Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Hex editor

from [Jordan, Jason] Network Security [Permanent Link]
Subject: RE: Hex editor
Date: Wed, 25 Apr 2007 00:31:40 -0400 
Thanks to everyone who responded.  I've downloaded some of the Hex
editors suggested, XVI32, HexWorkshop and HHD.  I also downloaded
Ollydbg.  Thanks again for all the great suggestions and I'm sure I'll
have more questions as I get into this.  

-----Original Message-----
From: Morgan Reed [mailto:morgan.s.reed@gmail.com] 
Sent: Monday, April 23, 2007 7:16 PM
To: dallas jordan
Cc: security-basics@securityfocus.com
Subject: Re: Hex editor

On 4/19/07, dallas jordan <dallas.jordan@gmail.com> wrote:

I would like to start trying to do some reverse engineering of
malware, just for learning purposes and I'd like to get some opinions
on a good hex editor.  Preferably freeware and beginner friendly, if
there is such.  I have looked at a couple, but wasn't sure if one was
much better than another.  I wanted to get some more experienced
user's thoughts.  Anyone have any suggestions?  Thanks.


As many others have suggested you really need a debugger not a hex
editor (although hex editors do have their place), personally I use
OllyDbg for my dynamic code analysis, IDA Pro[1] *ROCKS* for static
code analysis (I haven't really explored the dynamic code debugging
features of it as I have a bunch of scripts and so on which depend on
OllyDbg (OllyScript also rocks) which I use a lot).

Something else you'll want to do is to study packers, 98% of all
malware you will find is packed to A) make the code smaller and B)
make analysis a little[2] more difficult, I'd recommend grabbing a few
of the easily available packers out there (UPX is probably a good
start, it is about the simplest packer out there.) and pack say
notepad.exe with them then figure out how to extract the original exe
from the packed file.

Other useful tools when it comes to malware analysis (particularly
when talking about unpacking) are LordPE Deluxe[3], and Import
Reconstructor (Google them)

[1] IIRC there used to be an evaluation version available which wasn't
excessively crippled.
[2] How much more difficult depends on the packer.
[3] LordPE Deluxe AFAICT was originally developed by software
crackers, when you Google it be careful which sites you go to as it
pops up in some pretty seedy parts of the web.

Morgan
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CISSP Prep books?, Pawan Saini
Next by Date:  Re: webserver security issues, krymson
Previous by Thread:  Re: Hex editor, Morgan Reed
Next by Thread:  Patch Management, donald . shroyer
Indexes:  [Date] [Thread] [Top] [All Lists]