Reverse Engineering Beginner Guide

Beginner guide for learning reverse engineering CTFs.

Overview

Before you get scared off from reversing, note that these levels are on a logarithmic curve, meaning that once you get past the baby level, everything will start the make more sense and you probably won't need this list anymore, but it's still a good reference. As you get more advanced, you'll start needing a wider range of skills and each specific will be used less and less meaning that you'll probably need to learn on the fly. The most important soft skill here would be knowing how to google for information while ctfs are running because you can't learn everything beforehand. There's a lot of things that aren't covered on here but this covers most of the important things, don't worry about reading through everything before getting your feet wet (skim through everything at least), these are just reference materials for you to go back on when you get stuck.

Baby:

Concepts:

Linux stuff (yes, all of it)

Stack operations

Assembly opcodes, registers, and data (read all of it)

(keep in mind there are different types of assemblies, different compilers and architectures, most of them are irrelevant but may come up later; there are a lot of nuances here)ctrl+f for the different architectures

Data segments

Binary labs (kinda messy but gets the job done)

Binaries (Parts 1 and 2)

Static and Dynamic Analysis

Debugging, Disassembling, and Decompiling

Tools:

strings, ltrace, and strace

gdb or gef/peda and another

Decompilers (familiarity with one is good enough):

Ghidra

IDA (so there's a free version but it's not as good at the pro obviously since it doesn't have decompiling, still useful to learn)

r2 (arguably the hardest tool to learn but also the most powerful) remember to do further research yourself

Scripting langauges:

Python (learning until file handling is good enough)

C (learn the whole thing)

Additional Resources and Tools:

Writeups for Practical Binary Analysis Book

objdump

readelf

Intermediate stuff:

Not really any order so figure it out.

Concepts:

Malware Analysis:

Packing

Binaries(Part 3)

Standard linux library

Memory allocation and security calls

binary tree and forking

binary patching

modifying binaries in runtime

stripped binaries

Bypassing Antidebugging and this (different compiling flags) and this, last way to bypass is by manually changing flags, and for GDB specific based on this

I should probably put a thing for every single possible way to bypass ptrace antidebug [Ptrace hacking]

Bypassing Antidebugging (Windows)

bypassing antivm/virtualization

Embedded Systems:

Verilog

Implementation:

Z3 (numbers are crunchy crunchy)

[apktool]

[dex2jar]

PEstudio

xdis

pwntools

angr

Languages (these sometimes show up so a basic understanding on hand is good enough for reversing):

C++

go

rust

java

Advanced stuff:

These stuff you can't really learn in advance because there are a lot of these and pretty hard to learn so definitely not comprehensive and very ctf dependent, at this point you should know how to google for what you need anyways.

Esoteric languages