|eForensics Magazine 2017 09 Reverse Engineering Guide PREVIEW.pdf|
Welcome to the October issue of eForensics Magazine! As always, we did our best and hope you will find the content interesting and useful. The cover topic for this month is reverse engineering, and we have a great guide for you to follow, by Leonardo Marciano and Deivison Franco. They prepared a three-part journey for you that will get you started on your reverse engineering adventure, complete with practice files for you to download and use to follow the material step by step. After finishing the guide you will be equipped to go deeper on your own.
The issue does not end there, however, as we have other articles for you to enjoy. Among them you’ll find pieces on accessing TrueCrypt containers, pseudonymization, PowerShell, securing 5G networks, on-the-budget honeypots, and a proposition for a cognitive chatbot interrogation assistant.
As always, huge thanks to our reviewers and proofreaders. We think we’ll never be grateful enough for all the wonderful help and support we get from you!
We hope everyone enjoys the issue. If you have any feedback or remarks, find us on social media or get in touch directly - we do want to hear from you.
Have a great month!
and the eForensics Team
TABLE OF CONTENTS
A Journey Deep Inside Reverse Engineering
by Leonardo Marciano and Deivison Franco
- Part 1: Introduction to Reverse Engineering
You were sure you already wanted to be a hacker/cracker, but after you watched Mr Robot, you got super excited to revolutionize the world with lines of code or even invade your school system and change your grades. To start our adventure, we will introduce you to reverse engineering, but first, what is it?
- Part 2: Using OllyDbg - First Steps
In the first part of our journey, you've been introduced to reverse engineering, learned what reverse engineering is used for, what knowledge is needed to study it, and what kinds of tools are used in its process. In addition, we presented the OllyDbg tool. Now, in this part, we will continue to use OllyDbg.
- Part 3: Using OllyDbg - Advanced
In this article, we will continue to learn how to use Olly. We will use the same custom version used in the last article.
Pseudonymization as a service
by Thibault Lefèvre
As companies process ever larger amounts of data for analytic purposes, knowledge of and control over who has access to potentially sensitive datasets has become a complex problem. In parallel, as regulation becomes more stringent, and with EU’s GDPR coming into force mid-2018, organisations who cannot demonstrate such a level of control will face heavy fines.
A Tool for Detecting and Accessing TrueCrypt Containers
by Connor Morley, Diane Gan, Cyber-SAFE Centre, University of Greenwich
Forensics and security teams often encounter TrueCrypt (TC) containers during a security investigation. These are notoriously difficult to identify and to access. TrueCrypt is just one of many freely available advanced encryption systems obtainable from the Internet that can be used to conceal data making it inaccessible to anyone other than the password/key holder. With TC development ceasing in 2014 and its integrity verified in 2015, nefarious uses of the system are still carried out due to the confidence provided by there being no new adaptations and so no risk of implemented backdoors.
Wild Card - A Forensic Psychology Cognitive Chatbot
by Denis Rothman
Forensic Psychology has become popular through TV shows such as Law & Order: Special Victim's Unit or CSI that show brilliant forensic psychologists help the police solve criminal cases. The consensus among experts is that these shows, albeit not totally accurate, have helped make the profession known.
PowerShell for Forensics
by Washington Almeida
Organizations today handle more sensitive personal data than ever before. As the amount of sensitive personal data increases, the more they are susceptible to security incidents and breaches. One of the biggest challenges in Incident Response nowadays is in the incident detection phase. There are several tools available to help Forensics specialists on working into detection phase. Some of them are open-source and some of them are commercial tools. However, the Windows OS environment has a built-in tool that can support the forensic activities in live response: PowerShell.
POWERSHELL in POWEREMPIRE A Windows World
by Amit Sharma
POWERSHELL was very well named, signifying its power in terms of scripting. It is a great tool for admins and extremely useful for attackers (pentester and red teamer). The security community has done an ample amount of work in this area and has produced some very useful tools which come in handy in some situations. It is also widely used and adopted in the SecOps/DevOps automation situations for scaling and security changes.
Low-Cost Honeypots as Enterprise Defence Mechanism
by Deep Shankar Yadav
Since the launch of Fred Cohens’ Deception Toolkit in 1998 (first publicly released Honeypot), Honeypots have been a proven useful method for attack detection and analysis. As these honeypots are complex in installation and require high maintenance, they are yet to get their proper place in enterprise security suites. However, the honeypot technology has been seeing rapid growth, and soon it will be held among various businesses’ threat detect security tools.
by Sarath Kutathiparambil Satchi
Telecommunications for any nation lays a very basic foundation for economic growth and at the same time enables advanced business models and advanced services. Till now we were talking about high performance wired networks, now we are anticipating similar performance for wireless networks. It means a lot when it comes to mobility. Every decade gap contributed each generation of telecommunications or, in other words, 1G to 4G, each generation took a decade to get evolved and made available.