The main goal is to gain a comprehensive understanding of how things function.This process involves examining and decoding the technology to reveal its underlying principles, components, and functionality. It’s done when the information of the original design or construction isn’t easily accessible or needs to be examined closely. Reverse engineering is a process used to fully understand how something works, like a technology or product. So a red team, in the sense of the word that I specified, does not have access source code, and most definitively sometimes needs to reverse engineer binaries.What is the Purpose of Reverse Engineering? If you call application/network security research a red team exercise I think you're doing it wrong. Both technical controls as well as procedural operations are in scope. To do a proper red team exercise the scope must be very broad. The blue team and the red team do not share details, and to give the blue team a proper exercise they are often not even informed. is there a buffer overflow here yes or no? From an efficiency perspective it makes no sense to hide the source code or even credentials from the pentesters performing this research.Īn attack simulation is more holistic in nature, the question becomes "can your security team detect when we exploit this buffer overflow?". The concrete difference between the two is that vulnerability research is mostly focused on the technical security aspects. If you have access to source, it implies a white box test, which is not an attack simulation but 'ordinary' vulnerability research. Many people, myself included, take 'red team' to mean -> attack simulation. (This is one of the reasons why I suspected a true competitor to IDA would never come around as FOSS - it takes a shitload of money to do that, and it's also something you can make a shitload of money from.)īut I'll say this: if you put me into a situation where I had to reverse something, I'd pay for an IDA license 10/10 times even if every Radare developer was at my command, and I'd probably still get it done faster (most RE tools I know of lack even the most basic, fundamental features IDA has had for years - such as FLIRT - that can dramatically improve reversing speed.) If you gave them a lot of money - like, enough to fund 5-10 core developers for a couple years - Radare would dramatically improve extremely quickly, I'm sure. That doesn't mean Radare developers are incompetent. That also means people who need this can simply throw money at a problem, like an expensive IDA license, and move on. I should also be clear that part of the issue is that reverse engineering is a money game, one where money is easy to come by if you have the clients - and as a result and a lot of the developers of those tools have more money/labor available than the Radare developers. You might even call those "edge cases", but reverse engineering is 90% edge cases and 10% easy stuff. You could comparatively stitch something together with the tools in Radare to patch over this for the cases it doesn't handle. I am not constantly fighting with it to get basic things analyzed propertly, or fighting a lack of supported features that prevent it from opening something, or a bad analysis engine that misses 80% of things I later reverse by hand. When I use IDA, almost all of my actual work in the tool itself is very "boring" RE stuff, because it does its job. You're comparing a Jalopy to a Prius - and that Prius is already going up against a Ferrari. But that kind of aesthetic is an extremely small part of these tools in the whole, and it simply does not matter if the tool cannot "keep up" with your work. As a Linux person, I find that attractive, especially for certain kinds of automated stuff (vs loading Python scripts in through a UX or whatever). And I occasionally check it out and play with it - I think "the vim of RE tools" is a cool point in the design space. Don't get me wrong, I'm happy Radare exists. Binary-Ninja and IDA are a completely different class of tool from Radare.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |