M.2 Software Reverse Engineering

From CyberEdWiki
Jump to: navigation, search

The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and to aid in the analysis of software via disassembly and/or decompilation. The ability to understand software of unknown origin or software for which source code is unavailable is a critical skill within the cyber operations field. Use cases include malware analysis and auditing of closed source software.

Specific topics to be covered in this knowledge unit include, but are not limited to:

  • Reverse engineering techniques
  • Reverse engineering for software specification recovery
  • Reverse engineering for malware analysis
  • Reverse engineering communications (to uncover communications protocols)
  • Deobfuscation of obfuscated code
  • Common tools for reverse engineering including but not limited to:
    • Disassemblers (e.g., IdaPro)
    • Debuggers (e.g., gdb, OllyDbg, WinDbg)
    • Virtualization-based sandbox environments (e.g., VMware, Xen)
    • Process and file activity monitors (e.g., ProcMon)
    • Network activity monitors (e.g., Wireshark, tcpdump, TcpView)

Outcome: Students will be able to use the tools mentioned above to safely perform static and dynamic analysis of software (or malware) of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality.

In addition to course syllabi, applications must include examples of hands-on lab exercises to demonstrate that students have achieved mastery of this KU.