CH 4: A Crash Course in x86 Disassembly
50 pages
Cc6003ni WK04 T 94536
No ratings yet
Cc6003ni WK04 T 94536
3 pages
Software Engineering New Approach (Traditional and Agile Methodologies)
From Everand
Software Engineering New Approach (Traditional and Agile Methodologies)
Ramisetty Rajeswara Rao
No ratings yet
SREN-410-Lecture-Notes-1
No ratings yet
SREN-410-Lecture-Notes-1
29 pages
Chap-3 (Malware Analysis) (Sem-5)
No ratings yet
Chap-3 (Malware Analysis) (Sem-5)
22 pages
Rev Eng Mal
No ratings yet
Rev Eng Mal
35 pages
Software Reverse Engineering Education
No ratings yet
Software Reverse Engineering Education
122 pages
Reverse Engineering
No ratings yet
Reverse Engineering
24 pages
Reverse Engineering:An Exploration
No ratings yet
Reverse Engineering:An Exploration
7 pages
Dumping Code For Spying and Windows Tools
No ratings yet
Dumping Code For Spying and Windows Tools
13 pages
Disassembly using IDA Unit 3
No ratings yet
Disassembly using IDA Unit 3
4 pages
Software Reverse Engineering and Computer Science Technique For Software Development Presentation
No ratings yet
Software Reverse Engineering and Computer Science Technique For Software Development Presentation
28 pages
Reverse Engineering Professional: The Most Practical and Comprehensive Training Course On Reverse Engineering
No ratings yet
Reverse Engineering Professional: The Most Practical and Comprehensive Training Course On Reverse Engineering
15 pages
CH 5
No ratings yet
CH 5
55 pages
Code Analysis Focuses On The Specimen's Assembly Instructions
No ratings yet
Code Analysis Focuses On The Specimen's Assembly Instructions
25 pages
Reverse Engineering Malware For Newbies: A Guide For Those of You Who Want To Break Into The Fun World of Malware
No ratings yet
Reverse Engineering Malware For Newbies: A Guide For Those of You Who Want To Break Into The Fun World of Malware
35 pages
Hakin9 TBO 04 2013
No ratings yet
Hakin9 TBO 04 2013
121 pages
03 Behavioral 2023-24
No ratings yet
03 Behavioral 2023-24
86 pages
Reverse Engineering Roadmap
No ratings yet
Reverse Engineering Roadmap
7 pages
Reverse Engineering For Everyone!
No ratings yet
Reverse Engineering For Everyone!
197 pages
Disassembly Using IDA (2)
No ratings yet
Disassembly Using IDA (2)
24 pages
Reverse engineering
No ratings yet
Reverse engineering
5 pages
8-Reversing With Ida Pro From Scratch PDF
No ratings yet
8-Reversing With Ida Pro From Scratch PDF
17 pages
RE Article
No ratings yet
RE Article
12 pages
Behavioral Analysis of Obfuscated Code
No ratings yet
Behavioral Analysis of Obfuscated Code
63 pages
Reverse Engineering
No ratings yet
Reverse Engineering
58 pages
Chapter 6 Reverse Engineering Android Applications
No ratings yet
Chapter 6 Reverse Engineering Android Applications
15 pages
Introduction To Software Reverse Engineering With Ghidra Session 1
No ratings yet
Introduction To Software Reverse Engineering With Ghidra Session 1
58 pages
Getting Started With Reverse Engineering Using Ghidra - Chiheb Chebbi
100% (2)
Getting Started With Reverse Engineering Using Ghidra - Chiheb Chebbi
20 pages
Algorithms Made Simple: Understanding the Building Blocks of Software
From Everand
Algorithms Made Simple: Understanding the Building Blocks of Software
William E. Clark
No ratings yet
Quist 2009
No ratings yet
Quist 2009
6 pages
CH 0x07 Disassembling & Decompilation
No ratings yet
CH 0x07 Disassembling & Decompilation
34 pages
Foundations of ARM64 Linux Debugging, Disassembling, and Reversing (Dmitry Vostokov) (Z-Library)
No ratings yet
Foundations of ARM64 Linux Debugging, Disassembling, and Reversing (Dmitry Vostokov) (Z-Library)
170 pages
EVOline BackFlip Installation Instructions PDF
No ratings yet
EVOline BackFlip Installation Instructions PDF
7 pages
IRJET IoT Based Water Quality Monitoring
No ratings yet
IRJET IoT Based Water Quality Monitoring
5 pages
WLC With Ap
No ratings yet
WLC With Ap
9 pages
Hands-On Lab: Create Tables and Load Data in Postgresql Using Pgadmin
No ratings yet
Hands-On Lab: Create Tables and Load Data in Postgresql Using Pgadmin
25 pages
30 SAP SD Interview Questions For Beginners
No ratings yet
30 SAP SD Interview Questions For Beginners
12 pages
The Adobe Photoshop Manual - 2017 PDF
No ratings yet
The Adobe Photoshop Manual - 2017 PDF
196 pages
Instant Download Periodic Pattern Mining Theory Algorithms and Applications 1st Edition R Uday Kiran Philippe Fournier Viger Jose M Luna Jerry Chun Wei Lin Anirban Mondal PDF All Chapters
100% (3)
Instant Download Periodic Pattern Mining Theory Algorithms and Applications 1st Edition R Uday Kiran Philippe Fournier Viger Jose M Luna Jerry Chun Wei Lin Anirban Mondal PDF All Chapters
40 pages
RSM Calculator 28 Feb 2015
No ratings yet
RSM Calculator 28 Feb 2015
40 pages
2G Commissioning
No ratings yet
2G Commissioning
7 pages
Patch Management Solution Group IT Global Unix Tower: Ibm Bigfix
No ratings yet
Patch Management Solution Group IT Global Unix Tower: Ibm Bigfix
15 pages
5100333-00 - Salwico Cruise - Installation Manual - M - EN - 2018 - X
No ratings yet
5100333-00 - Salwico Cruise - Installation Manual - M - EN - 2018 - X
118 pages
Ics Security Offerings Fact Sheet S508C
No ratings yet
Ics Security Offerings Fact Sheet S508C
5 pages
Design of RISC Processor Using VHDL and Cadence
No ratings yet
Design of RISC Processor Using VHDL and Cadence
10 pages
Ccs3000 User Manual
No ratings yet
Ccs3000 User Manual
21 pages
Chapter 4 Boolean Algebra (1)
No ratings yet
Chapter 4 Boolean Algebra (1)
27 pages
Mari Gilbert
No ratings yet
Mari Gilbert
4 pages
MATHEMATICS 5 Practice Test
No ratings yet
MATHEMATICS 5 Practice Test
3 pages
4.4.7 Lab Configure Secure Administrative Access
No ratings yet
4.4.7 Lab Configure Secure Administrative Access
10 pages
Spcifications and Description - Audio/Sound System:: Behringer B2150
No ratings yet
Spcifications and Description - Audio/Sound System:: Behringer B2150
4 pages
Ge6075 Professional Ethics in Engineering Unit 5: by R.Sathya Priya AP/CSE
No ratings yet
Ge6075 Professional Ethics in Engineering Unit 5: by R.Sathya Priya AP/CSE
62 pages
HPE FlexFabric 5945 Switch Series Configuration Guides Index
No ratings yet
HPE FlexFabric 5945 Switch Series Configuration Guides Index
630 pages
Power Engineering
No ratings yet
Power Engineering
1 page
Argumentative Essay: By: Endang Lestari, S. PD., M.PD
No ratings yet
Argumentative Essay: By: Endang Lestari, S. PD., M.PD
20 pages
Beige Clean Lines Marketing Executive Resume
No ratings yet
Beige Clean Lines Marketing Executive Resume
1 page
Lecture 2 - Binary Numbers, Python Basics PDF
No ratings yet
Lecture 2 - Binary Numbers, Python Basics PDF
62 pages
Generalizable Implicit Motion Modeling For Video Frame Interpolation
No ratings yet
Generalizable Implicit Motion Modeling For Video Frame Interpolation
18 pages
SNLR 019
No ratings yet
SNLR 019
6 pages
Just Research Format
No ratings yet
Just Research Format
17 pages