Dive deep into the fundamentals of reverse engineering and static malware analysis in this comprehensive 52-minute conference talk by Igor Kuznetsov, Principal Security Researcher at Kaspersky. Explore essential concepts, tools, and techniques for static binary analysis, including visual inspection, disassembly using IDA Pro and Ghidra, working with structures, and applying local types. Learn how to develop custom tools, such as IDA plugins and Ghidra scripts, to enhance your analysis capabilities. Gain valuable insights into the practical aspects of reverse engineering, from initial sample examination to advanced automation techniques. Suitable for both beginners and experienced professionals in the fields of information security and network security, this talk provides a solid foundation for mastering the art of static binary analysis.
Overview
Syllabus
Intro
The boring disclaimer
A few definitions
Why bother?
The sample
visual inspection
The checklist
Tools of the trade
disassembly, IDA Pro
Stage 2: disassembly, Ghidra
Stage 2: Structures!
Stage 2: Structures. This is the IDA way.
Stage 2: Structures. The Ghidra way.
Stage 2: Structures. The hard way.
Stage 2: Structures. The hard way, in Ghidra
Stage 2: Applying structures, IDA Pro
Stage 2: Fields of structures
Stage 2: Local types
Stage 2: Applying structures, Ghidra
Stage 2: Next pointer
Stage 2: Next steps
Stage 2: Where to next?
Now you make the tools
Stage 3: The task
Stage 3: IDA plugin
Stage 3: Ghidra script
Stage 3: Common parts
Stage 3: The data
Stage 3: Action!
Stage 3: The source code
Areas for development
Taught by
Kaspersky
