Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Online service sites


There are existing online services that can also aid us in our reversing.

  • VirusTotal: This submits a file or a URL and cross-references it with a list of detections from various security programs. The result gives us an idea if the file is indeedmaliciousor not. It can also show us some file information, such as the SHA256, MD5, file size, and any indicators.
  • Malwr: Files submitted here will be submitted to a backend Cuckoo system.
  • Falcon Sandbox: This is also known as hybrid-analysis, and is an online automated analysis system developed by Payload Security. Results from Cuckoo and hybrid-analysis uncover similar behaviors, but one may show more information than the other. This may depend on how the client sandbox was set up. If, say, the .NET framework was not installed in the sandbox, submitted .NET executables will not run as expected.
  • whois.domaintools.com: This is a site that shows the whois information about a domain or URL. This may come in handy, especially when...