Reversing Notes

Environment Setup

VMWare everything in a VLAN Remnux linux box - has things like iptables rules which accept traffic from any ip that connects to it and a fake dns tool.

Process Monitor

Useful for seeing what processes are spawned with a given running program. Used to get real-time information. Process hacker is an open source alternative.

Process Explorer

Determine what files, DLLs, and registry keys are associated with open processes.

IDA Pro

Used for disassembling

WinDBG

Debugger for Windows (name is pretty self-explanatory)

Put malware sample on box running IDA, run it on that box

Tools

lessmsi
- Viewing && extraction of msi files content

Report Template Example

https://zeltser.com/malware-analysis-report/

MacOS

Getting exported functions in a binary

Use a tool like otool or nm on the binary.

Resource: https://stackoverflow.com/questions/5946756/how-to-use-otool

Environment Setup#

Process Monitor#

Process Explorer#

IDA Pro#

WinDBG#

Simulate an smb share#

Tools#

Report Template Example#

MacOS#

Getting exported functions in a binary#