Explore lessons learned from reversing the Flare-On Challenge in this comprehensive conference talk from BSides NoVa 2017. Dive into reverse engineering fundamentals, covering analysis strategies, static and dynamic analysis techniques, and the analysis feedback loop. Examine file types, PE file format, and import hints to understand a program's capabilities. Investigate MSDOS stub code variations and header modifications. Delve into encoding techniques, focusing on base64 and its custom alphabets. Study encryption methods, including XOR algorithms and RC4. Learn about hashing techniques and their applications in hiding constants. Discover anti-analysis techniques such as JavaScript obfuscation, packers, anti-disassembly methods, and anti-debugging checks. Gain valuable insights to enhance your reverse engineering skills and tackle complex challenges.
Overview
Syllabus
Intro
Flare-On Challenge
Reverse Engineering 101
RE 101: Analysis Strategy
RE 101: Light vs Deep Static Analysis
RE 101: Light vs Deep Dynamic Analysis
Analysis Feedback Loop
File Type
PE File Format
Import Hints - What can it do?
MSDOS Stub Code: Normal
MSDOS Stub Code: Modified
MSDOS Header: Modified
Why base64?
Base64 Encoding: Internals
Base64, hmmm..
Custom Alphabet
MiniDuke (APT29) cont.
Simple Encryption
XOR Drawbacks
Rolling XOR Algorithm
Rolling XOR Inverse-Algorithm
RC4
Hashing - Recognizing
Hashing: How to hide constants
Hashing - ROR13
Hashing - Other uses?
Anti-Analysis Techniques
Javascript Obfuscation
Challenge #10
Packers
Packer Stub: Challenge #8
Anti-Disassembly: Challenge #8
Tricking Flow-Oriented Disassemblers
Anti-Debugging Checks
Conclusion
