Glasgow Reversing Club

750 views

Published on

A presentation about the glasgow university reversing club

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
750
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Glasgow Reversing Club

  1. 1. Glasgow Reversing Club  Are you an experienced reverser?  Do you want to learn how to reverse?  You even don't know what reversing is? JOIN the Glasgow reversing club: send an empty email to: revinkilt-subscribe@quebbyworld.com  If you want to know more:  A short introduction to reversing  Club activities  Subscribe to the mailing list  About me
  2. 2. Reversing in brief  Reverse Engineering is also known as RE or RCE  RE: Reverse Engineering  RCE: Reverse Code Engineering  RE is the process of understanding an existing product  Malware analysis and security research often involves RE  The next step of RE is patching: modifying the existing product  Product: any software program or hardware device
  3. 3. Uses of Reverse Engineering  Malware analysis  Security / vulnerability research  Driver development  Compatibility fixes  Legacy application support
  4. 4. Legal use of REV  Recovery of own lost source code  Recovery of data from legacy formats  Malware analysis and research  Security and vulnerability research  Copyright infringement investigations  Finding out the contents of any database you legally purchased
  5. 5. Illegal use of REV  Illegal to reverse engineer and sell a competing product  Illegal to crack copy protections  Illegal to distribute a crack/registration for copyrighted software  Illegal to gain unauthorized access to any computer system  Copyright protected software is off-limits in most cases  Spyware/Adware with companies behind them are included
  6. 6. An easy example: Banload Malware analisys  Banload is a malware that was spreading on Msn Messanger.  Banload's main purpose: steal spanish bank accounts and of course replicates!  Reverse engineering it with a debugger (OllyDbg) you discover that Banload:  it's packed with UPX (binary compression)  it deletes the icpldrvx.js from the system directory  it downloads the real malware icpldrvx.exe  set the registry key for autorun  and then find existing msn opened windows and inject malicious url to download the malware
  7. 7. Debugger snippet of code Run time string decrypt Malware exe download by URLMON.DLL!URLDownloadToFileA Execute the malware process and set the registry key for autorun
  8. 8. Club work in progress  What we are doing now:  setting up an online wiki to share reversing tutorials  setting up the forum  register to the SRC (session is october)  What has already done:  server setup  subdomain registration
  9. 9. Planned local activities  Online articles and tutorials  Live reversing tutorials  Seminars hold by experts of the reversing panorama (which I personally know)  Antivirus companies (Symantec)  Hacking Security Teams  Reversing challenges (on the style of)  hacking jeopardy  hacker challenge
  10. 10. Social nerd activities  Social activities are a must for a nerd community  lock 'a pick  brew your beer  multi player games  hack your favourite console and show off  example: I connected my wiimote to my lego nxt via bluetooth (no really I did it ... )  hack your favourite something and show off  example: I connected my toaster online using a webservice (I'm serious I did it ...)
  11. 11. European hack meetings  The most important hack meetings in Europe:  Chaos Computer Club  What the hack  Moca  Cebit  And in USA:  Defcon  BlackHat
  12. 12. About epokh  Has spent his life in reversing hardware devices and software programs and enjoyed it (still ...).  Grow in the top reverser community in europe: quequero  Member of one of the best c******g team on the net for release statistics.  Proud to be:  the first java bytecode cracker (it's actually a bit lame ....)  the first skype filter logger (this is very lame )  ... better to stop :-)

×