WEBVTT

00:01.600 --> 00:02.480
Hello everyone.

00:02.800 --> 00:10.880
I'm typhoon and in this lecture we are diving head first into the realm of reverse engineering, which

00:10.880 --> 00:18.640
is a discipline that lets us take things apart not for destruction, but for understanding reconstruction

00:18.640 --> 00:21.200
and even innovation in some cases.

00:21.680 --> 00:27.760
Now this foundational lecture will walk us through what reverse engineering is, what it's commonly

00:27.760 --> 00:38.200
used for, and why it plays such a crucial role in areas like software security and malware analysis.

00:39.040 --> 00:44.880
And now let's start with a basic yet powerful analogy here.

00:45.080 --> 00:51.680
So imagine like you are holding a beautiful folded origami crane.

00:51.800 --> 00:57.400
So if we wanted to recreate that crane but had no instructions, what would you do?

00:58.320 --> 01:07.030
You'd unfold it carefully, analyze the folds, understand the structure, and then try to replicate

01:07.030 --> 01:07.310
it.

01:07.870 --> 01:11.350
Now that's essentially what reverse engineering is about.

01:11.390 --> 01:19.470
Breaking down a final product to see how it was built, how it works, and where it can be improved

01:19.470 --> 01:20.990
or secured.

01:21.830 --> 01:24.870
Now, reverse engineering is used across multiple disciplines.

01:25.630 --> 01:32.670
Basically understanding the mechanical systems, dissecting biological structures, decoding complex

01:32.670 --> 01:35.990
software, malware analysis, and more.

01:36.190 --> 01:43.470
And in the digital realm, reverse engineering is indispensable for analyzing software, especially

01:43.470 --> 01:49.270
when we are faced with a malware or unknown programs.

01:52.150 --> 02:00.470
Now it is how we learn what a program does without having access to its source code, which in most

02:00.470 --> 02:02.990
cases we would need the reverse engineering.

02:02.990 --> 02:11.500
Since most of the software on the internet today is not open source and to understand its utility,

02:11.500 --> 02:13.460
let's bring a metaphor from history.

02:13.860 --> 02:22.980
A Trojan horse had the defenders of Troy reverse engineered the horse before bringing it inside their

02:22.980 --> 02:26.860
walls, perhaps dismantling it piece by piece.

02:26.860 --> 02:33.100
They would have discovered that solders hidden inside and apply that same logic to malware.

02:33.140 --> 02:40.140
Today, by reverse engineering a suspicious program, we can see what it's really doing, identify any

02:40.180 --> 02:44.580
harmful payloads, and developed defenses accordingly.

02:44.940 --> 02:50.820
Now, reverse engineering isn't just technical here, it is also ethical and legal territory.

02:51.740 --> 02:58.620
Now some laws restrict its use and it is misuse can lead to infringement issues.

02:59.060 --> 03:03.460
But in the context of cybersecurity, it's a legitimate and essential practice.

03:03.500 --> 03:10.820
Understanding how threats works helps us build better defenses and protect entire systems.

03:10.860 --> 03:14.850
Now let's break down what this process looks like practically.

03:15.330 --> 03:20.770
First, we analyze the binaries and software without source code.

03:21.170 --> 03:26.250
We use specialized tools to inspect the inner workings of program.

03:28.010 --> 03:34.370
And we isolate and study malware to determine how it infiltrates systems.

03:35.770 --> 03:40.810
And we develop methods to remove and defend against these threats.

03:41.290 --> 03:46.650
And some essential tools you will encounter including disassemblers debuggers and emulators.

03:47.370 --> 03:53.170
Tools like Ida Pro, Ghidra and x64.

03:53.610 --> 04:02.090
DBG allows us to see how program functions at assembly level, and virtual machines like VirtualBox

04:02.090 --> 04:09.930
or VMware provide a safe sandbox for analyzing potentially harmful code without endangering your host

04:09.930 --> 04:10.410
system.

04:10.650 --> 04:13.130
Now, a word of caution here.

04:13.530 --> 04:16.480
Handling malware requires meticulous care.

04:16.520 --> 04:21.400
So always conducting an analysis in an isolated virtual environment.

04:21.440 --> 04:24.480
Disable internet access unless needed for monitoring.

04:24.720 --> 04:30.920
Use snapshots to revert changes and never interact with suspicious samples on your primary machines.

04:31.040 --> 04:34.160
You will learn more about these practices in next lectures.

04:34.200 --> 04:39.400
This is just introduction lecture here and let's talk about the setting up your environment.

04:39.440 --> 04:44.840
Now you don't need anything fancy to begin with, just a decent machine with a virtualization support,

04:44.880 --> 04:51.200
a working copy of VirtualBox and ready to use malware analysis virtual machines for trusted sources

04:51.200 --> 04:55.000
like Microsoft, Microsoft or Remnux.

04:55.360 --> 05:00.160
Now, setting up involves configuring these virtual machines with the right debugging and monitoring

05:00.200 --> 05:04.040
tools to observe behavior without interference.

05:04.040 --> 05:07.240
But tools are only half of the equation here.

05:07.520 --> 05:13.440
A good reverse engineer is, above all, resourceful, googling for obscure documentation, reading

05:13.440 --> 05:17.040
security blogs, watching malware behavior videos.

05:17.080 --> 05:23.350
Now this hunger for information is essential, and sometimes the existing tools just won't cut it.

05:23.350 --> 05:28.510
And you will find yourself scripting your own utilities or modifying open source ones.

05:29.270 --> 05:33.150
Now, reverse engineering also supports software auditing.

05:33.350 --> 05:39.510
So when we want to ensure software quality and decent vulnerabilities, we reverse engineers parts of

05:39.510 --> 05:47.150
the application like random inputs and unpredictable user behavior and integration oversights can lead

05:47.150 --> 05:52.950
to weaknesses and ones that attackers will exploit if we don't find them first.

05:53.710 --> 06:00.350
We use fuzzing tools, monitoring systems, and crash dumps to discover where and why software breaks

06:00.350 --> 06:03.910
and then trace those flaws back to the code.

06:05.590 --> 06:12.910
Now, in the context of malware, reverse engineering plays a crucial role in each piece of incident

06:12.910 --> 06:13.790
response.

06:14.710 --> 06:15.630
Incident response.

06:15.630 --> 06:18.430
The first piece is detection.

06:22.230 --> 06:23.230
Analysis.

06:29.620 --> 06:30.700
Then the clean up.

06:35.100 --> 06:37.460
And lastly defense.

06:37.740 --> 06:41.300
Of course, there's also more complicated graphic.

06:44.380 --> 06:46.020
For this which you will learn.

06:46.060 --> 06:47.340
Defense basically.

06:48.660 --> 06:55.020
Now say for instance malware enters your system through a JavaScript email attachment.

06:55.020 --> 07:01.740
Once we reverse engineer the script and understand its payload, we can take measures like blocking

07:01.980 --> 07:04.300
the feature emails.

07:09.620 --> 07:17.340
And, um, even blocking this with the similar attachments as well.

07:17.780 --> 07:25.980
And in some cases, entire networks have to be reconstructed to prevent second wave of attack here.

07:26.780 --> 07:33.010
Now mitigation is another critical layer of defense, training users on how phishing works, how attackers

07:33.050 --> 07:37.890
think, and what social engineering looks like makes a massive difference.

07:38.250 --> 07:44.690
Now, reverse engineering gives us the case studies we need to teach others and to implement security

07:44.690 --> 07:49.050
policies and design systems with layered defenses.

07:49.050 --> 07:53.690
And ultimately, this process doesn't just help us recover, it helps us evolve.

07:53.930 --> 08:01.610
Reverse engineering enables better security posture, identifying system vulnerabilities, and also

08:01.890 --> 08:09.530
aids law enforcement in tracking threats also drives forward our understanding of hidden digital world.

08:10.050 --> 08:13.130
And that's just the beginning of this course here.

08:13.410 --> 08:20.410
Now from here, we will go deeper into the specific tools, processes and techniques that will make

08:20.410 --> 08:26.410
you not just a reverse engineer, but a skilled analyst capable of seeing through the most intricate

08:26.410 --> 08:27.370
digital wheels.

08:28.010 --> 08:28.930
Thank you for watching.

08:28.970 --> 08:31.490
I'm Tiffany and I'm meeting you in the next lecture.