Tag: reverse engineering
Late last year, EH-Net and eLearnSecurity threw out a little challenge to our readers as a way to make a gentle introduction to the topic of reverse engineering and also to announce eLS’s new course, Advanced Reverse Engineering Software (ARES). Below you will find the Reverse Engineering 101 Contest Solution not only in video format by challenge and course designer Kyriakos Economou but also the full winning entry by EH-Netter, Gerardo Iglesias Galvan. Congratulations to Gerardo and be sure to keep us posted on your progress through the free course you won through EH-Net.
Thanks to everyone who played, whether you submitted a solution or not. If you couldn’t solve it, no worries. It only means that you have the passion but you miss the knowledge, and this is what eLS guarantees to offer to you. Still, if you managed to solve it, then you know that there is so much still to learn. eLS guarantees that through the ARES course, you will learn much more in order to enhance your technical skills. If you didn’t try at all, now is your chance to start learning. Watch the video and read the write-up and hopefully it will spark your interest in diving deeper into this fantastic field of ethical hacking.
Details on the new training course from eLearnSecurity is out! There’s been some buzz about the new eLS course and what it could possibly be. As the above title indicates, one of the premier online training organizations is getting into RE. If you are interested in Software Reverse Engineering, either driven by curiosity or by the dream to become a professional in this subject, then the Advanced Reverse Engineering of Software (ARES) course is just what you need to get all the theoretical and practical knowledge to start your journey into the world of RE. And it starts right here with Reverse Engineering 101.
It’s been a while since we’ve had a webcast or a hacking contest, so why not combine them into one big EH-Net Special Event? And to get your Holiday Season rolling in proper EH-Net fashion, we’re also able to offer 5% Off with Coupon Code: EH-Net-5-eLS, even before the official launch date of Nov 26. So go reserve your seat now.
So here’s what we’ve cooked up for all of you EH-Netters out there. Just like you, eLS is also driven by passion, so they prepared a small challenge for their future students. Below is an executable just begging to be broken. You’ll have until Monday Dec 9 to break it. If you do, you’ll be entered into a pool of candidates where one of you will win the entire ARES course + Certification Exam for free! Then stay tuned for a future article with a full write-up as well as a video containing an Intro to RE, the solution to the challenge and the announcement of the winner. Good Luck.
By Jason Haddix
Love it or hate it, crowdsourcing is here to stay. While it’s been mostly confined to development and design, eventually it was going to come to security. Two such gentlemen trying to pioneer the space are Casey Ellis and Sergei Belokamen. Being long-time hackers and having seen how the security space works, they decided to start Bugcrowd. Here’s a description directly from the source:
“Bugcrowd is by far the most comprehensive and cost-effective way to secure websites and mobile apps. We’ll do a brief consultation and help you set the budget, the duration, and which websites or apps you’d like our curated crowd of researchers to test. The Bugcrowd researchers get to work finding security flaws in your applications. All testing can be routed through Bugcrowd’s crowd-control system, providing control and accountability. Any bugs are submitted to our Secure Operations Centre as soon as they are found. We validate the flaws and, at the end of the bounty, reward the first researcher to find each unique flaw. We provide you with an easy to understand report for you to hand to your developers… We can even recommend partners to help you fix what we find!”
Join me as I interview them both about their new venture and uncover some interesting information about security testing on a massive scale, as well as how to start. For example, if you are a tester looking to participate, it couldn’t be easier. Fill out the “Ninja” form and create an online profile (public or private) in which you provide Bugcrowd with your PayPal email address. Then you wait until you receive an email message announcing a new bounty… and it looks a little something like this…
It seems like yesterday that I was reviewing Chris Eagle’s book, but in reality it’s been 3 years. So when I had an opportunity to review The IDA Pro Book: The Unofficial Guide To The Worlds Most Popular Disassembler, 2nd Edition, I looked forward to seeing what had changed. And thus a change in the normal extensive EH-Net book review is in order and brevity is the word of the day.
A few things haven’t changed since my last review. I am still not a reverse engineer, although I occasionally use the tools clumsily for Capture The Flag (CTF) exercises. I’m not a professional programmer, although I can program and do so frequently. Although this isn’t material that I suspect I will master in the near future, this is material in which I have an interest. If you have basic programming skills, an interest in learning, and are willing to sit down and spend time with this material, you will definitely benefit from this book.
After the break, look for a link to a free download of Chapter 24: “The IDA Debugger.”