{"id":593,"date":"2020-05-01T13:56:27","date_gmt":"2020-05-01T13:56:27","guid":{"rendered":"https:\/\/hackemall.live\/?p=593"},"modified":"2020-05-01T13:56:27","modified_gmt":"2020-05-01T13:56:27","slug":"reverse-engineering-roadmap","status":"publish","type":"post","link":"https:\/\/hackemall.live\/index.php\/2020\/05\/01\/reverse-engineering-roadmap\/","title":{"rendered":"Reverse Engineering Roadmap"},"content":{"rendered":"\n

\ud83d\udc76 BEGINNER LEVEL<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Khi m\u00ecnh ch\u1ecdn ng\u00e0nh ch\u1ecdn tr\u01b0\u1eddng thi \u0111\u1ea1i h\u1ecdc, ch\u1ec9 ngh\u0129 \u0111\u01a1n gi\u1ea3n l\u00e0 ch\u1ecdn ng\u00e0nh n\u00e0o ra sau n\u00e0y d\u1ec5 xin vi\u1ec7c, ki\u1ebfm \u0111\u01b0\u1ee3c ti\u1ec1n \ud83d\udcb0. H\u1ed3i \u0111\u00f3 ch\u1ecdn ng\u00e0nh an to\u00e0n th\u00f4ng tin ch\u1ec9 v\u00ec nghe n\u00f3 m\u1edbi v\u00e0 l\u1ea1, c\u00f3 l\u1ebd s\u1ebd \u00edt ph\u1ea3i c\u1ea1nh tranh so v\u1edbi ng\u00e0nh c\u00f4ng ngh\u1ec7 th\u00f4ng tin. V\u00e0o \u0111\u1ea1i h\u1ecdc kh\u00f4ng gi\u1ed1ng nh\u01b0 c\u00e1c th\u1ea7n \u0111\u1ed3ng trong ng\u00e0nh m\u00e0 m\u00ecnh bi\u1ebft, 2 n\u0103m \u0111\u1ea7u m\u00ecnh ch\u1ec9 h\u1ecdc theo ch\u01b0\u01a1ng tr\u00ecnh tr\u00ean l\u1edbp, l\u1eadp tr\u00ecnh\/acm r\u1ed3i c\u00e1c m\u00f4n c\u01a1 s\u1edf ng\u00e0nh g\u1ea7n nh\u01b0 kh\u00f4ng h\u1ec1 c\u00f3 kh\u00e1i ni\u1ec7m v\u1ec1 Security l\u00e0 g\u00ec v\u00e0 c\u0169ng kh\u00f4ng bi\u1ebft l\u00e0m Security th\u00ec ph\u1ea3i h\u1ecdc nh\u01b0 n\u00e0o (c\u00f3 l\u1ebd c\u0169ng do b\u1ea3n th\u00e2n m\u00ecnh l\u01b0\u1eddi kh\u00f4ng t\u1ef1 t\u00ecm hi\u1ec3u). B\u01b0\u1edbc ngo\u1eb7t c\u1ee7a m\u00ecnh l\u00e0 r\u01a1i v\u00e0o n\u0103m h\u1ecdc th\u1ee9 3, m\u00ecnh nghe \u0111\u01b0\u1ee3c nhi\u1ec1u tin tuy\u1ec3n d\u1ee5ng v\u1ec1 Security h\u01a1n, tham gia thi tuy\u1ec3n, xin th\u1ef1c t\u1eadp v\u00e0 m\u00ecnh may m\u1eafn \u0111\u01b0\u1ee3c v\u00e0o Viettel. \u1ede \u0111\u00e2y m\u00ecnh m\u1edbi b\u1eaft \u0111\u1ea7u c\u00f3 nh\u1eefng t\u01b0 duy v\u1ec1 Security c\u0169ng nh\u01b0 l\u00e0 n\u01a1i \u0111\u00e0o t\u1ea1o m\u00ecnh \u0111\u1ec3 m\u00ecnh \u0111\u01b0\u1ee3c nh\u01b0 b\u00e2y gi\u1edd.<\/p>\n\n\n\n

M\u00ecnh b\u1eaft \u0111\u1ea7u ti\u1ebfp x\u00fac v\u1edbi reverse engineering qua c\u00e1c challenge nh\u1ecf m\u00e0 m\u00ecnh \u0111\u01b0\u1ee3c \u0111\u00e0o t\u1ea1o \u1edf Viettel, sau \u0111\u00f3 th\u00ec b\u1eaft \u0111\u1ea7u ch\u01a1i CTF. Tham gia c\u0169ng nhi\u1ec1u cu\u1ed9c thi CTF trong v\u00e0 ngo\u00e0i n\u01b0\u1edbc nh\u01b0ng c\u0169ng kh\u00f4ng c\u00f3 th\u00e0nh t\u00edch g\u00ec m\u1ea5y. \u1ede \u0111\u00e2y m\u00ecnh s\u1ebd chia s\u1ebb cho c\u00e1c b\u1ea1n bi\u1ebft v\u1ec1 nh\u1eefng th\u1ee9 m\u00ecnh \u0111\u00e3 h\u1ecdc, luy\u1ec7n khi ti\u1ebfp x\u00fac v\u1edbi reverse engineering, t\u1ea5t nhi\u00ean m\u00ecnh s\u1ebd kh\u00f4ng n\u00f3i v\u1ec1 c\u00e1c kh\u00e1i ni\u1ec7m, th\u1ed1ng k\u00ea c\u0169ng nh\u01b0 ph\u00e2n lo\u1ea1i n\u00f3 v\u00ec \u0111\u01a1n gi\u1ea3n m\u00ecnh kh\u00f4ng bi\u1ebft \u0111\u1ee7 r\u1ed9ng \u0111\u1ec3 l\u00e0m vi\u1ec7c \u0111\u00f3 (n\u1ebfu th\u1eafc m\u1eafc v\u1ec1 kh\u00e1i ni\u1ec7m c\u00e1c b\u1ea1n c\u00f3 th\u1ec3 t\u1ef1 Google). Ch\u1ec9 l\u00e0 quan \u0111i\u1ec3m c\u00e1 nh\u00e2n do m\u00ecnh r\u00fat ra c\u00f3 th\u1ec3 \u0111\u00fang ho\u1eb7c sai nh\u01b0ng m\u00ecnh v\u1eabn hi v\u1ecdng s\u1ebd gi\u00fap cho nh\u1eefng b\u1ea1n m\u1edbi mu\u1ed1n t\u00ecm hi\u1ec3u v\u00e0 \u0111i theo security n\u00f3i chung v\u00e0 Reverse Engineering n\u00f3i ri\u00eang.<\/p>\n\n\n\n

\ud83d\udca1 H\u1eccC G\u00cc?<\/strong><\/span><\/p>\n\n\n\n

Nhi\u1ec1u b\u1ea1n mu\u1ed1n \u0111i theo h\u01b0\u1edbng Reverse nh\u01b0ng s\u1ebd kh\u00f4ng bi\u1ebft ph\u1ea3i b\u1eaft \u0111\u1ea7u t\u1eeb \u0111\u00e2u? Ti\u1ebfp c\u1eadn nh\u01b0 n\u00e0o?<\/p>\n\n\n\n

M\u00ecnh s\u1ebd n\u00eau c\u00e1c ph\u1ea7n c\u01a1 b\u1ea3n \u0111\u00f3 d\u01b0\u1edbi \u0111\u00e2y:<\/p>\n\n\n\n

<\/p>\n\n\n\n

\ud83d\udc68\ud83c\udffc\u200d\ud83d\udcbb H\u1eccC L\u1eacP TR\u00ccNH<\/b> <\/span><\/p><\/blockquote>\n\n\n\n

Ch\u1eafc nhi\u1ec1u ng\u01b0\u1eddi ngh\u0129 h\u1ecdc l\u1eadp tr\u00ecnh th\u00ec \u0111i l\u00e0m coder l\u00e0m th\u1ebf m\u1eb9 n\u00e0o \u0111\u01b0\u1ee3c hacker. N\u1ebfu ngh\u0129 th\u1ebf th\u00ec b\u1ea1n \u0111\u00e3 nh\u1ea7m ho\u00e0n to\u00e0n, \u1edf \u0111\u00e2y kh\u1ea3 n\u0103ng Reverse c\u1ee7a b\u1ea1n s\u1ebd t\u1ec9 l\u1ec7 thu\u1eadn v\u1edbi kh\u1ea3 n\u0103ng l\u1eadp tr\u00ecnh. \u0110\u1eb7t v\u00e0o 1 tr\u01b0\u1eddng h\u1ee3p c\u1ee5 th\u1ec3 khi b\u1ea1n Reverse 1 \u0111o\u1ea1n m\u00e3 trong 1 ng\u1eef c\u1ea3nh n\u00e0o \u0111\u00f3, n\u1ebfu b\u1ea1n \u0111\u00e3 t\u1eebng l\u1eadp tr\u00ecnh v\u00e0 hi\u1ec3u n\u00f3 r\u1ed3i th\u00ec khi Reverse s\u1ebd bi\u1ebft ngay l\u00e0 t\u00e1c gi\u1ea3 \u0111ang l\u00e0m g\u00ec v\u00e0 mu\u1ed1n l\u00e0m g\u00ec, c\u00f2n n\u1ebfu b\u1ea1n ch\u1ee9 t\u1eebng l\u1eadp tr\u00ecnh th\u00ec s\u1ebd m\u1ea5t kh\u00e1 nhi\u1ec1u th\u1eddi gian \u0111\u1ec3 b\u1ea1n hi\u1ec3u \u0111\u01b0\u1ee3c \u0111o\u1ea1n m\u00e3 \u0111\u00f3.<\/p>\n\n\n\n

H\u1ecdc l\u1eadp tr\u00ecnh th\u00ec n\u00ean h\u1ecdc nh\u01b0 th\u1ebf n\u00e0o? \u0110\u1ed1i v\u1edbi m\u00ecnh th\u00ec m\u00ecnh khuy\u00ean c\u00e1c b\u1ea1n n\u00ean h\u1ecdc t\u01b0 duy l\u1eadp tr\u00ecnh, kh\u00f4ng n\u00ean h\u1ecdc tr\u00e0n lan nhi\u1ec1u ng\u00f4n ng\u1eef. T\u01b0 duy l\u1eadp tr\u00ecnh l\u00e0 ki\u1ec3u b\u1ea1n nh\u00ecn nh\u1eadn gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 \u0111\u00f3 t\u1eeb nh\u1ecf \u0111\u1ebfn l\u1edbn sau \u0111\u00f3 s\u1ebd \u0111\u01b0a ra c\u00e1c gi\u1ea3i ph\u00e1p. Khi b\u1ea1n h\u00ecnh th\u00e0nh \u0111\u01b0\u1ee3c t\u01b0 duy l\u1eadp tr\u00ecnh th\u00ec b\u1ea1n ch\u1ec9 c\u1ea7n h\u1ecdc 1 ng\u00f4n ng\u1eef c\u00e1c ng\u00f4n ng\u1eef kh\u00e1c s\u1ebd ch\u1ec9 kh\u00e1c c\u00fa ph\u00e1p c\u00f2n l\u1ea1i m\u1ecdi th\u1ee9 \u0111\u1ec1u n\u0103m \u1edf t\u01b0 duy l\u1eadp tr\u00ecnh. Ch\u1ec9 m\u1ea5t 1 \u0111\u1ebfn 2 th\u00e1ng l\u00e0 b\u1ea1n c\u00f3 th\u1ec3 th\u00e0nh th\u1ea1o l\u1eadp tr\u00ecnh tr\u00ean ng\u00f4n ng\u1eef m\u1edbi.<\/p>\n\n\n\n

Reverser th\u00ec h\u1ecdc l\u1eadp tr\u00ecnh ng\u00f4n ng\u1eef n\u00e0o? T\u1ea5t nhi\u00ean s\u1ebd l\u00e0 h\u1ee3p ng\u1eef (Assembly), C\/C++,\u2026 B\u1ea1n h\u00e3y th\u1eed l\u1eadp tr\u00ecnh m\u1ecdi th\u1ee9 v\u1edbi Assembly t\u1eeb c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh \u0111\u01a1n gi\u1ea3n nh\u01b0 nh\u1eadp v\u00e0o in ra, x\u1eed l\u00fd chu\u1ed7i,\u2026 \u0111\u1ebfn nh\u1eefng ch\u01b0\u01a1ng tr\u00ecnh ph\u1ee9c t\u1ea1p h\u01a1n nh\u01b0 l\u00e0 paint, notepad,\u2026 Nghe c\u00f3 v\u1ebb v\u00f4 b\u1ed5 nh\u01b0ng \u0111\u00f3 s\u1ebd l\u00e0 c\u00e1i m\u00f3ng v\u1eefng ch\u1eafc \u0111\u1ec3 b\u1ea1n x\u00e2y n\u00ean t\u00f2a l\u00e2u \u0111\u00e0i.<\/p>\n\n\n\n

V\u00e0 m\u1ed9t ng\u00f4n ng\u1eef th\u00ec s\u1ebd kh\u00f4ng bao gi\u1edd \u0111\u1ee7 \u0111\u1ed1i v\u1edbi reverse, b\u1ea1n c\u1ea7n h\u1ecdc v\u00e0 bi\u1ebft nhi\u1ec1u v\u1ec1 ng\u00f4n ng\u1eef h\u01a1n n\u1eefa nh\u01b0 java, python, js, golang, rust \u2026<\/p>\n\n\n\n

\ud83d\udc68\ud83c\udffc\u200d\ud83c\udfeb<\/strong><\/span><\/strong> H\u1eccC H\u1ec6 \u0110I\u1ec0U H\u00c0NH <\/span><\/strong><\/p><\/blockquote>\n\n\n\n

\u0110\u1ecdc v\u00e0 hi\u1ec3u v\u1ec1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u m\u1ecdi th\u1ee9 \u0111ang x\u1ea3y ra trong 1 ch\u01b0\u01a1ng tr\u00ecnh m\u00e0 b\u1ea1n mu\u1ed1n Reverse. H\u00e3y h\u1ecdc v\u1ec1 nh\u1eefng th\u1ee9 c\u0103n b\u1ea3n nh\u01b0 ki\u1ebfn tr\u00fac, c\u00e1c thanh ghi, b\u1ed9 nh\u1edb, user\/kernel,\u2026<\/strong><\/p>\n\n\n\n

Linux <\/strong>s\u1ebd l\u00e0 1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh l\u00fd t\u01b0\u1edfng cho b\u1ea1n ti\u1ebfp c\u1eadn, sau \u0111\u00f3 l\u00e0 windows, Apple OS, android,\u2026<\/strong> V\u00e0 b\u1ea1n c\u0169ng n\u00ean target t\u00ecm hi\u1ec3u th\u1eadt s\u00e2u 1 h\u1ec7 \u0111i\u1ec1u h\u00e0nh.<\/p>\n\n\n\n

\ud83d\udd27<\/strong><\/span><\/strong> H\u1eccC C\u00c1CH S\u1eec D\u1ee4NG C\u00c1C C\u00d4NG C\u1ee4 H\u1ed6 TR\u1ee2 <\/span><\/strong><\/p><\/blockquote>\n\n\n\n

T\u00ecm hi\u1ec3u c\u00e1c c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 vi\u1ec7c Reverse, debug ch\u01b0\u01a1ng tr\u00ecnh nh\u01b0 gdb, lldb, olydbg, windbg, x64dbg,\u2026<\/strong> Kh\u00f4ng c\u00f3 c\u00e1ch h\u1ecdc s\u1eed d\u1ee5ng n\u00e0o nhanh b\u1eb1ng vi\u1ec7c th\u1ef1c h\u00e0nh tr\u00ean ch\u00ednh n\u00f3, s\u1eed d\u1ee5ng nhi\u1ec1u th\u00ec b\u1ea1n m\u1edbi c\u00f3 th\u1ec3 th\u00e0nh th\u1ea1o \u0111\u01b0\u1ee3c.<\/p>\n\n\n\n

C\u00e1c c\u00f4ng c\u1ee5 tr\u00ean m\u00ecnh kh\u00f4ng li\u1ec7t k\u00ea IDA, theo quan \u0111i\u1ec3m c\u1ee7a m\u00ecnh v\u1edbi nh\u1eefng ng\u01b0\u1eddi b\u1eaft \u0111\u1ea7u b\u1ea1n n\u00ean h\u1ecdc c\u00e1ch \u0111\u1ecdc m\u00e3 m\u00e1y (assembly), \u0111\u1ecdc hi\u1ec3u m\u00e3 m\u00e1y s\u1ebd gi\u00fap b\u1ea1n c\u00f3 c\u00e1i nh\u00ecn \u0111\u1ea7y \u0111\u1ee7 v\u00e0 s\u00e2u h\u01a1n so v\u1edbi vi\u1ec7c b\u1ea1n l\u00f4i ida ra v\u00e0 F5 \u0111\u1ec3 xem m\u00e3 gi\u1ea3 C. Nh\u01b0 ph\u1ea7n l\u1eadp tr\u00ecnh m\u00ecnh c\u00f3 n\u00f3i n\u00ean l\u1eadp tr\u00ecnh Assembly, n\u00f3 s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u01a1 b\u1ea3n c\u1ee7a 1 h\u00e0m nh\u01b0 th\u1ebf n\u00e0o (register, buffer, stack, heap, stack frame, call stack, calling convention,\u2026)<\/p>\n\n\n\n

\ud83d\udea9<\/strong><\/span><\/strong> CH\u01a0I CTF <\/span><\/strong><\/p><\/blockquote>\n\n\n\n

CTF l\u00e0 con \u0111\u01b0\u1eddng ng\u1eafn v\u00e0 r\u00f5 r\u00e0ng nh\u1ea5t <\/strong>gi\u00fap b\u1ea1n ti\u1ebfp x\u00fac v\u1edbi security. V\u1edbi Reverse h\u00e3y th\u1eed luy\u1ec7n tr\u00ean c\u00e1c trang web ph\u1ed5 bi\u1ebfn nh\u01b0 rootme, reversing.kr, ringzer0\u2026<\/strong> gi\u1ea3i quy\u1ebft l\u1ea7n l\u01b0\u1ee3t c\u00e1c challenge t\u1eeb d\u1ec5 \u0111\u1ebfn kh\u00f3, qua qu\u00e1 tr\u00ecnh r\u00e8n luy\u1ec7n b\u1ea1n s\u1ebd t\u1ef1 th\u1ea5y k\u0129 n\u0103ng c\u1ee7a m\u00ecnh \u0111i l\u00ean \u1ea7m \u1ea7m cho m\u00e0 coi.<\/p>\n\n\n\n

\ud83d\udcda<\/strong> H\u1eccC KI\u1ebeN TH\u1ee8C N\u1ec0N T\u1ea2NG <\/span><\/strong><\/p><\/blockquote>\n\n\n\n

B\u1ea1n kh\u00f4ng n\u00ean qu\u00e1 target v\u00e0o 1 m\u1ea3ng l\u00e0 reverse, n\u00ean h\u1ecdc r\u1ed9ng h\u1ecdc nhi\u1ec1u th\u00ec m\u1edbi c\u00f3 th\u1ec3 c\u00f3 c\u00e1i nh\u00ecn bao qu\u00e1t v\u1ec1 Security h\u01a1n. H\u00e3y t\u00ecm hi\u1ec1u v\u1ec1 Crypto, Network, Web, Exploit, Forensic,\u2026 v\u00e0 m\u1ecdi th\u1ee9 m\u00e0 tr\u00ean tr\u01b0\u1eddng d\u1ea1y b\u1ea1n, m\u00ecnh ngh\u0129 n\u00f3 kh\u00f4ng v\u00f4 d\u1ee5ng \u0111\u00e2u.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\ud83d\udc66 ADVANCED LEVEL<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

N\u1ebfu c\u00e1c b\u1ea1n nghe m\u00ecnh v\u00e0 h\u1ecdc theo c\u00e1c c\u00e1c th\u1ee9c m\u00ecnh li\u1ec7t k\u00ea \u1edf tr\u00ean th\u00ec m\u00ecnh ngh\u0129 c\u00e1c b\u1ea1n c\u0169ng \u0111\u00e3 c\u00f3 nh\u1eefng c\u00e1i nh\u00ecn c\u1ee5 th\u1ec3 v\u1ec1 Security v\u00e0 Reverse. Tuy nhi\u00ean d\u1eebng l\u1ea1i \u1edf \u0111\u00f3 th\u00ec b\u1ea1n ch\u1ec9 c\u00f3 th\u1ec3 c\u00e0o b\u00e0n ph\u00edm ch\u00e9m gi\u00f3 v\u00e0 \u0111i l\u00f2e m\u1ecdi ng\u01b0\u1eddi\u2026<\/p>\n\n\n\n

B\u1ea1n c\u1ea7n ph\u1ea3i luy\u1ec7n luy\u1ec7n luy\u1ec7n nhi\u1ec1u h\u01a1n n\u1eefa, l\u00e0m \u0111i l\u00e0m l\u1ea1i nhi\u1ec1u l\u1ea7n, th\u00e0nh th\u1ea1o c\u00e1c tool, c\u00e1c k\u1ef9 thu\u1eadt, \u2026<\/p>\n\n\n\n

\ud83d\udea9<\/strong><\/strong> CTF<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

V\u00e2ng l\u1ea1i l\u00e0 CTF, b\u1ea1n n\u00ean tham gia c\u00e1c cu\u1ed9c thi CTF trong v\u00e0 ngo\u00e0i n\u01b0\u1edbc, t\u1eeb online \u0111\u1ebfn onsite. \u1ede \u0111\u00e2y b\u1ea1n s\u1ebd g\u1eb7p r\u1ea5t nhi\u1ec1u d\u1ea1ng m\u00e0 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c coi l\u00e0 xu th\u1ebf tr\u00ean th\u1ebf gi\u1edbi, c\u00f3 d\u1ea1ng d\u1ec5 d\u1ea1ng kh\u00f3, c\u00f3 d\u1ea1ng l\u00e0m \u0111\u01b0\u1ee3c d\u1ea1ng kh\u00f4ng l\u00e0m \u0111\u01b0\u1ee3c.<\/p>\n\n\n\n

Tuy nhi\u00ean n\u1ebfu kh\u00f4ng l\u00e0m \u0111\u01b0\u1ee3c b\u1ea1n \u0111\u1eebng n\u1ea3n l\u00f2ng, k\u1ebft th\u00fac m\u1ed7i cu\u1ed9c thi h\u00e3y t\u00ecm \u0111\u1ecdc writeup v\u00e0 t\u1ef1 l\u00e0m l\u1ea1i ho\u1eb7c c\u00f3 th\u1ec3 h\u1ecfi tr\u1ef1c ti\u1ebfp ng\u01b0\u1eddi ra \u0111\u1ec1, h\u1ecd s\u1eb5n s\u00e0ng chia s\u1ebb v\u00e0 ch\u1ec9 cho b\u1ea1n c\u00e1c gi\u1ea3i quy\u1ebft b\u00e0i \u0111\u00f3.<\/p>\n\n\n\n

Khi ch\u01a1i CTF b\u1ea1n s\u1ebd g\u1eb7p v\u00f4 v\u00e0n c\u00e1c d\u1ea1ng Reverse, kh\u00f4ng ch\u1ec9 l\u00e0 Reverse 1 ch\u01b0\u01a1ng tr\u00ecnh C\/C++ \u0111\u01a1n gi\u1ea3n m\u00e0 c\u00f3 th\u1ec3 Reverse ph\u1ea7n c\u1ee9ng, Reverse game,\u2026 tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nh\u01b0 Android, IOS,\u2026 v\u00e0 c\u00f3 \u0111\u1ee7 c\u00e1c lo\u1ea1i ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh, ki\u1ebfn tr\u00fac \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 b\u1ea1n Reverse. H\u00e3y th\u1eed tham kh\u1ea3o flare-on \u0111\u1ec3 c\u1ea3m nh\u1eadn.<\/strong><\/p>\n\n\n\n

C\u1ee9 m\u1ed7i b\u00e0i CTF l\u00e0 1 b\u00e0i h\u1ecdc, s\u1ebd c\u00f3 nhi\u1ec1u th\u1ee9 m\u1edbi m\u1ebb b\u1ea1n h\u1ecdc \u0111\u01b0\u1ee3c t\u1eeb n\u00f3.<\/strong><\/p>\n\n\n\n

\ud83d\udcbb H\u1eccC V\u1ec0 COMPILER<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

Nh\u01b0 \u1edf ph\u1ea7n c\u01a1 b\u1ea3n c\u00e1c b\u1ea1n h\u1ecdc l\u1eadp tr\u00ecnh th\u00ec \u1edf \u0111\u00e2y b\u1ea1n n\u00ean t\u00ecm hi\u1ec3u c\u00e1ch build v\u00e0 ch\u1ea1y 1 ch\u01b0\u01a1ng tr\u00ecnh nh\u01b0 th\u1ebf n\u00e0o.<\/p>\n\n\n\n

C\u00e1ch compiler th\u1ef1c hi\u1ec7n g\u1ed3m nh\u1eefng b\u01b0\u1edbc g\u00ec? V\u00ec sao t\u1eeb 1 file b\u1ea1n l\u1eadp tr\u00ecnh m\u00e0 m\u00e1y c\u00f3 th\u1ec3 hi\u1ec3u v\u00e0 th\u1ef1c thi \u0111\u01b0\u1ee3c?<\/p>\n\n\n\n

\ud83d\udd27 MASTER C\u00c1C TOOL V\u00c0 C\u00c1C K\u0128 THU\u1eacT TRONG REVERSE<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

\u0110\u1ebfn giai \u0111o\u1ea1n n\u00e0y m\u00ecnh l\u1ea1i khuy\u1ebfn kh\u00edch c\u00e1c b\u1ea1n s\u1eed d\u1ee5ng IDA \u0111\u1ec3 Reverse v\u00e0 s\u1eeda code tr\u00ean m\u00e3 gi\u1ea3 C. T\u1eeb c\u00e1ch \u0111\u1ed5i t\u00ean bi\u1ebfn\/h\u00e0m, s\u1eeda ki\u1ec3u d\u1eef li\u1ec7u, t\u1ea1o struct,\u2026 b\u1ea1n s\u1eeda m\u00e3 gi\u1ea3 C c\u00e0ng \u0111\u1eb9p th\u00ec b\u1ea1n \u0111\u1ecdc hi\u1ec3u s\u1ebd nhanh v\u00e0 ng\u01b0\u1eddi kh\u00e1c \u0111\u1ecdc c\u0169ng d\u1ec5 ch\u1ecbu.<\/p>\n\n\n\n

T\u00ecm hi\u1ec3u c\u00e1c k\u1ef9 thu\u1eadt anti (anti-debug, anti-monitor, anti-vm,\u2026) m\u00e0 ng\u01b0\u1eddi ta hay s\u1eed d\u1ee5ng \u0111\u1ec3 b\u1ea3o v\u1ec7 ch\u01b0\u01a1ng tr\u00ecnh, c\u0169ng nh\u01b0 c\u00e1c c\u00e1ch obfuscate code g\u00e2y kh\u00f3 kh\u0103n cho ng\u01b0\u1eddi reverse.<\/p>\n\n\n\n

T\u00ecm hi\u1ec3u pack\/unpack, \u0111\u00e2y l\u00e0 1 k\u0129 thu\u1eadt ph\u1ed5 bi\u1ebfn m\u00e0 t\u00e1c gi\u1ea3 c\u1ee7a ph\u1ea7n m\u1ec1m s\u1eed d\u1ee5ng \u0111\u1ec3 b\u1ea3o v\u1ec7 ch\u01b0\u01a1ng tr\u00ecnh c\u1ee7a m\u00ecnh kh\u1ecfi c\u00e1c reverser.<\/p>\n\n\n\n

\ud83d\udcbe T\u1eacP T\u00c0NH REVERSE MALWARE (MALWARE ANALYSIS)<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

C\u00f4ng vi\u1ec7c ph\u1ed5 bi\u1ebfn h\u00e0ng \u0111\u1ea7u \u0111\u1ed1i v\u1edbi 1 ng\u01b0\u1eddi l\u00e0m Reverse ch\u00ednh l\u00e0 Malware Analysis<\/strong>. Khi ph\u00e2n t\u00edch 1 m\u1eabu malware tr\u01b0\u1edbc h\u1ebft b\u1ea1n n\u00ean t\u00ecm hi\u1ec3u c\u00e1ch setup 1 m\u1ed7i tr\u01b0\u1eddng an to\u00e0n khi ph\u00e2n t\u00edch n\u00f3.<\/p>\n\n\n\n

T\u00ecm 1 s\u1ed1 m\u1eabu \u0111\u01a1n gi\u1ea3n th\u1eed ph\u00e2n t\u00edch t\u00ecm hi\u1ec3u xem n\u00f3 l\u00e0m g\u00ec, l\u00e2y nhi\u1ec5m ra sao. Khi c\u00f3 k\u1ebft qu\u1ea3 \u0111\u00f3 r\u1ed3i h\u00e3y suy ngh\u0129 l\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 c\u00f3 th\u1ec3 clean \u0111\u01b0\u1ee3c h\u1ec7 th\u1ed1ng khi n\u00f3 \u0111\u00e3 l\u00e2y nhi\u1ec5m ra, \u0111\u00f3 l\u00e0 1 c\u00f4ng vi\u1ec7c th\u00fa v\u1ecb v\u00e0 \u0111\u00f2i h\u1ecfi c\u00f3 nhi\u1ec1u kinh nghi\u1ec7m.<\/p>\n\n\n\n

Malware s\u1ebd s\u1eed d\u1ee5ng r\u1ea5t nhi\u1ec1u k\u0129 thu\u1eadt g\u00e2y kh\u00f3 kh\u0103n cho ng\u01b0\u1eddi ph\u00e2n t\u00edch, v\u00e0 n\u1ebfu b\u1ea1n ph\u00e2n t\u00edch \u0111\u1ee7 nhi\u1ec1u b\u1ea1n s\u1ebd nh\u1eadn bi\u1ebft \u0111\u01b0\u1ee3c n\u00f3 v\u00e0 c\u00e1ch gi\u1ea3i quy\u1ebft n\u00f3 r\u1ea5t nhanh. L\u00e0m 10 m\u1eabu b\u1ea1n ch\u01b0a nh\u1eadn ra \u0111\u01b0\u1ee3c, 100 m\u1eabu b\u1eadn ch\u01b0a nh\u1eadn ra \u0111\u01b0\u1ee3c th\u00ec 1000 m\u1eabu, n\u00f3i chung v\u1edbi reverse malware ph\u1ea3i l\u00e0m th\u1eadt nhi\u1ec1u, g\u1eb7p th\u1eadt nhi\u1ec1u th\u00ec b\u1ea1n m\u1edbi h\u00ecnh th\u00e0nh \u0111\u01b0\u1ee3c 1 khu\u00f4n m\u1eabu \u0111\u1ec3 gi\u1ea3i quy\u1ebft n\u00f3 r\u1ea5t nhanh.<\/strong><\/p>\n\n\n\n

\ud83d\udc71\u200d\u2642\ufe0f GOSU LEVEL<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Khi \u0111\u00e3 t\u1edbi level n\u00e0y, m\u1ed7i ng\u01b0\u1eddi s\u1ebd \u0111\u1ec1u c\u00f3 1 h\u01b0\u1edbng cho m\u00ecnh r\u1ed3i, t\u1ea5t nhi\u00ean m\u1ee5c \u0111\u00edch cu\u1ed1i c\u00f9ng l\u00e0 \u0111\u1ec3 ki\u1ebfm ra ti\u1ec1n. C\u00e1c b\u1ea1n c\u00f3 th\u1ec3 theo nghi\u1ec7p ph\u00e2n t\u00edch Malware, t\u1ea1o ra Malware (kh\u00f4ng khuy\u1ebfn kh\u00edch), tham gia bug bounty,\u2026 M\u1ed7i ng\u01b0\u1eddi c\u00f3 1 s\u1edf th\u00edch v\u00e0 ch\u1ecdn con \u0111\u01b0\u1eddng c\u1ee7a ri\u00eang m\u00ecnh, n\u00ean \u0111\u1ebfn \u0111\u00e2y m\u00ecnh c\u0169ng kh\u00f4ng bi\u1ebft n\u00ean chia s\u1ebd nh\u01b0 th\u1ebf n\u00e0o cho \u0111\u1ee7 v\u00ec m\u1ed7i con \u0111\u01b0\u1eddng c\u00e1c b\u1ea1n s\u1ebd ph\u1ea3i t\u00ecm hi\u1ec3u 1 c\u00e1i kh\u00e1c nhau s\u1ebd kh\u00f4ng ph\u1ea3i chung chung nh\u01b0 h\u1ed3i c\u00f2n newbie n\u1eefa.<\/p>\n\n\n\n

Nh\u01b0ng d\u00f9 c\u00f3 l\u00e0m g\u00ec trong 3 c\u00e1i m\u00e0 m\u00ecnh n\u00eau tr\u00ean m\u00ecnh ngh\u0129 reverse v\u1eabn l\u00e0 c\u00e1i c\u1ed1t l\u00f5i, c\u00e1c b\u1ea1n v\u1eabn ph\u1ea3i h\u1ecdc, trau d\u1ed3i th\u1eadt nhi\u1ec1u c\u00e1c xu th\u1ebf hi\u1ec7n nay \u0111\u1ec3 kh\u00f4ng \u0111i th\u1ee5t l\u00f9i so v\u1edbi th\u1ebf gi\u1edbi.<\/p>\n\n\n\n

\ud83d\udc68\u200d\ud83c\udf93 H\u1eccC M\u1eccI TH\u1ee8<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

T\u1ef1 h\u1ecdc th\u00eam c\u00e1c ng\u00f4n ng\u1eef m\u1edbi v\u00e0 c\u00e1ch Reverse khi g\u1eb7p c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh s\u1eed d\u1ee5ng nh\u1eefng ng\u00f4n ng\u1eef n\u00e0y. C\u00e1ch m\u00ecnh hay d\u00f9ng l\u00e0 s\u1eed d\u1ee5ng ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh ra 1 ch\u01b0\u01a1ng tr\u00ecnh th\u1ef1c thi v\u00e0 reverse ch\u01b0\u01a1ng tr\u00ecnh \u0111\u00f3.<\/p>\n\n\n\n

T\u00ecm hi\u1ec1u v\u1ec1 c\u00e1c k\u1ef9 thu\u1eadt \u0111\u01b0\u1ee3c d\u1ee5ng hi\u1ec7n n\u00e0y trong c\u00e1c m\u1eabu Malware, trong c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh, c\u00e1c \u0111\u1ec1 CTF. M\u00ecnh th\u1ea5y 1 k\u00eanh m\u00e0 kh\u00e1 nhi\u1ec1u c\u00e1c idol \u0111i tr\u01b0\u1edbc ho\u1ea1t \u0111\u1ed9ng v\u00e0 r\u1ea5t hay chia s\u1ebd c\u00e1c ki\u1ebfn th\u1ee9c v\u00e0 k\u0129 thu\u1eadt \u0111\u00f3 Twitter, m\u00ecnh ngh\u0129 \u0111\u00f3 l\u00e0 1 kho t\u00e0ng tri th\u1ee9c m\u00e0 c\u00e1c b\u1ea1n c\u00f3 th\u1ec3 h\u1ecdc \u0111\u01b0\u1ee3c<\/p>\n\n\n\n

\ud83d\udc68\u200d\ud83d\udcbb RESEARCH<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

H\u00e3y th\u1eed research nh\u1eefng c\u00e1i m\u1edbi m\u00e0 ch\u01b0a c\u00f3 c\u00e1ch gi\u1ea3i quy\u1ebft n\u00e0o t\u1ed1i \u01b0u. T\u1ef1 t\u1ea1o c\u00e1c plugin gi\u00fap \u00edch cho vi\u1ec7c reverse nhanh h\u01a1n,\u2026 Khi c\u00f3 g\u00ec m\u1edbi c\u00f3 g\u00ec hay b\u1ea1n h\u00e3y th\u1eed submit c\u00e1c b\u00e0i di\u1ec5n thuy\u1ebft \u1edf c\u00e1c h\u1ed9i th\u1ea3o, chia s\u1ebd n\u00f3 v\u1edbi c\u1ed9ng \u0111\u1ed3ng \u0111\u1ec3 c\u00f3 nhi\u1ec1u g\u00f3c nh\u00ecn h\u01a1n t\u1eeb m\u1ecdi ng\u01b0\u1eddi.<\/p>\n\n\n\n

N\u1ebfu theo h\u01b0\u1edbng bug hunter h\u00e3y th\u1eed t\u00ecm hi\u1ec3u, vi\u1ebft 1-day. T\u00ecm hi\u1ec3u fuzz v\u00e0 c\u00e1ch m\u00e0 h\u1ecd s\u1eed d\u1ee5ng fuzz \u0111\u1ec3 t\u00ecm ra \u0111\u01b0\u1ee3c bug.<\/p>\n\n\n\n

T\u00ecm hi\u1ec3u c\u00e1c gi\u1ea3i ph\u00e1p an to\u00e0n th\u00f4ng tin, t\u1ef1 nh\u1eadn \u0111\u1ecbnh \u0111\u00e1nh gi\u00e1 c\u00e1c gi\u1ea3i ph\u00e1p \u0111\u00f3. \u0110\u1eb7t ra c\u00e1c b\u00e0i to\u00e1n v\u1ec1 Security c\u00f3 g\u1eafng t\u00ecm c\u00e1ch gi\u1ea3i quy\u1ebft. Ph\u1ea7n n\u00e0y r\u1ea5t hay v\u00e0 kh\u00f4ng ph\u1ea3i ai c\u0169ng l\u00e0m \u0111\u01b0\u1ee3c, nh\u01b0ng c\u1ee9 t\u1ef1 tin v\u00e0 th\u1eed, ch\u01b0a th\u1eed th\u00ec kh\u00f4ng th\u1ec3 bi\u1ebft \u0111\u01b0\u1ee3c k\u1ebft qu\u1ea3.<\/p>\n\n\n\n

\ud83d\ude46\u200d\u2642\ufe0f \u0110\u1ea0O \u0110\u1ee8C NGH\u1ec0 NGHI\u1ec6P<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

C\u00e1i n\u00e0y m\u00ecnh ngh\u0129 roadmap m\u1ea3ng n\u00e0o c\u0169ng s\u1ebd \u0111\u1ec1 c\u1eadp, v\u00e0 n\u1ed9i dung s\u1ebd nh\u01b0 nhau. M\u1ed7i 1 h\u01b0\u1edbng \u0111i c\u1ee7a c\u00e1c b\u1ea1n s\u1ebd \u0111\u1ec1u t\u1ea1o ra c\u00e1c r\u1ee7i ro nh\u01b0 nhau n\u1ebfu b\u1ea1n \u0111i v\u00e0o con \u0111\u01b0\u1eddng c\u1ee7a t\u1ed9i ph\u1ea1m m\u1ea1ng. H\u00e3y t\u1ec9nh t\u00e1o, s\u00e1ng su\u1ed1t v\u00e0 \u0111\u1eebng tr\u1ebb tr\u00e2u :D.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\ud83d\udca1 WHAT’S NEXT ?<\/span><\/strong><\/p><\/blockquote>\n\n\n\n

C\u01a1 h\u1ed9i ngh\u1ec1 nghi\u1ec7p c\u1ee7a Reverse engineering ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh Malware Analysis \/ Researcher \/ Bug bounty hunter \/ Red Team<\/strong> t\u00f9y v\u00e0o s\u1edf th\u00edch m\u1ed7i ng\u01b0\u1eddi. Hi v\u1ecdng qua b\u00e0i vi\u1ebft n\u00e0y s\u1ebd gi\u00fap \u00edch cho nh\u1eefng b\u1ea1n \u0111ang c\u00f3 \u00fd \u0111\u1ecbnh ho\u1eb7c \u0111ang theo con \u0111\u01b0\u1eddng reverse. <\/p>\n\n\n\n

\u1ede b\u00e0i vi\u1ebft n\u00e0y m\u00ecnh chia s\u1ebd c\u00f3 th\u1ec3 c\u00f2n s\u01a1 s\u00e0i v\u00e0 kh\u00f3 hi\u1ec3u n\u1ebfu c\u00f3 g\u00ec th\u1eafc m\u1eafc h\u00e3y chat tr\u1ef1c ti\u1ebfp v\u1edbi m\u00ecnh qua Twitter: https:\/\/twitter.com\/linhlhq<\/a><\/strong> (ti\u1ec7n tay th\u00ec follow m\u00ecnh nh\u00e9).<\/p>\n\n\n\n

C\u1ea3m \u01a1n v\u00ec \u0111\u00e3 \u0111\u1ecdc, h\u1eb9n g\u1eb7p l\u1ea1i c\u00e1c b\u1ea1n trong series ti\u1ebfp theo.<\/p>\n\n\n\n

Thanks,
linhlhq<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

\ud83d\udc76 BEGINNER LEVEL Khi m\u00ecnh ch\u1ecdn ng\u00e0nh ch\u1ecdn tr\u01b0\u1eddng thi \u0111\u1ea1i h\u1ecdc, ch\u1ec9 ngh\u0129 \u0111\u01a1n gi\u1ea3n l\u00e0 ch\u1ecdn ng\u00e0nh n\u00e0o ra sau n\u00e0y d\u1ec5 xin vi\u1ec7c, ki\u1ebfm \u0111\u01b0\u1ee3c ti\u1ec1n \ud83d\udcb0. H\u1ed3i \u0111\u00f3 ch\u1ecdn ng\u00e0nh an to\u00e0n th\u00f4ng tin ch\u1ec9 v\u00ec nghe n\u00f3 m\u1edbi v\u00e0 l\u1ea1, c\u00f3 l\u1ebd s\u1ebd \u00edt ph\u1ea3i c\u1ea1nh tranh so v\u1edbi ng\u00e0nh […]<\/p>\n","protected":false},"author":1,"featured_media":622,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,17],"tags":[],"_links":{"self":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/593"}],"collection":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/comments?post=593"}],"version-history":[{"count":29,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/593\/revisions"}],"predecessor-version":[{"id":650,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/593\/revisions\/650"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/media\/622"}],"wp:attachment":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/media?parent=593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/categories?post=593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/tags?post=593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}