C.1 Advanced Reverse Engineering

From CyberEdWiki
Jump to: navigation, search

The discipline of software reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and to aid in the analysis of software via disassembly and/or decompilation. The ability to understand software of unknown origin or software for which source code is unavailable is a critical skill within the cyber operations field. Use cases include malware analysis and auditing of closed source software.

Specific topics to be covered in this knowledge unit include, but are not limited to:

  • Binary Analysis (no source code provided)
    • Advanced reverse engineering techniques (e.g. RE of kernel space code, BIOS RE, Firmware, decompilation, ID of code reuse, binary differencing)
    • Countering anti-RE techniques
    • Symbolic Execution
    • Semantic lifting
    • Polymorphism

Outcome: Students will be able to identify and apply the advanced techniques mentioned above to independently perform static and dynamic analysis of binary code of unknown origin, including obfuscated malware, to fully understand the software's functionality.