1.5 KiB
layout, permalink, title
| layout | permalink | title |
|---|---|---|
| default | /RE101/intro/ | Intro |
Go Back to Reverse Engineering Malware 101
Introduction
Reverse Engineering
"is the processes of extracting knowledge or design information from anything man-made and re-producing it or re-producing anything based on the extracted information" [1]1
What does it mean to be a reverse engineer?
You can
-
Take things apart to figure out how it works
-
Love puzzle solving
-
Develop experiments and tools
-
Think outside the box
-
Constantly learn new things
Game Plan
-
Determine what are the goals
- Get to just what you need, or
- Know enough to recreate it
-
Use reconnaissance and triage skills to determine a target starting point
-
Work step by step to get to your goals
-
Record your findings through the analysis
Analysis Flow for Malware Analysis
-
Setup a baseline analysis environment
-
Triage to determine a starting point
-
Static Analysis - Get a sense of where everything is before debugging
-
Dynamic Analysis - Determine behaviors that can’t be understood by static analysis
-
Manual Debugging - Stepping through the program to navigate to your goals