Jul 1, 2019 2:21:39 PM

DEF CON 27 Workshop Preview: Intro to Reverse Engineering with Ghidra

Software reverse engineering is an intimidatingly technical skill to pick up. The goal is to accomplish something that, by the design of how software is built, isn’t meant to be done. Introductory courses on programming that teach “compiled” languages, such as C, often describe the compilation process that builds a program from source code as being “one way”. To learn how we can answer questions about malicious software and vulnerabilities in widely-used programs requires the study of complex tools, computer architecture, and methodology.

Topics: DEF CON, Reverse Engineering, Ghidra

Apr 4, 2019 10:00:00 AM

A Ghidra Explainer

On March 5th, the National Security Agency officially released Ghidra, a software suite that the NSA hopes will help cybersecurity professionals “make the cybersecurity of our great nation BETTER”. With the attention this drew at the RSA Conference, it caught the attention of technology news outlets and a broad range of individuals and organizations interested in security. While the release of this software is high-profile, the use of it is specialized, so there are far more people asking questions about it right now than those that have answers. The purpose of this post is to provide IT security stakeholders with an “explainer” on Ghidra and the implications of this release.

Topics: Malware, Reverse Engineering, Ghidra

Oct 10, 2018 10:00:00 AM

Fear and Prosecution in Ransomware Operations

When a new ransomware variant reveals itself, there's an intense effort put towards reverse engineering the malicious software ("malware"). As I've discussed previously, reverse engineering is the process of analyzing software to determine its capabilities, how it works, and the design decisions that went into its creation. This process allows for quick identification of "indicators of compromise", unique changes made to the infected system by the malicious software. These indicators can be used to detect the presence of ransomware on systems, ideally before it has a negative impact on your network.

Topics: ransomware, Attack Surface, Reverse Engineering