I want to start Reverse Engineerin.

[Jason Long]

Hello,

Excuse me if my my question is so generally or vague. I know some programming languages like C\C++, but I'm not an expert and I want to learn a unique skill in the computer security. I think the RE is a unique skill. Am I right? The hackers that finding security holes in the software and operating systems using RE?

What are the job positions in RE? Is it just for Malware Analysis or Hardware Reversing? Or a Reverse Engineer must work for an Antivirus Company or...? No freelance job?

What is the first step for learning RE? I'm thankful if anyone show me a good book or...

Any advice welcomed.

 

Thank you.

Edited April 24, 2020 by Jason Long

[Jason Long]

Any idea?

[kao]

If the only reason you want to learn RE is to have a unique skill for your resume/job application, you're very mistaken. Don't even try that.
Anyone can learn to write (crappy) JavaScript/PHP/CSS in a few weeks and call himself/herself a "freelance web developer". Not everyone can become a reverse engineer - it requires a specific mindset and dedication.

As for job positions, it really depends where you live and what your area of expertise would be. Analyzing malware requires a totally different skillset than finding bugs in hardware chips. Entry level positions usually are paid similarly to entry level developer positions. However, as a developer, you will have a pretty well-defined career path. As a reverse engineer, the path is less defined and really depends on your talent and dedication.
It is possible to freelance and make a good living out of it - but again, it depends on your area of expertise. One of the best recent examples that come to mind, is Azeria (https://twitter.com/Fox0x01) - her ARM reverse engineering skills are superb. And there are freelancers who make $100k/year on HackerOne - but that's quite an extreme example.
And then there is "dark side" - reverse engineers that work on not-exactly-legit tasks. For example, the entire game hacking industry is based on those. If you're a superstar, the customers will wait in line and the money is great. If you're just starting, you won't be able to make more than few hundred bucks a month - as you'll be competing with hundreds of Indians, Filipinos and Vietnamese in a very crowded market.

First step would be to define the area you want to explore. As I mentioned above, reverse engineering hardware chips is totally different from reversing Windows malware. Once you know exactly what you want to learn, it will be much easier to suggest a specific book or course.

 

Hope this helps.
kao.

[Progman]

There are jobs like security analyst out there too but they are generally protocol oriented with background in cryptography and mathematics.  Government agencies in all countries also recruit top talent.  Otherwise, as a career choice unless as a malware analyst or software protection analyst or something it's too much of a niche to talk about.

I got into RE because I enjoyed the challenge, and liked learning at lower levels or under the hood of how things work.  Having a deeper understanding is my style for everything.

That shadowy world lurks out there too but it's as organized and controlled as anything.  It is a whole package deal to take that route, a lifestyle even.  And even then you cant lose sight of what is right and what is wrong and where the laws draw the boundary.  Fortunately merely toying around with some RE stuff is not really an issue.  Software businesses and RE community have an interesting relationship but it's mostly been win-win despite occasional spats.

Best hobby you can have though IMO

[Jason Long]

7 hours ago, kao said:

If the only reason you want to learn RE is to have a unique skill for your resume/job application, you're very mistaken. Don't even try that.
Anyone can learn to write (crappy) JavaScript/PHP/CSS in a few weeks and call himself/herself a "freelance web developer". Not everyone can become a reverse engineer - it requires a specific mindset and dedication.

As for job positions, it really depends where you live and what your area of expertise would be. Analyzing malware requires a totally different skillset than finding bugs in hardware chips. Entry level positions usually are paid similarly to entry level developer positions. However, as a developer, you will have a pretty well-defined career path. As a reverse engineer, the path is less defined and really depends on your talent and dedication.
It is possible to freelance and make a good living out of it - but again, it depends on your area of expertise. One of the best recent examples that come to mind, is Azeria (https://twitter.com/Fox0x01) - her ARM reverse engineering skills are superb. And there are freelancers who make $100k/year on HackerOne - but that's quite an extreme example.
And then there is "dark side" - reverse engineers that work on not-exactly-legit tasks. For example, the entire game hacking industry is based on those. If you're a superstar, the customers will wait in line and the money is great. If you're just starting, you won't be able to make more than few hundred bucks a month - as you'll be competing with hundreds of Indians, Filipinos and Vietnamese in a very crowded market.

First step would be to define the area you want to explore. As I mentioned above, reverse engineering hardware chips is totally different from reversing Windows malware. Once you know exactly what you want to learn, it will be much easier to suggest a specific book or course.

 

Hope this helps.
kao.

Thank you.

I want to focus on software. The RE is not the top skill in the security?

How hackers find security holes in the applications?

[Jason Long]

4 hours ago, Progman said:

There are jobs like security analyst out there too but they are generally protocol oriented with background in cryptography and mathematics.  Government agencies in all countries also recruit top talent.  Otherwise, as a career choice unless as a malware analyst or software protection analyst or something it's too much of a niche to talk about.

I got into RE because I enjoyed the challenge, and liked learning at lower levels or under the hood of how things work.  Having a deeper understanding is my style for everything.

That shadowy world lurks out there too but it's as organized and controlled as anything.  It is a whole package deal to take that route, a lifestyle even.  And even then you cant lose sight of what is right and what is wrong and where the laws draw the boundary.  Fortunately merely toying around with some RE stuff is not really an issue.  Software businesses and RE community have an interesting relationship but it's mostly been win-win despite occasional spats.

Best hobby you can have though IMO

No remote job?

[Jason Long]

Can anyone advice me?

[4D43]

First learn all about Security later you can seek to learn about RE / security holes ☺️ .......... Maybe you want to be a Hacker !

Edited April 28, 2020 by 4D43

[Progman]

If by security hole you mean increasing functionality or making the app do something it was not originally intended to do then yes.  Start reading basic tutorials and following along with them and trying crackmes.  Everything you need is here. If its network security you are after well you also will get a lot of ideas about it but it's a different specialty.

[Sangavi]

On 4/26/2020 at 4:48 AM, Jason Long said:

No remote job?

If you have good qualifications (certificates in the relevant fields) then easy to get job. Without them the burden of proof is on you to convince them to hire you. Or you can do freelance jobs as already discussed in Kao's post above.

[Jason Long]

Thank you for all replies.

Is RE a technique that hackers and crackers using it to find security vulnerabilities and crack software?

For example, a hacker find a vulnerability like it:

https://www.exploit-db.com/shellcodes/48355

Is the author of this exploit did RE to found this vulnerability?

I'm thankful if anyone answer me clearly.

 

Thank you.

 

[Jason Long]

Any idea?

[4D43]

https://doc.lagout.org/security/The Shellcoder’s Handbook.pdf

[Jason Long]

On 5/16/2020 at 1:35 AM, 4D43 said:

https://doc.lagout.org/security/The Shellcoder’s Handbook.pdf

Write a Shellcode don't need RE?

[4D43]

am i say it ? 😜

[Jason Long]

??

[quosego]

On 5/17/2020 at 2:59 PM, Jason Long said:

Write a Shellcode don't need RE?

Okay a bit late but maybe this'll help somebody.

Shellcode is not a vulnerability, it's the code that can be used to exploit a vulnerability. The vulnerability is something that executes the shellcode (like a buffer overflow, use after free or something else). Which is not supplied in the link. 

Writing shellcode does need the ability to write Assembly that a Reverse engineer has. So he could make shellcode (which is similar to inline patching). However RCE goes way deeper it is the skill to deduce function out of complex VM's, obfuscation, functions and what not. You can then use that deduction to attack software (and find a vulnerability or information to exploit).  But that is only one way of finding vulnerabilties and it is specific to local software. Most vulnerability finding is done via the internet using many different techniques ranging from injection attacks, fuzzing, bruteforces, sending malware over email and many others and variations upon these.

Jobs in IT-sec related to vulnerability finding are usually only a tiny bit of RCE (but it does help your paygrade) but are available at any big corporate near you.

@kao really explained everything else already.