Jump to content
Tuts 4 You
Sign in to follow this  
Jason Long

I want to start Reverse Engineerin.

Recommended Posts

Jason Long
Posted (edited)

Hello,

Excuse me if my my question is so generally or vague. I know some programming languages like C\C++, but I'm not an expert and I want to learn a unique skill in the computer security. I think the RE is a unique skill. Am I right? The hackers that finding security holes in the software and operating systems using RE?

What are the job positions in RE? Is it just for Malware Analysis or Hardware Reversing? Or a Reverse Engineer must work for an Antivirus Company or...? No freelance job?

What is the first step for learning RE? I'm thankful if anyone show me a good book or...

Any advice welcomed.

 

Thank you.

Edited by Jason Long (see edit history)

Share this post


Link to post
Jason Long

Any idea?

Share this post


Link to post
kao

If the only reason you want to learn RE is to have a unique skill for your resume/job application, you're very mistaken. Don't even try that.
Anyone can learn to write (crappy) JavaScript/PHP/CSS in a few weeks and call himself/herself a "freelance web developer". Not everyone can become a reverse engineer - it requires a specific mindset and dedication.

As for job positions, it really depends where you live and what your area of expertise would be. Analyzing malware requires a totally different skillset than finding bugs in hardware chips. Entry level positions usually are paid similarly to entry level developer positions. However, as a developer, you will have a pretty well-defined career path. As a reverse engineer, the path is less defined and really depends on your talent and dedication.
It is possible to freelance and make a good living out of it - but again, it depends on your area of expertise. One of the best recent examples that come to mind, is Azeria (https://twitter.com/Fox0x01) - her ARM reverse engineering skills are superb. And there are freelancers who make $100k/year on HackerOne - but that's quite an extreme example.
And then there is "dark side" - reverse engineers that work on not-exactly-legit tasks. For example, the entire game hacking industry is based on those. If you're a superstar, the customers will wait in line and the money is great. If you're just starting, you won't be able to make more than few hundred bucks a month - as you'll be competing with hundreds of Indians, Filipinos and Vietnamese in a very crowded market.

First step would be to define the area you want to explore. As I mentioned above, reverse engineering hardware chips is totally different from reversing Windows malware. Once you know exactly what you want to learn, it will be much easier to suggest a specific book or course.

 

Hope this helps.
kao.

  • Like 1
  • Thanks 1

Share this post


Link to post
Progman

There are jobs like security analyst out there too but they are generally protocol oriented with background in cryptography and mathematics.  Government agencies in all countries also recruit top talent.  Otherwise, as a career choice unless as a malware analyst or software protection analyst or something it's too much of a niche to talk about.

I got into RE because I enjoyed the challenge, and liked learning at lower levels or under the hood of how things work.  Having a deeper understanding is my style for everything.

That shadowy world lurks out there too but it's as organized and controlled as anything.  It is a whole package deal to take that route, a lifestyle even.  And even then you cant lose sight of what is right and what is wrong and where the laws draw the boundary.  Fortunately merely toying around with some RE stuff is not really an issue.  Software businesses and RE community have an interesting relationship but it's mostly been win-win despite occasional spats.

Best hobby you can have though IMO

  • Like 1
  • Thanks 1

Share this post


Link to post
Jason Long
7 hours ago, kao said:

If the only reason you want to learn RE is to have a unique skill for your resume/job application, you're very mistaken. Don't even try that.
Anyone can learn to write (crappy) JavaScript/PHP/CSS in a few weeks and call himself/herself a "freelance web developer". Not everyone can become a reverse engineer - it requires a specific mindset and dedication.

As for job positions, it really depends where you live and what your area of expertise would be. Analyzing malware requires a totally different skillset than finding bugs in hardware chips. Entry level positions usually are paid similarly to entry level developer positions. However, as a developer, you will have a pretty well-defined career path. As a reverse engineer, the path is less defined and really depends on your talent and dedication.
It is possible to freelance and make a good living out of it - but again, it depends on your area of expertise. One of the best recent examples that come to mind, is Azeria (https://twitter.com/Fox0x01) - her ARM reverse engineering skills are superb. And there are freelancers who make $100k/year on HackerOne - but that's quite an extreme example.
And then there is "dark side" - reverse engineers that work on not-exactly-legit tasks. For example, the entire game hacking industry is based on those. If you're a superstar, the customers will wait in line and the money is great. If you're just starting, you won't be able to make more than few hundred bucks a month - as you'll be competing with hundreds of Indians, Filipinos and Vietnamese in a very crowded market.

First step would be to define the area you want to explore. As I mentioned above, reverse engineering hardware chips is totally different from reversing Windows malware. Once you know exactly what you want to learn, it will be much easier to suggest a specific book or course.

 

Hope this helps.
kao.

Thank you.

I want to focus on software. The RE is not the top skill in the security?

How hackers find security holes in the applications?

Share this post


Link to post
Jason Long
4 hours ago, Progman said:

There are jobs like security analyst out there too but they are generally protocol oriented with background in cryptography and mathematics.  Government agencies in all countries also recruit top talent.  Otherwise, as a career choice unless as a malware analyst or software protection analyst or something it's too much of a niche to talk about.

I got into RE because I enjoyed the challenge, and liked learning at lower levels or under the hood of how things work.  Having a deeper understanding is my style for everything.

That shadowy world lurks out there too but it's as organized and controlled as anything.  It is a whole package deal to take that route, a lifestyle even.  And even then you cant lose sight of what is right and what is wrong and where the laws draw the boundary.  Fortunately merely toying around with some RE stuff is not really an issue.  Software businesses and RE community have an interesting relationship but it's mostly been win-win despite occasional spats.

Best hobby you can have though IMO

No remote job?

Share this post


Link to post
Jason Long

Can anyone advice me?

Share this post


Link to post
4D43
Posted (edited)

First learn all about Security later you can seek to learn about RE / security holes ☺️ .......... Maybe you want to be a Hacker !

Edited by 4D43 (see edit history)

Share this post


Link to post
Progman

If by security hole you mean increasing functionality or making the app do something it was not originally intended to do then yes.  Start reading basic tutorials and following along with them and trying crackmes.  Everything you need is here. If its network security you are after well you also will get a lot of ideas about it but it's a different specialty.

Share this post


Link to post
Sangavi
On 4/26/2020 at 4:48 AM, Jason Long said:

No remote job?

If you have good qualifications (certificates in the relevant fields) then easy to get job. Without them the burden of proof is on you to convince them to hire you. Or you can do freelance jobs as already discussed in Kao's post above.

  • Like 1

Share this post


Link to post
Jason Long

Thank you for all replies.

Is RE a technique that hackers and crackers using it to find security vulnerabilities and crack software?

For example, a hacker find a vulnerability like it:

https://www.exploit-db.com/shellcodes/48355

Is the author of this exploit did RE to found this vulnerability?

I'm thankful if anyone answer me clearly.

 

Thank you.

 

  • Like 1

Share this post


Link to post
Jason Long

Any idea?

  • Like 1

Share this post


Link to post
4D43

am i say it ? 😜

Share this post


Link to post
Jason Long

??

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...