Place to start

Viewing 8 reply threads
  • Author
    Posts
    • #4814
      nknacd
      Participant

      Hi all,

      Does anyone know of a good place to start for learning how to reverse engineer software/malware? Basically looking for a good foundation to start learning how to find vulnerabilities. Having searched the interwebs, It’s hard to find any free information on this learning this and due to my lack of funds am unable to purchase anything, ie books.

      any insight would be greatly appreciated.

    • #30222
      pizza1337
      Participant
    • #30223
      unsupported
      Participant
    • #30224
      zeroflaw
      Participant

      You might find OllyDbg useful, it’s a free reverse engineering tool.

      http://www.ollydbg.de/

      I would suggest learning some programming, especially assembly.

      @Pizza, http://tuts4you.com looks really good, thanks 😛

    • #30225
      UNIX
      Participant

      Additionally I’d recommend Reversing: Secrets of Reverse Engineering and Hacking: The Art of Exploitation.

    • #30226
      Ketchup
      Participant

      I second pizza’s recommendation.  This is probably the best set of reversing tutorials I am aware of.  I when through a bunch of them and learned quite a bit.  Lena knows her stuff.

      http://www.tuts4you.com/download.php?list.17

    • #30227
      n1p
      Participant

      Agreed, the Lena151 tutorials are extremely useful for using Ollydbg and understanding the logic of disassembly. I would also suggest looking for Tigas tutorials. They will give you some insight into usage with IDA Pro.

      If you are serious about RE and malware analysis. You will need to consider looking at gaining a basic / moderate understanding of ASM. You will not need to develop with it, but rather appreciate how it works and have the ability to understand loops, counters and jumps.

      For that, there are plenty of examples and books that are free. The main one being The Art of Assembly.

      A great way for beginners is also to start compiling simple hello world examples and viewing them in a debugger. Then improving on this with inclusion of functions, pointers and structs etc to see how these are represented in disassembly. This can also be used to code vulnerable apps and view how buffer overflows look in disassembly.

      Additional to that, I would also begin to explore the PE (Portable executable) format. This will assist you with reversing in a windows environment.

      Improving on this, start with simple UPX unpacking tutorials and crackmes (crackmes.de) to get an intro to file packing and obfuscation. Identify how you can unpack these files and navigate from the packed layer to unpacked code. This will then introduce you to the world of import rebuilding with tools such as ImpRec / LordPE which is vital for reversing malware. All the while gaining an appreciation for manual tracing and executable dumping using dynamic analysis with debuggers.

      Going further… You will then be introduced to anti-debugging mechanisms (as a result of file packers / cryptors ). These are used by programs and malware alike and serve to make your life as a reverser difficult.

      Less technical, but equally important is learning to use virtualisation. So I would suggest setting up a VMware/VirtualBox lab. You can then use this to test/reverse malware on. This lab will also contain your debugger, hex editor and dynamic analysis tools (see sysinternals tools, iDefense malware pack). These labs can also contain IRC servers etc which can then be used to view how malware interacts with C&C irc servers. Again, this is more advanced, but the sort of thing you can look forward to doing after a small but of learning and research!

      Apologies for large post and info overload. Happy to discuss further if any of this is overly complicated and needs clarification.

    • #30228
      zeroflaw
      Participant

      @n1p wrote:

      A great way for beginners is also to start compiling simple hello world examples and viewing them in a debugger. Then improving on this with inclusion of functions, pointers and structs etc to see how these are represented in disassembly. This can also be used to code vulnerable apps and view how buffer overflows look in disassembly.

      Exactly how I started. Write simple programs and view them in a debugger. Good suggestion 😛

    • #30229
      nknacd
      Participant

      thanks for the suggestions, the tuts4you seems like exactly what i was looking for. guess my google kung fu still needs some work.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?