Software Reverse Engineering
The intent of the Software Reverse Engineering Knowledge Unit is to provide students with the capability to perform reverse engineering of executable code to determine its function and effects, or to discover details of the implementation.
Topics
- Malware Analysis
- Reverse Engineering Tools & Techniques
- Sandboxing
- Anti-reverse engineering techniques
Outcomes
- Students should be able to use common software reverse engineering tools to safely perform static and dynamic analysis of software (or malware) of unknown origin for the purposes of understanding the software functionality and implementation.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0259 |
Knowledge of malware analysis concepts and methodologies. |
K0183 |
Knowledge of reverse engineering concepts. |
K0186 |
Knowledge of debugging procedures and tools. |
K0188 |
Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). |
K0189 |
Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer??s display device). |
K0479 |
Knowledge of malware analysis and characteristics. |
K00013 |
Knowledge of cyber defense and vulnerability assessment tools and their capabilities. |
K0254 |
Knowledge of binary analysis. |
K0171 |
Knowledge of hardware reverse engineering techniques. |
K0175 |
Knowledge of software reverse engineering techniques. |
K0089 |
Knowledge of systems diagnostic tools and fault identification techniques. |
ID |
DESCRIPTION |
S0003 |
Skill of identifying, capturing, containing, and reporting malware. |
S0131 |
Skill in analyzing malware. |
S0270 |
Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools. |
S0088 |
Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump). |
S0140 |
Skill in applying the systems engineering process. |