Recommended
More Related Content
Similar to Glasgow Reversing Club
Similar to Glasgow Reversing Club (20)
Recently uploaded
Recently uploaded (20)
Glasgow Reversing Club
- 1. Glasgow Reversing Club Are you an experienced reverser? Do you want to learn how to reverse? You even don't know what reversing is? JOIN the Glasgow reversing club: send an empty email to: revinkilt-subscribe@quebbyworld.com If you want to know more: A short introduction to reversing Club activities Subscribe to the mailing list About me
- 2. Reversing in brief Reverse Engineering is also known as RE or RCE RE: Reverse Engineering RCE: Reverse Code Engineering RE is the process of understanding an existing product Malware analysis and security research often involves RE The next step of RE is patching: modifying the existing product Product: any software program or hardware device
- 3. Uses of Reverse Engineering Malware analysis Security / vulnerability research Driver development Compatibility fixes Legacy application support
- 4. Legal use of REV Recovery of own lost source code Recovery of data from legacy formats Malware analysis and research Security and vulnerability research Copyright infringement investigations Finding out the contents of any database you legally purchased
- 5. Illegal use of REV Illegal to reverse engineer and sell a competing product Illegal to crack copy protections Illegal to distribute a crack/registration for copyrighted software Illegal to gain unauthorized access to any computer system Copyright protected software is off-limits in most cases Spyware/Adware with companies behind them are included
- 6. An easy example: Banload Malware analisys Banload is a malware that was spreading on Msn Messanger. Banload's main purpose: steal spanish bank accounts and of course replicates! Reverse engineering it with a debugger (OllyDbg) you discover that Banload: it's packed with UPX (binary compression) it deletes the icpldrvx.js from the system directory it downloads the real malware icpldrvx.exe set the registry key for autorun and then find existing msn opened windows and inject malicious url to download the malware
- 7. Debugger snippet of code Run time string decrypt Malware exe download by URLMON.DLL!URLDownloadToFileA Execute the malware process and set the registry key for autorun
- 8. Club work in progress What we are doing now: setting up an online wiki to share reversing tutorials setting up the forum register to the SRC (session is october) What has already done: server setup subdomain registration
- 9. Planned local activities Online articles and tutorials Live reversing tutorials Seminars hold by experts of the reversing panorama (which I personally know) Antivirus companies (Symantec) Hacking Security Teams Reversing challenges (on the style of) hacking jeopardy hacker challenge
- 10. Social nerd activities Social activities are a must for a nerd community lock 'a pick brew your beer multi player games hack your favourite console and show off example: I connected my wiimote to my lego nxt via bluetooth (no really I did it ... ) hack your favourite something and show off example: I connected my toaster online using a webservice (I'm serious I did it ...)
- 11. European hack meetings The most important hack meetings in Europe: Chaos Computer Club What the hack Moca Cebit And in USA: Defcon BlackHat
- 12. About epokh Has spent his life in reversing hardware devices and software programs and enjoyed it (still ...). Grow in the top reverser community in europe: quequero Member of one of the best c******g team on the net for release statistics. Proud to be: the first java bytecode cracker (it's actually a bit lame ....) the first skype filter logger (this is very lame ) ... better to stop :-)