Big Plans: Malware and Reverse Engineering
» INTRO
Hi all! Welcome back to yet another post where I decide that I’m going off the deep end and am going to learn new stuff; this time the target of my fixation is the dreaded Reverse Engineering!
For those unaware, reverse engineering is a super broad field and encompasses more than just information security. Merriam-Webster defines it as “to disassemble and examine or analyze in detail (a product or device) to discover the concepts involved in manufacture usually in order to produce something similar” and as you can see, that leaves the applications of it way, way broad. I’ve heard of reverse engineering referring to things such as…
- Taking apart cars to figure out how they work
- Dismantling code to figure out undocumented API calls
- Ripping and tearing your way through code in a disassembler to figure out how a particular piece works
- Un-doing scale models in an attempt to understand more about the internals of a toy
…and just about anything in between. I bring this up to highlight something - notice the only common theme here? In all examples we take mutilate the subject in order to figure out something about it - whether it be competitor trade secrets, looking for code vulnerabilities, or just plain curiosity about what the thing does. Now that we have that out of the way, let’s take a look at HOW I’m going to attempt to master this beast.
» STUDY PLAN
So this is going to be no clean feat, nor is this list going to be all-inclusive. I’m sure it will change over time and I’ll forget to update it - my bad in advance! That said, here’s the start of my study plan:
| Course | Time Estimate | Description |
|---|---|---|
| Practical Malware Analysis | ~ 11 weeks at 2ch/wk | From everything I know, this is the mecca of reverse engineering. It takes you through lots of topics such as basic static/dynamic analysis, bypassing anti-reversing techniques, and more. |
| Nightmare BinExp | No idea, honestly. Guessing ~ 12 weeks? | If you like hands-on, this is the course for you. Nightmare is an intro to both binary exploitation and reversing that uses CTF challenges to reinforce the topics discussed. I’m using this to help shore up my learning from PMA and go deeper into binary exploitation. |
| A Guide to Kernel Exploitation: Attacking the Core | ~ 9 wks at 1ch/wk | This is where we start getting low down and dirty, really digging in and learning how to navigate kernel-land! This is probably the part that excites me the single most, since we’ll be hitting a deep dive at this point. |
| Starting with Windows Kernel Exploitation | I’m allotting a few weeks to play with HEVD - this is just the first post. | HEVD is a vulnerable driver in the same vein as most vulnerable programs are - full of holes and ready for exploitation. Lots of other bloggers have written about it, and I’ll be joining that phase - I’m going to detail the stuff I attack for later use! |
| Hackingz Ze Komputerz | Probably a week or two | So this is the ultimate test - I want to go through this video series that OJ put up and be able to both understand and discover the Capcom.sys exploit from scratch. It’s going to be a tall order, but if every piece before it goes well I should have all the pieces in place for moving forward. |
So yeah, that’s it. Seems simple right? I’m going to jump in to the reversing stuff - expect to see some articles as we go forward surrounding reverse engineering and malware breakdowns. I’m hoping that soon enough, I’ll be good enough to be able to call myself a decent malware analyst but we’ll see.
Oh yeah - P.S. - I’m going to be doing this alongside a friend who’s new to InfoSec. I’ll probably pepper in his thoughts as we go, so look forward to that.
- sp1icer