I feel like it's impossible to learn reverse engineering

So let me preface this with "I'm not implying you're a child"

Often when I teach kids about CIS and they hear what I do for a living, the first question is

"How do I hack?"

I'll tell you the same thing I tell them. Hacking isn't a thing you learn as much as it is the result of years of experience in a series of topics that relate to security.

Often you'll find people break into the security field coming from software backgrounds and network backgrounds. I started on my security path a few years ago by attending defcon, derbycon, and other security related events. I learned that if I wanted to do it professionally then I needed to dig deeper. I learned there was no magic knowledge that made you a security professional. Just hard work and learning about what it takes to make things secure.

After building lots of Arduino projects, setting up lots of webservers from scratch, building lots of websites from the database up, taking (and failing mind you) my OSCP, I finally got to a point where I felt comfortable calling myself a security software engineer. The company I worked at during that time had a security champion program for engineers. They gave a single team member more advanced security training to be the team security engineer. I did that and I loved it.

About a year and a half ago I took the leap and got a job building intrusion detection software and I love it. Most of my work is standard coding but I do get to apply my security knowledge on a regular basis in various ways.

I guess my long winded point is, keep learning. You're doing it the right way by learning different technologies. Check out my blog https://www.DotNetRussell.com and you can see the projects I did that led me to where I'm at now.

Keep learning. As mentioned in the comments, security is hard. That's why there's such a demand for it! It's really rare that it comes easy to people. The people that you see that are experts in the field are there because they spent years and years grinding that hard knowledge.


Reverse engineering is fun. I use IDA once every other week, so I am not an expert in the field but do it often enough. If you want to understand reverse engineering you need to know how to engineer first.

If you do it professionally you are spending your time in Windows land. So to get good at that learn some Windows internals, code some projects in C# and C for windows.

The best reverse engineers I know were software engineers first.

Build some programs yourself and use Radare2 and IDA on them and you will start to learn.

Good luck and have fun!


Stop wasting your time with books and videos. Get some program you want to reverse (like a game you want to hack), get your tools for static/dynamic analysis (cheat engine is great for starting if you're on windows) and start tinkering with them... googling every thing you don't know yet as soon as you find it. It will be slow and painful at first, but soon you will be understanding assembly code by just looking, it becomes second nature.

Tags:

C

Assembly

Reverse Engineering

Shellcode

Related

How to check if a Wi-Fi network is safe to connect to? Is it safe to store APK signing passwords in private git repository? How to verify the checksum of a downloaded file (pgp, sha, etc.)? Is a redirect showing the password in plain text a security vulnerability? Do Transient, Volatile Servers Require Antivirus Scanners? What is the real danger of not putting a login password in Windows in a small company except that of allowing anyone to go physicaly on your computer? Is a standalone phone number considered Personally Identifiable Information? What are the security risks of logging the hash of rejected passwords? How to strike a balance between security policies and practical implementation challenges? Are there any objective reasons to use dedicated user/password instead of identity providers within a large organization? Does WPA3 OWE mean the return of Evil Twins? Is there value in changing your password after failed (malicious) login attempts?

Recent Posts