In reverse engineering understanding cryptographic functions and packers are the two most challenging and sophisticated tasks. In real life virtually all malwares use some form of packing so understanding packing/unpacking is one of the most important task in malware analysis. Check the reference section for additional material. We highly recommend Lena151 (see reference) material for […]
You are browsing archives for
This session will introduce you with our first practical reversing class. If you are completely new to reverse engineering then mark this session as your reference. Understand each word of this session and explore them offline. Check the reference section for additional material. <
Some tools like ollydbg, IDA pro etc. are little bit complex and may not make much sense at first. The most important part in reverse engineering is to deeply understand your tools. The 50% of success depends on the tools and rest is on your knowledge and experience. Check the help files (for example: ollydbg […]
When we analyse malwares we don’t have the source code. So in order to understand their logics we have to debug binaries (i.e. compiled form of source code like .exe, .dll etc.). In debugging we need to understand assembly of the program to build a high level logic. In short without assembly language you can’t […]
This session is one of the most important session of the entire course. PE file format is the windows executable file format and a very good understanding of it will allow you to understand more advanced concepts of packers, loaders etc. Check the reference section for additional papers and books.
This presentation will cover some must have things about windows internals. This session is very important so carefully read all the slides and reference links.