IT Security Professionals Need Quality Reverse Engineering Training
Reverse engineering in IT security refers to the process of analyzing a system and deducing how it works, quite possibly to identify possible routes to exploit and crack the system. Cracking in this case refers to gaining access or control over a system. Systems are often cracked in order to get at confidential information, whether it be credit card information or nuclear launch codes. Of course, there are legal uses of reverse engineering. If you have an application binary, for example, but have lost the source code, reverse engineering practices can be used to recreate the program. Another potential use is to integrate older software into a newer system.
Many different techniques are used to reverse engineer software. One common method is to reverse the developmental model used by the developers. Because most software uses a set development approach, by identifying what approach was used and working backwards, you can achieve a systemic model of the system you are analyzing. The most common model to reverse engineer with is the waterfall model. The Waterfall model is a general model that most other developmental models can be devolved into. By understanding what approach was used to produce the software, potential weaknesses can become visible. The inclusion of a necessary feature that was not in the original design, for example, could be bolted on in a less secure way than core components that were initially designed for.
It can be quite difficult to protect against reverse engineering. Given enough time and access to a piece of software, most code will eventually succumb. That is not to say that there are no steps you can take to prevent it, however. For distributed binary applications that can be attacked by a decompiler, obfuscation of the logic is powerful. Because the code gained from the decompiler lacks semantic variable and function names, in addition to having no explanatory comments, obfuscated logic can make it extremely hard to follow the program flow. This also applies to disassembly into machine code, to a lesser degree. Analysis of information flow can also yield critical information for the reverse engineer. Analysis of packet flow could yield holes in the security mechanisms layered over top of protocols.
Reverse engineering is a powerful concept that can be used to help restore binary or under-commented code to a state of usability. It can also be used to identify potential weaknesses in software or to gain access to parts of the system or program that the reverse engineer is not supposed to have access to. With a basic understanding of the techniques and uses, you may be able to secure your system more effectively.
Get The Best Reverse Engineering Training Available
The best hands-on reverse engineering training class available these days is the Advanced Malware Analysis (AMA) certification class currently offered by Advanced Security by Academy of Computer Education.
Most companies that offer reverse engineering training really are simply providing a class that consists of “run-time analysis”. This involves running a packet sniffer, registry monitor, file monitor and then a process monitor.
These low level “reverse engineering” courses have you run malware and answer questions like:
1. Where is it connecting?
2. Does it modify the file system?
3. Does it modify the registry?
4. Does it modify any running processes or start any new ones?
You don’t need a class to teach you these things.
The AMA training class will teach you a methodical hands-on approach to reverse-engineering by covering both behavioral and code analysis aspects of the analytical process.