API tools faq
paste
Advertisement
BaSs_HaXoR

Introduction to Reverse Engineering

BaSs_HaXoR
Mar 31st, 2017
656
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
raw download clone embed print report
  1. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  2. + https://www.cs.tau.ac.il/~tromer/courses/infosec11/lecture9.pdf +
  3. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  4. + Reverse engineering +
  5. +++++++++++++++++++++++
  6. is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.
  7. aka: Reversing, RE, SRE
  8.  
  9. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  10. + Tools of the Trade +
  11. ++++++++++++++++++++++
  12. Debugger (Dynamic code analysis)
  13. Disassembler (Static code analysis)
  14. Hex Editor
  15. PE Analyzer
  16. Resource Editor
  17.  
  18. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  19. + The Holy Grail: IDA-Pro +
  20. +++++++++++++++++++++++++++
  21. Started as an Interactive Dis
  22. -Assembler, enabling user
  23. interaction with the disassembler’s decisions.
  24. Slowly evolved into an automatic RE tool:
  25. – Built
  26. -in full
  27. -control script language
  28. – Library recognition (including user
  29. -generated)
  30. – Function prototype information
  31. – Display
  32. – Propagate throughout the code
  33. – Support for plug-ins
  34. – Support for Python scripting
  35. – Multi
  36. -architecture, cross
  37. -platform support
  38. – Full incorporation with built-in and external debuggers
  39.  
  40. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  41. + Reversing Malware +
  42. +++++++++++++++++++++
  43. Malware is comprised of the following building blocks:
  44. – Infection Vector
  45. – Concealment
  46. – Operation
  47. – Communications
  48.  
  49. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  50. Check Point’s Anti-Malware Software Blade sits at the gateway
  51. Therefore, communications interest us the most
  52. A CrimeWareToolKit, originating in Russia.
  53. Used mostly for stealing financial information, but will settle
  54. for any other identity information and key logging...
  55.  
  56. Like any serious trojan, Spy Eye compresses its traffic and encrypts it
  57. – Compression is performed using a public library (LZO)
  58. – Encryption algorithm is proprietary
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!