Events

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one?

There are no universally acceptable answers to these questions. Software reverse engineering (RE) is not a science but a skillset combined with specific knowledge and backed by a lot of experience.

For several years, we have been sharing the RE knowledge that we accumulated in the form of training sessions provided to paying customers. These sessions took from two days at the SAS conference to complete five workdays in the extended version, and covered many aspects of our own work, primarily in IDA Pro and the in-lab reverse-engineering framework.

A typical piece of code disassembled in IDA Pro

Due to the novel 2019 coronavirus disease, our schedule for the training sessions has changed completely. But not only this; the reversing landscape itself has changed since last year. Released in March 2019, the free and open-source reverse engineering tool called Ghidra lowered the barrier to entry into the field.

The same piece of code viewed in Ghidra

So, while we are all working from home and, hopefully, have time to learn something new, why not tear some binary code apart and pick up some reverse engineering skills? This may prove especially helpful if your work is related to malware, incident response or forensics.

It is certainly not feasible to learn RE in one webinar. Within one hour, we will outline the typical workflow that we follow when analyzing malware. We will dissect real-life malicious code using both IDA Pro and Ghidra, and use some of the most useful features of these disassemblers.

The rest, as in many other disciplines, comes with experience. And, we are still looking forward to seeing you in our reverse engineering training sessions at SAS Conference 2020 (two days) or elsewhere (a whole week!).

What does it take to become a good reverse engineer?

Your email address will not be published. Required fields are marked *

 

  1. Dim

    hi guys, any plans for APAC timezones?

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox