reverse engineering
play

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse - PowerPoint PPT Presentation

May 28, 2023 •514 likes •636 views

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a product, understand how it works Usually limited to certain aspects, not full systems Need to know a little bit about a lot of topics to gain

  1. Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018

  2. Reverse Engineering ● Take a product, understand how it works ● Usually limited to certain aspects, not full systems ● Need to know a little bit about a lot of topics to gain understanding ● Need to know a lot about a lot of topics to make significant changes ● Often learning on the job

  3. Capture the Flag (CTF) ● Hacking competitions ● Challenges presented; covers many topics ● https://ctftime.org/ ○ Register teams for leaderboard (not required) ○ Check calendar for upcoming CTFs ● http://overthewire.org/wargames/ ○ Similar, but not live/timed events ● See Resources at the end for more

  4. Concepts ● Learn what type of object you are reverse engineering. Is it a(n)… ○ Windows EXE? ○ Office document? ○ Script? ○ Encoded/encrypted blob? ● Let the malware (or object/code/whatever is in front of you) do the work ● Google EVERYTHING

  5. What we’ll be going over today... ● A mix of FLARE-On + LabyREnth challenges ● Real life malware ● Introduction to tools used to reverse engineer ● What to look for ● Live demos from here on… ● Please ask questions!

  6. Resources - Debuggers ● gdb ● IDA Pro (not the freeware version) ○ Linux, command line-based ● OllyDbg ● WinDbg ○ Windows, only ○ Windows, command line-based ○ http://www.ollydbg.de/ ● lldb ○ Becoming outdated, but tried, tested, and trusted ○ OSX, command line-based ● edb-debugger ● x64dbg ○ Linux, mainly ○ Windows, GUI ○ OllyDbg clone ○ https://x64dbg.com/ ○ https://github.com/eteran/edb-debugger ● radare2 ○ Multiplatform, command line-based (vim-like) ○ Significant learning curve, but very powerful! ○ https://github.com/radare/radare2/

  7. Resources - Disassemblers ● All of the tools listed in Debuggers are also disassemblers ● Capstone ○ For scripting; useful in Python ○ https://github.com/aquynh/capstone/ ● objdump (Linux) ○ CLI tool for dumping code and other artifacts out of ELF (Linux executable format) binaries ● otool (objdump for OSX) ○ Also useful for parsing out the Mach-O executable file format for OSX binaries

  8. Resources - Dynamic Execution (Sandboxing) ● Process Hacker 2 ○ Advanced Task Manager for Windows, allows manipulating running processes, injecting code, etc. ● procmon ○ Process monitor for windows, allows viewing events generated by processes, e.g. files opened, processes executed, etc. ● FakeNet ○ Intercept and, optionally, manipulate network traffic ○ Extensible with plugins so that you can write a fake command and control server to communicate with malware

  9. Resources - Reading Material ● Practical Malware Analysis, by Michael Sikorski ○ Excellent malware analysis introduction with labs/questions and answers to guide you ○ Good for reverse engineering in general, not just malware ● Reverse Engineering, by Bruce Dang ● The Art of Memory Forensics, by Michael Hale Ligh ● Follow people/organizations on Twitter ○ @TheHackerNews ■ Random security news ○ @patrickwardle ■ Former NSA; active in exploit research and writes many free tools for OSX defense ○ @virustotal - online sandbox ○ @cyb3rops - Florian Roth (detections, malware/actor tracking)

  10. Resources - CTFs ● FLARE-On Challenge ( http://flare-on.com/ ) ○ Past challenges can be downloaded in bulk; no need to solve in sequence ○ Search online for peoples’ writeups if you need help (Reddit, etc.) ○ Check back (or check Reddit/Twitter) in June/July for news on this year’s challenge ● LabyREnth Challenge ( https://labyrenth.com ) ○ Past challenges may or may not be available; check it out ○ Check back (or check Reddit/Twitter) in June/July for news on this year’s challenge ● Check CTF Time for upcoming events ○ https://ctftime.org/ ○ 2 CTFs this weekend! ● http://overthewire.org/wargames/ ○ Similar, but not live/timed events

  11. Resources - Conferences ● DEFCON ○ Inexpensive ○ Presentations are often peoples’ pet projects ○ Various competitions and amusements ○ During late summers ● BlackHat ○ Expensive ○ Geared toward training sessions ○ During late summers ● RSA ○ Enterprise security products ○ Mid-spring (just passed 2 weeks ago) ● Check around Twitter/Reddit/community for other conferences

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work with: Li J W Li, J. Wang, Pongsajapan, Tan, Tang, M. Wang P j T T M W Outline Background Layering as optimization decomposition L

932 views • 47 slides
Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team eresi@asgardlabs.org This presentation is about .. The Embedded ERESI debugger : e2dbg The Embedded ERESI tracer : etrace The ERESI reverse

849 views • 47 slides
CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom Austin San Jos State University SRE Software Reverse Engineering Also known as Reverse Code Engineering (RCE) Or simply reversing

1.04k views • 80 slides
Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The Chinese University of Hong Kong Joint work with J.-W. Lee, A. Tang, M. Chiang and A. R. Canderbank J. Huang (CUHK) Reverse Engineering MAC Nov.

605 views • 38 slides
Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (Halvar Flake) Progress in Reverse Engineering 2010

941 views • 64 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views • 137 slides
Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs http://kirils.org for more Possible Security Reverse engineering? www.indiamart.com Contents Hardware architecture Processors and machine language

536 views • 25 slides
Understanding human speech recognition: Reverse-engineering the engineering solution using

Understanding human speech recognition: Reverse-engineering the engineering solution using

Cai Wingfield CSLB, Department of Psychology Workshop on Neurocomputation: From Brains to Machines University of Cambridge 25 November 2015 Understanding human speech recognition: Reverse-engineering the engineering solution using EMEG

196 views • 18 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Pierre Surply Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP Controller Scan Chain Pierre Surply Boundary Scan UC3 JTAG EPITA 2016 Reverse engineering Jul

968 views • 72 slides
Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap W44 Introduction V.Zaytsev W45 Metaprogramming J.Vinju W46 Reverse Engineering V.Zaytsev W47 Software Analytics M.Bruntink W48 Clone

751 views • 31 slides
Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code Pierre Bourdon Introduction DSP Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion delroth@lse.epita.fr http://lse.epita.fr February 12, 2013 Context Reverse

856 views • 18 slides
Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET; it is simply a reality of modern, intermediate-compiled

132 views • 10 slides
Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Overview Evidence Model Calibration Quantitative Results Reverse Engineered Shocks Conclusion Extras Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach Paolo Gelain Kevin J. Lansing Gisle J.

717 views • 50 slides
Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and Statistical Sciences Clemson University http://edimit.people.clemson.edu/ Algebraic Biology E. Dimitrova (Clemson) Reverse engineering using

864 views • 57 slides
Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University With additional content by Jiaming Li, NC State University, 2015 What is software reverse engineering? Determine and possibly change

629 views • 35 slides
SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me

SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me

SMT in reverse engineering, for dummies Carl Svensson September 4, 2016 SEC-T 2016 About me Carl Svensson, 25 MSc in Computer Science, KTH IT Security consultant, Bitsec AB CTF-player, HackingForSoju

487 views • 24 slides
Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki

Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki

Reverse Engineering Feature Models. . . S. She, R. Lotufo, T. Berger, A. Wasowski, K. Czarnecki Generative Software Development Lab University of Waterloo . . International Conference on Software Engineering, Honolulu, Hawaii, USA.

330 views • 31 slides
Meeting 104 // Reverse Engineering Basics // If Youre New! Join our Slack:

Meeting 104 // Reverse Engineering Basics // If Youre New! Join our Slack:

Meeting 104 // Reverse Engineering Basics // If Youre New! Join our Slack: cyberatuc.slack.com SIGN IN! (Slackbot will post the link in slack) Feel free to get involved with one of our committees: Content Finance Public Affairs

634 views • 17 slides
Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Grtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018 Obfuscation

1.02k views • 53 slides
Reverse engineering: obfuscation Srdjan Matic < srdjan@security.di.unimi.it > Aristide

Reverse engineering: obfuscation Srdjan Matic < srdjan@security.di.unimi.it > Aristide

Universit` a degli Studi di Milano Facolt` a di Scienze e Tecnologie Dipartimento di Informatica Reverse engineering: obfuscation Srdjan Matic < srdjan@security.di.unimi.it > Aristide Fattori < joystick@security.di.unimi.it > A.A.

413 views • 9 slides
Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics

Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics

Deep Learning and Physics 2018, Osaka Reverse Engineering Hamiltonian from Spectrum Hiroyuki Fujita, Insitute for Solid State Physics Phys. Rev. B 97 , 075114 (2018) 1 Yuya. O. Nakagawa (PhD @ ISSP -> Fintech company) S. Sugiura (PD @

272 views • 26 slides
Software Protection Research ISSISP 2017Introduction Christian Collberg Department of

Software Protection Research ISSISP 2017Introduction Christian Collberg Department of

Software Protection Research ISSISP 2017Introduction Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the private

1.07k views • 52 slides
INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

Chapter #1 INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by Marco Brambilla, Jordi Cabot, Manuel Wimmer. Morgan & Claypool, USA, 2012. Marco Brambilla, Jordi Cabot, Manuel Wimmer.

486 views • 45 slides

More recommend