The document discusses reverse engineering techniques for bug hunting and exploit development. It covers analyzing software, hardware, applications, operating systems and firmware through static and dynamic reverse engineering. Static techniques include disassembling and analyzing binary code while dynamic techniques involve emulating or debugging running programs. The document also discusses fuzzing techniques, common bug classes, challenges like obfuscated code, and tools like LLVM and LibFuzzer that can be used for reverse engineering and fuzzing. The overall goal of reverse engineering discussed is to develop exploits by finding and analyzing bugs, whether to develop without source code, bypass restrictions, or for malware analysis and curiosity.
15. The Reason
• Development With No Access To Source Code
• Bypass Restrictions
• Malware Analysis
• Bug Hunting & Exploit Development
• Self-Satistification of curiosity.
18. The Reason
• Development With No Access To Source Code
• Bypass Restrictions
• Malware Analysis
• Bug Hunting & Exploit Development
• Self-Satistification of curiosity.
21. Reversing and Fuzzing
• RE is hard if the target is too complex.
• RE is hard if such obfuscations implemented in
the target
• Fuzzing sometimes it just works, but without RE
it’s just a plain bugs with no prior knownledge to
exploit.
31. Static Analysis
• Pros
• Good for analyzing a small apps / specific
functions
• Best to find implementation flaw a bad features
• Cons
• If the apps is to big it’s hard to find bugs
• Hard to analyze if such obfuscations applied
34. Dynamic Analysis
• Pros
• Good for analyzing obfuscated apps.
• Good for analyzing complex apps.
• Cons
• Need to run apps so for some big apps is quite
computations heavy.