Security Practices: Reverse Engineering - Paiet/Tech-Journal-for-Everything GitHub Wiki

Reverse engineering

• What is Reverse Engineering?
• Why perform RE?
  • Discover possible threats to network/systems
    • APT
    • New Malware
• How is RE performed?
  • Reading interpreted code
    • Python
    • Javascript
    • Ruby
  • Decompiling compiled code
    • Difficult
    • Not usually reliable
• Isolation/sandboxing
  • Great for discovering APT malware
    • Looks for unknown code/app/software
    • Isolate it
    • Analyze it
      • Does it scan the network/other systems?
      • Attempt to access/contact other systems?
        • CnC phone home
      • Any suspicious activity
  • Don't break production
  • Create a simulated production environment
  • Allows you to throw everything and the kitchen sink at it
• Hardware
  • Supply chain attacks
  • Source authenticity of hardware
    • You want to make sure that hardware hasn't been tampered with
    • There could be malicious code installed onto hardware in transit
  • Trusted foundry
    • DoD program for ensuring secure bleeding edge technology intended for military and/or national security use
      • aka Trusted Suppliers
    • Started with IBM
      • Broadened to other certified vendors
  • OEM documentation
    • Can provide insights to how components and/or hardware functions
• Software/malware
  • Fingerprinting/hashing
  • Decomposition