Well, folks, it’s been one hell of a semester. It didn’t turn out like I wanted, but hey despite everything that happened to me in my reverse engineering class, I more or less passed the class.
Some things I learned about reverse engineering:
- Definitely time consuming
- looking at a disassembly can say a lot about the the malware author’s personality
- You can tell who learned to program for malicious purposes
- Those who do it well are badass
One thing that I can say, based on my past analyses, is that malware almost tells a story. When I reverse engineer, it’s like my mind goes to story mode. I try to imagine what the author is trying to accomplish and why. I will say that it becomes evident fairly quickly which authors don’t know how to code well. There is something about their code that makes you almost want to call the author and tell them that they are a fucking idiot. I’m not saying I’m a great coder, but damn, at least I know to try to cover my tracks if I was going to be up to no good.
Enough on that tangent. I want to say that I am happy that I got to take the class. Although my grade does not show it, I learned a lot. I would recommend a reverse engineering class to anyone. Some of the malware samples I looked at include:
- webc2-cson – SHA256: c9c22572a5e699ee0a0b405eb6663a726ef1ce26e8192ed12f79a67864e06813
- webc2-greencat – SHA256: 7d4e44037e53b6e5de45deb9ee4cf5921b52f8eb1073136f7c853e6f42516247
- NGRBot – SHA256: 67f377dda34ec312c44f200bbe55c35e49d4711ef202e849c608453344627ca8
- Destover(malware used against Sony): SHA256: 201a9c5fe6a8ae0d1c4312d07ef2066e5991b1462b68f102154bb9cb25bf59f9
to name a few.
Moving on, since I am officially on summer break, I have many goals to accomplish.
- Brush up on pentesting
- learn how to develop exploits
- perfect writing shellcode
- analyze more malware and release tools against them. These will eventually be available on my github account.
Just to name a few. Well I think that’s it for now