Security
Reader small image

You're reading from  Mastering Reverse Engineering

Product typeBook
Published inOct 2018
PublisherPackt
ISBN-139781788838849
Edition1st Edition
Tools
Linux
Concepts
Reverse Engineering
Right arrow
Author (1)
Reginald Wong
Reginald Wong
author image
Reginald Wong

Reginald Wong has been in the software security industry for more than 15 years.Currently, Reggie is a lead anti-malware researcher at Vipre Security, a J2 Global company, covering various security technologies focused on attacks and malware. He previously worked for Trend Micro as the lead for the Heuristics team, dealing with forward-looking malware detection. Aside from his core work, he has also conducted in-house anti-malware training for fresh graduates. He is currently affiliated with CSPCert.ph, Philippines' CERT, and is a reporter for Wildlist.org. He has also been invited to speak at local security events, including Rootcon.
Read more about Reginald Wong

Right arrow

Reverse engineering

Breaking something down and putting it back together is a process that helps people understand how things were made. A person would be able to redo and reproduce an origami by unfolding it first. Knowing how cars work requires understanding each major and minor mechanical part and their purposes. The complex nature of the human anatomy requires people to understand each and every part of the body. How? By dissecting it. Reverse engineering is a way for us to understand how things were designed, why is it in its state, when it triggers, how it works, and what its purpose is. In effect, the information is used to redesign and improve for better performance and cost. It can even help fix defects.

 

However, reverse engineering entails ethical issues and is still a continuous debate. Similar to Frankenstein's case, there are existing issues that defy natural laws in a way that is not acceptable to humanity. Today, simple redesigning can raise copyright infringement if not thought through carefully. Some countries and states have laws governing against reverse engineering. However, in the software security industry, reverse engineering is a must and a common use case.

Imagine if the Trojan Horse was thoroughly inspected and torn down before it was allowed to enter the gates of a city. This would probably cause a few dead soldiers outside the gate fighting for the city. The next time the city is sent another Trojan Horse, archers would  know where to point their arrows. And no dead soldiers this time. The same is true for malware analysis—by knowing the behaviors of a certain malware through reverse engineering, the analyst can recommend various safeguards for the network. Think of it as the Trojan Horse being the malware, the analyst being the soldier who initially inspected the horse, and the city being the network of computers.

Anyone seeking to become a reverse engineer or an analyst should have the trait of being resourceful. Searching the internet is part of reverse engineering. An analyst would not plainly rely on the tools and information we provide in this book. There are instances that an analysis would even require reverse engineer to develop their own tools.

Software auditing may require reverse engineering. Besides high-level code review processes, some software quality verification also involves implementing reverse engineering. The aim of these test activities is to ensure that vulnerabilities are found and fixed. There are a lot of factors that are not taken into consideration during the design and development of a piece of software. Most of these are random input and external factors that may cause leaks, leading to vulnerabilities. These vulnerabilities may be used for malicious intents that not only disrupt the software, but may cause damage and compromise the system environment it is installed in. System monitoring and fuzzing tools are commonly used when testing software. Today's operating systems have better safeguards to protect from crashing. Operating systems usually report any discrepancies found, such as memory or file corruption. Additional information, such as crash dumps, are also provided. From this information, a reverse engineer would be able to pinpoint where exactly in the software they have to inspect.

In the software security industry, one of the core skills required is reverse engineering. Every attack, usually in the form of malware, is reversed and analyzed. The first thing that is usually needed is to clean the network and systems from being compromised. An analyst determines how the malware installed itself and became persistent. Then, they develop steps for uninstalling the malware. In the anti-malware phase, these steps are used to develop the clean-up routine, once the anti-malware product is able to detect that the system has been compromised.

The analysis provides information about how the malware was able to compromise the system. With this information, network administrators are able to impose policies to mitigate the attack. If the malware was able to enter the system because of a user opening an email attachment that contains JavaScript code, the network administrator would implement the blocking of emails that contain a JavaScript attachment.

Some administrators are even advised to restructure their network infrastructure. Once a system gets compromised, the attackers may already have got all of the information about the network, and would easily be able to make another wave of the same attack. Making major changes will greatly help prevent the same attack from happening again.

Part of restructuring the infrastructure is education. The best way to prevent a system from being compromised is by educating its users about securing information, including their privacy. Knowing about social engineering and having experience of previous attacks makes users aware of security. It is important to know how attackers are able to compromise an institution and what damage they can cause. As a result, security policies are imposed, backups are set up, and continuous learning is implemented.

Going further, targeted companies can report the attack to authorities. Even a small piece of information can give authorities hints to help them hunt down the suspects and shut down malware communication servers.

Systems can be compromised by taking advantage of software vulnerabilities. After the attacker gets knowledge about the target, the attacker can craft code that exploits known software vulnerabilities. Besides making changes in the infrastructure, any software used should also be kept up to date with security features and patches. Reverse engineering is also needed to find vulnerable code. This helps pinpoint the vulnerable code by backtracking it to the source.

All of these activities are done based on the output of reverse engineering. The information gathered from reverse engineering affects how the infrastructure needs to be restructured. 

 

Previous Page
Chapter 6 of 20, Page 2
Next Page
You have been reading a chapter from
Mastering Reverse Engineering
Published in: Oct 2018Publisher: PacktISBN-13: 9781788838849
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Reginald Wong

Reginald Wong has been in the software security industry for more than 15 years.Currently, Reggie is a lead anti-malware researcher at Vipre Security, a J2 Global company, covering various security technologies focused on attacks and malware. He previously worked for Trend Micro as the lead for the Heuristics team, dealing with forward-looking malware detection. Aside from his core work, he has also conducted in-house anti-malware training for fresh graduates. He is currently affiliated with CSPCert.ph, Philippines' CERT, and is a reporter for Wildlist.org. He has also been invited to speak at local security events, including Rootcon.
Read more about Reginald Wong

Other recommended products

Related to this chapter

Mastering Assembly Programming

Mastering Assembly Programming

The Assembly language is the lowest level human readable programming language on any platform. Knowing the way things are on the Assembly level will help developers design their code in a much more elegant and efficient way. This book will take readers on a journey to mastering the Assembly language.

BookSep 2017290 pages
Antivirus Bypass Techniques

Antivirus Bypass Techniques

Antivirus Bypass Techniques follows a unique approach that will help you explore the security landscape, understand the fundamentals of antivirus software, and put antivirus bypass techniques to use. This book will enable you to bypass antivirus software solutions in order to develop efficient antivirus software.

BookJul 2021242 pages
Learning Malware Analysis

Learning Malware Analysis

Malware analysis and memory forensics are powerful analysis and investigation techniques used in reverse engineering, digital forensics, and incident response. This book teaches you the concepts, tools, and techniques to determine the behavior and characteristics of malware using malware analysis and memory forensics.

BookJun 2018510 pages
Penetration Testing with Shellcode

Penetration Testing with Shellcode

Security has always been a major concern for your application, your system, or your environment. This book's main goal is to build your skills for low-level security exploits, finding vulnerabilities and covering loopholes with shellcode, assembly, and Metasploit.

BookFeb 2018346 pages
Mastering Malware Analysis

Mastering Malware Analysis

Malware analysis is a powerful investigation technique widely used in various security areas including digital forensics and incident response processes. Working through practical examples, you'll be able to analyze any type of malware you may encounter within the modern world.

BookJun 2019562 pages
Malware Analysis Techniques

Malware Analysis Techniques

Comprehensive threat analysis is important for incident responders as it helps them to ensure that a threat has been entirely eliminated. This book shows you how to quickly triage, identify, attribute, and remediate threats with proper analysis techniques, and guides you in implementing your knowledge to prevent further incidents.

BookJun 2021282 pages
Binary Analysis Cookbook

Binary Analysis Cookbook

Binary Analysis is a complex and constantly evolving topic, crossing into several realms of IT and information security. The recipes in this book will serve as a good reference for you to get a better understanding of various aspects related to analyzing malware, identifying vulnerabilities in code, exploit writing and reverse engineering.

BookSep 2019396 pages
Preventing Ransomware

Preventing Ransomware

Ransomware is the most critical threat and its intensity has grown exponentially in recent times. This book provides comprehensive, up-to-the-minute details about different kinds of ransomware attack as well some notable ones from the past. It also talks about different aspects of cyber security that can help you prevent ransomware attacks.

BookMar 2018266 pages
Ghidra Software Reverse Engineering for Beginners

Ghidra Software Reverse Engineering for Beginners

Ghidra is the NSA’s state-of-the-art reverse engineering framework. It is open source, allowing the community to extend it with impressive range of features. This book offers a comprehensive introduction to anyone new to the Ghidra reverse engineering framework and malware reverse engineering.

BookJan 2021322 pages
Modern Computer Architecture and Organization

Modern Computer Architecture and Organization

A no-nonsense, practical guide to help you learn the current and future processor and computer architectures that will enable you to design computer systems and develop better software applications across a variety of domains.

BookApr 2020560 pages

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages