(1)Reverse Engineering Flashcards
What is reverse Engineering?
It is the process of starting with a finished product and working backwards to figure out how it works
What do security professionals use reverse engineering for?
Security professionals use reverse engineering to learn how a suspicious piece of software operates or to figure out the integrity of hardware.
What is one of the most dangerous threats to security in modern companies?
Why is this threat so dangerous?
One of the most dangerous threats to the security of modern organizations is custom malware developed by an Advanced Persistent Threat (APT)
This threat is so dangerous because it is not detectible by common anti-malware programs
Describe sandboxing, what is it, and what is it used for?
Sandboxing is for the purpose of figuring out that malicious software is present and it does so based on behavioral patterns, not based on signature.
How do sandbox systems work in practice?
In practice, sandbox systems keep an eye on systems and networking systems for code that is not commonly known.
When the sandbox sees it, it pulls out out of the network flow and isolates it in a sandbox (which keeps the code from accessing other systems or applications).
Once a sandbox quarantines unknown code, what does it do next?
When a sandbox quarantines unknown code, it then:
-runs the code and examines it, determining how it works
-It specifically watches to see if the code begins scanning the network for other systems, grabs other information, checks to see if it talks to a command and control server, or if it does anything else bad
What happens if the sandbox determines that the grabbed code is bad?
If the sandbox determines that the grabbed code is bad, it then keeps the code from gaining access to the org’s network and marks it for review by an admin.
What is code detonation?
Code detonation is where a sandbox lets a code operate inside of a safe environment and then responds with fixes and preventions based on what the code does