Software Reverse Engineering (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Software Reverse Engineering Knowledge Unit is to provide students with the capability to perform reverse engineering of executable code to determine its function and effects, or to discover details of the implementation.

Outcomes[edit]

Students should be able to:

  1. Apply ethical and legal concepts to reverse engineering.
  2. Use common software reverse engineering tools and techniques to safely perform static and dynamic analysis of software (or malware).
  3. List common reasons for reverse engineering software.
  4. Describe how to protect software from reverse engineering attempts.

Topics[edit]

  1. Ethical and Legal issues associated with Reverse Engineering Software.
  2. Reverse Engineering Applications
    • Malware Analysis
    • Interoperability
    • Security Analysis
    • Recovery
  3. Key Concepts
    • Executable Structure
    • Instruction Format
    • Addressing Modes
    • Programming/call conventions
    • System Structure
  4. Reverse Engineering Tools
    • Disassemblers
    • Debuggers
    • Hex Editors
    • System Utilities
  5. Reverse Engineering Techniques
    • Sandboxing
    • Code Analysis
    • Register and Memory Analysis
    • Behavioral analysis
    • Clean Room approach
  6. Anti-reverse engineering techniques

Skills[edit]

Specialization Areas[edit]

  • None

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

  • Sikorski, Michael and Honig, Andrew. Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software, 1st Edition, ISBN-13: 978-1593272906. No Starch Press, San Francisco. 2012
  • Eilam, Eldad. Reversing: Secrets of Reverse Engineering, Wiley Publishing, Inc. Indianapolis, IN. 2005.

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

  1. Identify the command and control server for a malware sample
  2. Defeat a simple anti-RE technique (e.g. detection of running in a VM)
  3. Determine how a malware sample maintains persistence

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

SRE