源:https://www.quora.com/What-system-setup-do-reverse-engineers-have
What system setup do reverse engineers have?
Personally, I’m using a Linux system on which I have a virtual box with Windows, and Linux operating systems on which I do reverse engineering and malware analysis tasks.
My main virtual machines are:
Windows XP SP3 32-bit: For reversing/analyzing binaries without the need to worry about ASLR, DEP and various modern protection mechanisms, they are (almost) all disabled on the old XP machines.
Windows 7 Pro SP1 32-bit: For reversing/analyzing binaries along with their in-memory protection mechanisms.
REMnux Linux: For PDF and couple of other formats reverse engineering.
Kali Linux amd64: For internet services simulation and further traffic monitoring and analysis.
Now to the tools, actually I use lots of tools, depending on the situation, my favorite common set of tools are:
Sysinternals Suite: This suite of tools is absolutely important for Windows-related RE cases, specifically Autoruns, Process monitor, and Process explorer.
Process Hacker: This application is a combination between Process monitor and Process explorer from sysinternals, it has few interesting filters and memory operations too.
Microsoft Network Monitor: This is my best tool for monitoring network traffic, it’s able to filter the traffic per process, filter the traffic through multiple interfaces, and many other powerful features.
Finally, for Static Analysis I mainly use:
Immunity Debugger: The amazing Python-scriptable disassembler and debugger for Windows binaries.
GDB: For static code analysis of Linux binaries.
I guess those are my most often used applications in most cases. Different File System and Registry File monitoring tools might be used in order to have some more analysis features over the current tools.
扫一扫
2500
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
