Hi all,

Does anyone know of a good place to start for learning how to reverse engineer software/malware? Basically looking for a good foundation to start learning how to find vulnerabilities. Having searched the interwebs, It's hard to find any free information on this learning this and due to my lack of funds am unable to purchase anything, ie books.

any insight would be greatly appreciated.

Additionally I'd recommend Reversing: Secrets of Reverse Engineering and Hacking: The Art of Exploitation.

Agreed, the Lena151 tutorials are extremely useful for using Ollydbg and understanding the logic of disassembly. I would also suggest looking for Tigas tutorials. They will give you some insight into usage with IDA Pro.

If you are serious about RE and malware analysis. You will need to consider looking at gaining a basic / moderate understanding of ASM. You will not need to develop with it, but rather appreciate how it works and have the ability to understand loops, counters and jumps.

For that, there are plenty of examples and books that are free. The main one being The Art of Assembly.

A great way for beginners is also to start compiling simple hello world examples and viewing them in a debugger. Then improving on this with inclusion of functions, pointers and structs etc to see how these are represented in disassembly. This can also be used to code vulnerable apps and view how buffer overflows look in disassembly.

Additional to that, I would also begin to explore the PE (Portable executable) format. This will assist you with reversing in a windows environment.

Improving on this, start with simple UPX unpacking tutorials and crackmes (crackmes.de) to get an intro to file packing and obfuscation. Identify how you can unpack these files and navigate from the packed layer to unpacked code. This will then introduce you to the world of import rebuilding with tools such as ImpRec / LordPE which is vital for reversing malware. All the while gaining an appreciation for manual tracing and executable dumping using dynamic analysis with debuggers.

Going further... You will then be introduced to anti-debugging mechanisms (as a result of file packers / cryptors ). These are used by programs and malware alike and serve to make your life as a reverser difficult.

Less technical, but equally important is learning to use virtualisation. So I would suggest setting up a VMware/VirtualBox lab. You can then use this to test/reverse malware on. This lab will also contain your debugger, hex editor and dynamic analysis tools (see sysinternals tools, iDefense malware pack). These labs can also contain IRC servers etc which can then be used to view how malware interacts with C&C irc servers. Again, this is more advanced, but the sort of thing you can look forward to doing after a small but of learning and research!

Apologies for large post and info overload. Happy to discuss further if any of this is overly complicated and needs clarification.

thanks for the suggestions, the tuts4you seems like exactly what i was looking for. guess my google kung fu still needs some work.