Posted on 09 Apr 2018 by Paranoid Ninja
In 2016, I was working for a cyber security company where I had to perform an Incident Response of a large financial organization. I wasn’t really good in any of the programming languages as many had told me that its more of analytical skillset that is required rather than actually understanding and writing programs. With basic programming skills of python2 I went on to perform an IR and realized that it was all a large spread hoax. If you want to perform IR, you would sure as hell require to understand and reverse engineer programs.
With my boss on my head, some luck and sleepless nights, we found a malicious binary file in one of the windows machine. Since I used to suck at reverse engineering, I started reading up on various blogs to find out how to reverse engineer the binary. Running it up with Virus-total and basic tools like strings and objdump, I realized its written in C++ which consisted of a lot of windows API calls.
This was the day it hit me that no matter what, learning and understanding languages are a must. If you are serious about cyber security, you will need to understand not one but many languages. Besides, understanding and learning different languages are never a loss. This is the reason I have started writing this blog today after I am successful in writing my own malwares and able to reverse engineer them at the assembly level. If you are a security analyst or a consultant like me you will hear from a lot of people that getting your hands extremely dirty in assembly or learning low level languages is not important. But it’s an incorrect statement.
For eg: If you are going to perform a red team attack, you may face situations where you will find vulnerable programs for which only POCs are released, whereas full-fledged exploits are not available. Sometimes, you may have to write a fully working exploit using just the POC itself if you don’t find any other way in. Or if you are, let’s say in forensics and are asked to perform a breach assessment of a company, and if its a ransomware attack, the malware can be written in powershell or a simple windows binary as well. These are times you would wish that having some basic skills in assembly/C or C++ would be of great help since knowing what even a small binary can do, can help you dig a big hole through a pile of dirt to find how the attack started and where it ended.
Over the next few blogs, I will start writing small programs of C++ for windows and linux, and will reverse engineer them using olly debugger or gdb depending upon the OS I write it for.
Stay tuned for more blogs :)