Three-day workshop offers unique opportunity for security startups Jerusalem...
Dear Hakin9 Readers,
We would like to introduce a new issue of Hakin9 on Demand. This time we explore ins and outs of Reverse Engineering. It is the process of exploration products such as computer devices or software to analyze how it is working and how it is made at all, or try to make a new product working in the same
way, but without duplication of the original. This time you will learn about basics of reverse engineering. Furthermore you will get knowledge how to use reverse engineering techniques on your own. You will find out how to analyze malware, or how to write your own debbuger. In this issue you will find sections as, Malware Reverse Engineering and Reverse it Yourself.
MALWARE REVERSE ENGINEERING
Malware Reverse Engineering
By Bamidele Ajayi, OCP, MCTS, MCITP EA, CISA, CISM
Reverse engineering is a vital skill for security professionals. Reverse engineering malware to discovering vulnerabilities in binaries are required in order to properly secure Information Systems from today’s ever evolving threats.
Android Reverse Engineering: An Introductory Guide to Malware Analysis
By Vicente Aguilera Diaz, CISA, CISSP, CSSLP, PCI ASV, ITIL Foundation, CEH|I, ECSP|I, OPSA
The Android malware has followed an exponential growth rate in recent years, in parallel with the degree of penetration of this system in different markets. Currently, over 90% of the threats to mobile devices have Android as a main target. This scenario has led to the demand for professionals with a very specific knowledge on this platform.
REVERSE IT YOURSELF
Write Your Own Debugger
By Amr Thabet
Do you want to write your own debugger? … Do you have a new technology and see the already known products like OllyDbg or IDA Pro don’t have this technology? … Do you write plugins in OllyDbg and IDA Pro but you need to convert it into a separate application? … This article is for you.In this article, I’m going to teach you how to write a full functional debugger using the Security Research and Development Framework (SRDF) … how to disassemble instructions, gather Process Information and work with PE Files … and how to set breakpoints and work with your debugger.
Reverse Engineering – Shellcodes Techniques
By Eran Goldstein, CEH, CEI, CISO, Security+, MCSA, MCSE Security
The concept of reverse engineering process is well known, yet in this article we are not about to discuss the technological principles of reverse engineering but rather focus on one of the core implementations of reverse engineering in the security arena. Throughout this article we’ll go over the shellcodes’ concept, the various types and the understanding of the analysis being performed by a “shellcode” for a software/program.
Deep Inside Malicious PDF
By Yehia Mamdouh, Founder and Instructor of Master Metasploit Courses, CEH, CCNA
Nowadays People share documents all the time and most of the attacks based on client side attack and target applications that exist in the user, employee OS, from one single file the attacker can compromise a large network. PDF is the most sharing file format, due to PDFs can include active content, passed within the enterprise and across Networks. In this article we will make Analysis to catch Malicious PDF files.
How to Reverse Engineer dot NET Assemblies
By Soufiane Tahiri, InfoSec Institute Contributor and Computer Security Researcher
The concept of dot NET can be easily compared to the concept of JAVA and Java Virtual Machine, at least when talking about compilation. Unlike most of traditional programming languages like C/C++, application were developed using dot NET frameworks are compiled to a Common Intermediate Language (CIL or Microsoft Common Intermediate Language MSIL) – which can be compared to bytecode when talking about Java programs – instead of being compiled directly to the native machine executable code, the Dot Net Common Language Runtime (CLR) will translate the CIL to the machine code at runtime. This will definitely increase execution speed but has some advantages since every dot NET program will keep all classes’ names, functions’ names variables and routines’ names in the compiled program. And this, from a programmer’s point of view, is such a great thing since we can make different parts of a program using different programming languages available and supported by frameworks.
Reversing with Stack-Overflow and Exploitation
By Bikash Dash, RHCSA, RHCE, CSSA
The prevalence of security holes in program and protocols, the increasing size and complexity of the internet, and the sensitivity of the information stored throughout have created a target-rich environment for our next generation advisory. The criminal element is applying advance technique to evade the software/tool security. So the Knowledge of Analysis is necessary. And that pin point is called “The Art Of Reverse Engineering”