Reverse Engineering¶

• Static Analysis
• Dynamic Analysis
• Binary Formats
• Tools

Reverse engineering is understanding how something works when you don't have the source code
It's a core skill for malware analysis , vulnerability research , exploit development , and understanding proprietary protocols

Why Reverse Engineering Matters

• Malware analysis requires understanding what a binary does without source
• Vulnerability research needs to find bugs in compiled code
• Protocol reversing enables interoperability testing
• Competitor analysis (within legal bounds)
• Legacy code maintenance when source is unavailable
• Firmware analysis for IoT security testing

The RE Mindset

• Every observation is a hypothesis that needs verification
• Multiple analysis methods converge on truth
• Static analysis tells you what the code could do
• Dynamic analysis tells you what the code actually does
• Documentation is created not found

Analysis Approaches

Static Analysis - Examining code without executing it * Disassembly (assembly instructions) * Decompilation (higher-level representation) * String extraction * Import/export analysis * Structure analysis

Dynamic Analysis - Examining code during execution * Debugger stepping * System call tracing * Network monitoring * Memory inspection * API hooking

Common Targets

• Malware - Understand behavior, C2, persistence
• Binaries - Find vulnerabilities (buffer overflows, use-after-free)
• Firmware - Extract filesystems, find backdoors
• Mobile Apps - API endpoints, crypto schemes, hardcoded keys
• Protocols - Reverse engineer proprietary protocols
• Drivers - Kernel-level vulnerability research

Legal and Ethical Boundaries

• Only reverse engineer software you own or have permission to analyze
• Malware analysis in isolated environments only
• Vulnerability disclosure follows responsible disclosure process
• DMCA has anti-circumvention provisions (varies by jurisdiction)