|
|
|
|
|
|
by lauriewired
619 days ago
|
|
|
Work + Personal research. The main industry usecase for RE is malware analysis. The flow is essentially:
1. Break down a sample to determine behavior; this is usually a mixture of static (decompilation) and dynamic (running the sample in a safe env /w a debugger) analysis. 2. Write a signature / detection based on unique identifiers you discover inside the payload. This is where the real skill comes in; being extremely clever with Regex is helpful here. It's a tricky game to keep up with malware developers. Write a signature too specific, and all they have to do is recompile with a few string changes to defeat you. Conversely, if a detection is too broad, you run the risk of detecting benign software (aka a False Positive or FP). |
|
|