1st level
It's when you've got nothing on your mind but a burning desire to learn reverse engineering. So, on this tier, what should you study?
Assembly is a programming language. It makes no difference which assembly language you learn first. Since most assembly languages have a lot in common. However, I recommend starting with x86 because it has far more resources and tools supporting it than any other language. https://github.com/0xZ0F/Z0FCourse ReverseEngineering and https://beginners.reverseengineering are two of my favourite tools for learning x86 assembly.
It's when you've got nothing on your mind but a burning desire to learn reverse engineering. So, on this tier, what should you study?
Assembly is a programming language. It makes no difference which assembly language you learn first. Since most assembly languages have a lot in common. However, I recommend starting with x86 because it has far more resources and tools supporting it than any other language. https://github.com/0xZ0F/Z0FCourse ReverseEngineering and https://beginners.reverseengineering are two of my favourite tools for learning x86 assembly.
You'll also benefit from having a basic understanding of executable file formats. Windows uses PE, while Linux and other Unix-like systems use ELF.
2nd tier
Tier 1 shouldn't take up too much of your time. In reality, you can start learning anything from tier 2 after just about 5 hours on tier 1. It will give you a much better sense of accomplishment, and learning tier 2 will aid you in learning tier 1.
Begin by using free reverse engineering tools such as Ghidra, Radare 2, Binary Ninja, and IDA Home/Pro (paid). The first is IDA, which is still used as the industry standard for static reverse engineering. It is, however, the most expensive choice. Ghidra may be a good tool for beginners because it's free, has a lot of features that other free tools don't, and it's extensible. There are numerous online tutorials available for Ghidra, as well as a comprehensive book titled "The Ghidra Book: The Definitive Guide" on the subject. The relation to this book can be found in the title.
Perhaps write some simple C programmes and then run them in your preferred tool to see how they work. Examine executable file formats as well.
Then, figure out how to debug. It's a method of dynamically analysing and changing a program's workflow. GDB for Linux and x64dbg for Windows are your go-to debuggers.
Tier three
This is where things start to get serious. It's time for you to dip your toes in the water and try out some scenarios that are as true to reality as possible. It's also where you can get a taste of various aspects of reverse engineering and decide which ones you want to concentrate on.
Look for any online challenges. Simple crackme challenges from sites like https://crackmes.one may be the answer. It's here where your reverse engineering expertise can come in handy.
Then you can learn about common binary software security flaws and try to find and exploit them. https://www.vulnhub.com, http://root-me.org, http://pwnable.kr, and https://www.hackthebox.eu are all good places to start the vulnerability exploitation journey.
Learn about packing and obfuscation. Though they aren't very popular in legitimate applications, they are often used in malware and other malicious software. So those abilities could come in handy.
Play a few CTF games. For every taste, there are CTFs and CTF challenges. Nowadays, REing and exploitation problems are almost certainly included in every CTF. RealworldCTF is all about leveraging bugs in real-world applications, while Flareon CTF is all about reversing malware-like obstacles. While all CTFs are timed, don't feel bad if you can't solve a problem right away. There's no need to rush; there's no need to hurry. Even if a CTF has finished, you can try to solve a challenge. Also, if you're stuck, look up write-ups for your challenge on Google. http://ctftime.org is a fantastic archive of CTFs and writeups.
Finally, attempt to reverse engineer real-world products. If there's a piece of software about which you've always been curious. Or maybe you've always wanted to hack your home router and get a root shell. It's time to put it to the test.
Despite the fact that I listed three levels, I strongly advise you to complete them all at the same time. It is an iterative method to learn. Those tiers will reinforce one another, allowing you to gain as much experience and expertise as possible.
Finally, some thoughts
And never stop learning: look for online tutorials, follow people on Twitter, participate in Reddit forums, be interested, and don't be afraid to struggle! 1st level
It's when you've got nothing on your mind but a burning urge to learn reverse engineering. So, on this tier, what should you study?
Assembly is a programming language. It makes no difference which assembly language you learn first. Since most assembly languages have a lot in common. However, I recommend starting with x86 because it has much more resources and tools supporting it than any other language. https://github.com/0xZ0F/Z0FCourse ReverseEngineering and https://beginners.reverseengineering are two of my favourite tools for learning x86 assembly.
You'll also benefit from having a basic understanding of executable file formats. Windows uses PE, while Linux and other Unix-like systems use ELF.
2nd tier
Tier 1 shouldn't take up too much of your time. In reality, you can start learning anything from tier 2 after just about 5 hours on tier 1. It will give you a much better sense of accomplishment, and learning tier 2 will aid you in learning tier 1.
Begin by using free reverse engineering tools such as Ghidra, Radare 2, Binary Ninja, and IDA Home/Pro (paid). The first is IDA, which is still used as the industry standard for static reverse engineering. It is, however, the most expensive choice. Ghidra may be a good tool for beginners because it's free, has a lot of features that other free tools don't, and it's extensible. There are numerous online tutorials available for Ghidra, as well as a comprehensive book titled "The Ghidra Book: The Definitive Guide" on the subject. The relation to this book can be found in the title.
Perhaps write some simple C programmes and then run them in your preferred tool to see how they work. Examine executable file formats as well.
Then, figure out how to debug. It's a method of dynamically analysing and changing a program's workflow. GDB for Linux and x64dbg for Windows are your go-to debuggers.
Tier three
This is where things start to get serious. It's time for you to dip your toes in the water and try out some scenarios that are as true to reality as possible. It's also where you can get a taste of various aspects of reverse engineering and decide which ones you want to concentrate on.
Look for any online challenges. Simple crackme challenges from sites like https://crackmes.one may be the answer. It's here where your reverse engineering expertise can come in handy.
Then you can learn about common binary software security flaws and try to find and exploit them. https://www.vulnhub.com, http://root-me.org, http://pwnable.kr, and https://www.hackthebox.eu are all good places to start the vulnerability exploitation journey.
Learn about packing and obfuscation. Though they aren't very popular in legitimate applications, they are often used in malware and other malicious software. So those abilities could come in handy.
Play a few CTF games. For every taste, there are CTFs and CTF challenges. Nowadays, REing and exploitation problems are almost certainly included in every CTF. RealworldCTF is all about leveraging bugs in real-world applications, while Flareon CTF is all about reversing malware-like obstacles. While all CTFs are timed, don't feel bad if you can't solve a problem right away. There's no need to rush; there's no need to hurry. Even if a CTF has finished, you can try to solve a challenge. Also, if you're stuck, look up write-ups for your challenge on Google. http://ctftime.org is a fantastic archive of CTFs and writeups.
Finally, attempt to reverse engineer real-world products. If there's a piece of software about which you've always been curious. Or maybe you've always wanted to hack your home router and get a root shell. It's time to put it to the test.
Despite the fact that I listed three levels, I strongly advise you to complete them all at the same time. It is an iterative method to learn. Those tiers will reinforce one another, allowing you to gain as much experience and expertise as possible.
Finally, some thoughts
And never stop learning: look for online tutorials, follow people on Twitter, participate in Reddit forums, be interested, and don't be afraid to struggle!
For More amazing articles, please visit My Articles
