Reverse Engineering Mentoring

This is a project to mentor people on reverse engineering of software. We will focus on Windows malware.

This is for people who have no reverse engineering skills.

Mentoring doesn't mean that we will be making a tutorial. We will point you in the right direction, but you will have to study topics we mention on your own. For example, you need to be able to read assembly language. We will point you to assembly language tutorials and mention particular points you should study. You can add your own insights and links to this Wiki.

And you can ask questions, of course. Although it is not required, please create an account to edit this Wiki, this makes it easier for us to know who posts questions.

There is a Wikibook on Reverse Engineering [1]

I will start the mentoring by pointing you to free tools and by creating some exercises.

My name is Didier Stevens, I have a gmail address and a blog

Unpacking and Decrypting with IDA

  • Does anyone have any good pointers or references to unpacking and decrypting malware, especially with IDA? (PDF reference here)
    • there's static and dynamic unpacking. The rest should be easy to search (searching is part of RCE). Maybe the Titan-Framework (has C++ code that applies generic unpacking methods) is helpful. IDA is not a general all-in-one-wonder tool.
Community content is available under CC-BY-SA unless otherwise noted.