Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Introduction

So now you’ve read the book, and should be able to do some of this on your own. In this chapter, we’re going to look at a real piece of hostile code. The hostile code we’re going to use is real; this means that you should be especially careful when dealing with it yourself because you could possibly do serious harm to your computer and your network. Please be positive you are authorized to analyze the application in your environment. I highly suggest the use of some form of virtualization software, such as VMware. One thing I especially like about VMware is the ability to take snapshots, which allows me to get to specified points and make a restore point. This makes things like travel and close of the business day easier as you don’t have to worry about someone unplugging your computer or needing to take your laptop home with you. All that said, be careful and bear in mind that you and only you are responsible for your actions. In that sense, when we say advanced walkthrough, we don’t mean so much that the content is especially advanced, but rather that we’re taking all of the pieces and putting them together to form a coherent picture of what you can expect to be doing as a reverse engineer.

Note

Just like anything else, reverse engineering is something you will get more comfortable as you gain more experience doing it. Thus, once the base knowledge is there, it’s really just a matter of doing it to become good. It can be problematic trying to find employment in the field until you’re more qualified to do it. That’s where the beauty of the internet comes in. There are many organizations and Web sites that have challenges, for instance the Honey Net project is fairly well know for presenting incident response type challenges. This can be fun and is a good way to get your notoriety levels increased, however the focus is rarely on reverse engineering.

There are a couple of especially good websites. The first and most obvious is http://crackmes.de. This website is full of user-submitted programs with various objectives for reversing. For instance, they have unpackme’s where the challenge is to unpack the program; crackme’s which simulates cracking commercial software and so on. They have challenges for multiple operating systems and have various degrees of difficulty.

The second Web site is more of a forum, and there are some challenges but its one of the best places to find likeminded people, http://community. reverse-engineering.net/. This is a forum that has a plethora of information and will give you access to smart people.

The third is the Offensive Computing website http://www.offensive-computing.com/, this Web site among other things maintains a repository of known malware and serves as a good site for cross-referencing anything you might find, and a good place to brush up on your reversing malware skills using the real deal.

Finally, there is another Web site known as OpenRCE, http://www.openrce.org, it’s run by a fairly accomplished reverse engineer from TippingPoint named Pedram Amini, and it contains forums and plugins, scripts and so on. There also is a searchable listing of call chains for the main system libraries, which comes in handy more often than you think.



  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint