Reversing - A structured approach

April 23, 2008 (at 1:30 p.m.) in Attacks

For many people Reverse Engineering sounds like magic, but it’s yet another methodology to understand what soft- and hardware is doing. This session will cover the methodology and tools that are used in our company to answer very specific customer questions relating to software. The purpose of the talk is to demonstrate a timely effective approach to analyze software that is only available as a binary. After the talk the audience will know what kind of knowledge is really needed to do reverse engineering, which tools are recommended to do the job (Hey-Rays, the new decompiler plugin for IdaPro and Autodebug, a mighty debugger and api monitor will be demonstrated) and how a structured approach can help you to accomplish the task in a reasonable amount of time.

Michael Thumann

Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.

In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.