Reverse engineering provides insight into how examined code works from an outside standpoint. Primary reasons for performing reverse engineering on malware are providing insight into the malware’s capabilities and behavior. Additionally, the reviewed malware’s uniquely identifying characteristics may be included in the form of signatures to an organizations existing Antivirus definition, as well as security and network monitoring tools.
The reverse engineering process serves to provide a quantifiable method by which threats executed against an organization’s network may be confirmed, functionally identified, and disseminated throughout the organization’s chain of command.
Software and malware reverse engineering have practical application in the Federal space because they offer tangible data showcasing unmediated vulnerabilities, misconfigurations and other gray areas allowing malicious actors’ access to Federal assets.
In this whitepaper, you will read about three open source tools that can assist in executing a reliable and repeatable reverse engineering process.