Reverse Engineering Resources-Beginners to intermediate Guide/Links

While i wanted to learn up reverse engineering , I started hunting up for blogs, I wish to share the links which i came across with respect to categorization .

What is reverse engineering :

Reverse engineering may refer to any of the following: 1. When referring to computer science/programming, reverse engineering means to “break down” the programming code. … Generally speaking, the purpose is to fix errors in the software engineer’s code, or create a program like the one being deconstructed.

Are reverse engineering and decompilation the same?

Decompilation is just one method of reverse engineering.

From the decompilation description:

Decompiling is the process of analyzing an executable or object code binary and outputting source code in a programming language such as C. The process involves translating a file from a low level of abstraction to a higher level of abstraction.Decompilation is usually carried out using a decompiler. From Wikipedia’s article on reverse engineering:

Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.

Software can be reverse engineered and decompiled. A lot of other things (such as hardware, door locks) can be reverse engineered but not decompiled, because their software/firmware is written in low level languages without a higher-level representation, or, more radically, they don’t have any firmware in the first place.

Whenever we begin up reverse engineering Two things will come up in mind :

Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor.

Static program analysis is the analysis of computer software that is performed without actually executing programs.

In other words :

  • The static analysis is usually based on analyzing the program without the need to execute it. It is mostly based on finding patterns, counting memory references, … The Wikipedia page about Static program analysis is, from my point of view, incomplete but still a good read.
  • The dynamic analysis, on the other hand, involves executing the program and requires instrumentation of basic blocks such as loops, functions, … The instrumentation consists of inserting probes at the entry and exit of a basic block which will measure the time according to a certain metric (CPU cycles, time in µs, …). The information gathered after analysis is usually used to optimize the application by performing loop unrolling with a suitable unroll factor, vectorization if possible (SSE, AVX, Altivec, …), etc.

Ok lets Jump in to resources, Please note that the following collection is collected by various professionals i just summarize it up here.All credits goes to original authors.

Assembly Fundamentals

  1. LiveOverflow Binary Hacking🌟💬
  2. OpenSecurityTraining.info: Introductory Intel x86🌟
  3. Practical Reverse Engineering🌟💬
  4. Practical Malware Analysis🌟💬
  5. Assembly Language Step-by-Step: Programming with Linux
  6. Wikibooks: x86 Disassembly
  7. Eli Bendersky: Where the top of the stack is on x86
  8. Eli Bendersky: Stack frame layout on x86–64
  9. x86 Assembly Guide (CS216 ‘06)

C Fundamentals :

  1. The C Programming Language (K&R)
  2. The GNU C Reference Manual
  3. Learn C the Hard Way
  4. Learn C in Y Minutes
  5. Beej’s Guide to C Programming💬

Reverse engineering Fundamentals :

  1. LiveOverflow Binary Hacking🌟💬
  2. OpenSecurityTraining.info: Introduction to Reverse Engineering Software
  3. RPISEC: Modern Binary Exploitation🌟
  4. Practical Reverse Engineering🌟💬
  5. A Bug Hunter’s Diary🌟💬
  6. Reversing: Secrets of Reverse Engineering💬
  7. Basic Dynamic Analysis with IDA Pro and WinDbg💬
  8. Ben Hawkes: What makes software exploitation hard?
  9. GynvaelEN Hacking Livestreams
  10. The Art of Fuzzing: Slides and Demos
  11. Malware Unicorn: Reverse Engineering Malware 101🌟
  12. sploitF-U-N: Linux (x86) Exploit Development Series
  13. Gynvael Coldwind: How to find vulnerabilities?
  14. High-Level Approaches for Finding Vulnerabilities
  15. FuzzySecurity Tutorials🌟💬
  16. GitHub CTF Write-ups💬
  17. Dennis Yurichev’s Reversing Challenges

General

Educational

Timelines

Videos

Things that are interesting/don’t fit elsewhere

Comparison Tools

References

General Research/Stuff

Tools

General

De/Obfuscators/Unpackers

ELF/Related Tools

Emulators

Packers

PE32/Related Tools

OLE

  • python-oletools
  • python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.

Searching Through Binaries

Static Analysis Tools

OS X

Linux

Windows

Debuggers

All platforms

Hypervisor-based debugger

Debugging Writeups/Papers

Decompilers & Disassemblers

Overview & Tutorials

  • fREedom is a primitive attempt to provide an IDA Pro independent means of extracting disassembly information from executables for use with binnavi (https://github.com/google/binnavi).
  • Hopper
  • Reverse
  • Medusa
  • PLASMA
  • Snowman decompiler

Java

.NET

IDA specific Stuff

IDA Extensions

IDA Plugins

IDA Tutorials/Help

File Formats

Flash Player

Frameworks

Programming Language Specifics/Libraries

GO

Python

Decompiler

  • python-uncompyle6
  • A native Python cross-version Decompiler and Fragment Decompiler. The successor to decompyle, uncompyle, and uncompyle2.
  • Decompyle++
  • C++ python bytecode disassembler and decompiler
  • Python Decompiler
  • This project aims to create a comprehensive decompiler for CPython bytecode (likely works with PyPy as well, and any other Python implementation that uses CPython’s bytecode)

PyInstaller Extractor

  • Extract contents of a Windows executable file created by pyinstaller

Easy Python Decompiler

Anti-Reverse Engineering Techniques & Countermeasures

Talks

IDA specific Stuff

IDA Extensions

IDA Plugins

IDA Tutorials/Help

File Formats

Flash Player

Frameworks

Programming Language Specifics/Libraries

Anti-Reverse Engineering Techniques & Countermeasures

Techniques

.NET Related

Writeups

Binary & Code Analysis

Firmware

General

OS X

Packers

PDF

Process Hooking

  • [Software Hooking methods reveiw(2016)]((https://www.blackhat.com/docs/us-16/materials/us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations-wp.pdf)
  • PolyHook

Protocols

Satellites

Windows

Wireless

Windows

Event Tracing for Windows and Network Monitor

Improving Automated Analysis of Windows x64 Binaries

Microsoft Patch Analysis for Exploitation

Apart From The above Valuable links ,Other Uncategorized would be

  1. LiveOverflow Binary Hacking🌟💬
  2. OpenSecurityTraining.info: Introduction to Reverse Engineering Software
  3. RPISEC: Modern Binary Exploitation🌟
  4. OpenSecurityTraining.info: Introductory Intel x86🌟
  5. OpenSecurityTraining.info: The Life of Binaries
  6. OpenSecurityTraining.info: Reverse Engineering Malware
  7. RPISEC: Malware Analysis
  8. Practical Reverse Engineering🌟💬
  9. A Bug Hunter’s Diary🌟💬
  10. Reversing: Secrets of Reverse Engineering💬
  11. Practical Malware Analysis🌟💬
  12. Assembly Language Step-by-Step: Programming with Linux
  13. Wikibooks: x86 Disassembly
  14. The C Programming Language (K&R)
  15. The GNU C Reference Manual
  16. Learn C the Hard Way
  17. Learn C in Y Minutes
  18. Beej’s Guide to C Programming💬
  19. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes💬
  20. Windows Internals🌟
  21. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
  22. Rootkits: Subverting the Windows Kernel
  23. Basic Dynamic Analysis with IDA Pro and WinDbg💬
  24. Ben Hawkes: What makes software exploitation hard?
  25. GynvaelEN Hacking Livestreams
  26. The Art of Fuzzing: Slides and Demos
  27. A Link to the Past: Abusing Symbolic Links on Windows
  28. Abusing GDI for Ring0 Exploit Primitives (Slides)
  29. Abusing GDI for Ring0 Exploit Primitives: Reloaded (Slides)
  30. Modern Kernel Pool Exploitation: Attacks and Techniques
  31. Finding And Exploiting Token Handling Vulnerabilities in the Windows Kernel
  32. James Forshaw: Process Failure Modes
  33. MalwareAnalysisForHedgehogs Video Tutorials
  34. AVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing
  35. Windows Kernel Graphics Driver Attack Surface
  36. bee13oy: Attacking Antivirus Software’s Kernel Driver💬
  37. Direct X: Direct Way to Microsoft Windows Kernel
  38. A Window Into Ring 0
  39. Windows Drivers Attack Surface
  40. Malware Unicorn: Reverse Engineering Malware 101🌟
  41. sploitF-U-N: Linux (x86) Exploit Development Series
  42. Gynvael Coldwind: How to find vulnerabilities?
  43. High-Level Approaches for Finding Vulnerabilities
  44. Eli Bendersky: Where the top of the stack is on x86
  45. Eli Bendersky: Stack frame layout on x86–64
  46. x86 Assembly Guide (CS216 ‘06)
  47. HumbleSec: Assembly to Pseudocode Manually💬
  48. Mozilla: A Crash Course in Memory Management
  49. Corelan Team Exploit Writing
  50. Hacking the PS4: Userland ROP💬
  51. What is a “good” memory corruption vulnerability?🌟
  52. Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016–4622
  53. The Stack Clash (Qualys Security Advisory)
  54. Microsoft Security Research & Defense Blog💬
  55. Abusing Token Privileges For Windows Local Privilege Escalation
  56. GhostHook: Bypassing PatchGuard with Processor Trace Based Hooking
  57. “Wild” Pool Overflow on Win10 x64 RS2 (CVE-2016–3309 Reloaded)
  58. Abusing GDI for Ring0 Exploit Primitives
  59. Tarjei Mandt: Kernel Pool Exploitation on Windows 7
  60. Alternative methods of becoming SYSTEM
  61. A Technical Survey of 10 Common and Trending Process Injection Techniques
  62. Shut Up and Hack: Inject All the Things
  63. Dangers of the Decompiler: A Sampling of Anti-Decompilation Techniques
  64. Software Protection via Obfuscation
  65. What steps can I take to make my C++ app harder to RE?
  66. hasherezade: Starting with Windows Kernel Exploitation
  67. Windows Kernel Exploitation Series with HEVD
  68. User-Mode Interactions: Guidelines for Kernel-Mode Drivers (Microsoft, 2006)
  69. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
  70. Cure53 Browser Security White Paper
  71. X41 Browser Security White Paper
  72. The Great DOM Fuzz-off of 2017 (DOM Fuzzing Methodology)
  73. The Apple of Your EFI: Findings from an Emprical Study of EFI Security
  74. HexType: Efficient Detection of Type Confusion Errors for C++
  75. A Generic Approach to Automatic Deobfuscation of Executable Code
  76. Anti-Unpacker Tricks🌟
  77. The “Ultimate” Anti-Debugging Reference
  78. FuzzySecurity Tutorials🌟💬
  79. GitHub CTF Write-ups💬
  80. phoenhex team write-ups🌟💬
  81. Project Zero Issue Tracker🌟💬
  82. Cisco Talos Vulnerability Reports🌟
  83. Flare-On Challenge Solutions: 2015
  84. Flare-On Challenge Solutions: 2016
  85. Exploiting a Firefox UAF with Shared Array Buffers
  86. Analysis and Exploitation of an ESET Vulnerability
  87. Attacking the Windows NVIDIA Driver
  88. Kernel Exploit Demo: Windows 10 (x86) PrivEsc via WARBIRD
  89. Windows Kernel Resources💬
  90. Dennis Yurichev’s Reversing Challenges
  91. Exploit Exercises🌟
  92. Flare-On Challenges
  93. ROP Emporium
  94. HackSys Extreme Vulnerable Windows Driver
  95. Compiler Explorer🌟💬

Credits :

https://rmusser.net/

Hope it helps.

Just another guy whom loves to play around 0 and 1

Just another guy whom loves to play around 0 and 1