Skip to main contentSkip to main content
Room Banner
Back to all walkthroughs
Room Icon

Anti-Reverse Engineering

Premium room

Learn the techniques used by malware authors to bypass detection.

medium

60 min

8,024

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

cycle-continuesMalware authors are constantly looking for ways to evade detection and analysis to maintain the effectiveness of their malware. At the same time, security professionals are working to develop new methods and tools for detecting and mitigating the threat posed by malware. This ongoing "arms race" can lead to the development of increasingly sophisticated and effective malware defences as both sides seek to stay ahead of their counterparts.

Reverse engineering is the process of studying a technology product, software, or hardware to learn how it works and extract its functionality or design information. In cybersecurity, reverse engineering is used to understand how malware works, extract indicators of compromise (IOCs), and develop adequate detections, protections, and countermeasures.

As a response, malware authors are motivated to protect their malware from analysts. They use anti-reverse engineering techniques to make malware more challenging to analyze, so it can continue propagating and infecting more systems before security measures are implemented.

This constant back and forth between malware analysts and authors can be aptly described as an "arms race". Malware authors develop new and sophisticated techniques to avoid detection and analysis, and security professionals respond by developing new methods and tools to detect and mitigate the threat posed by malware. As each side grows new techniques, the other responds with even more advanced ones, creating a cycle of escalation.

In this room, we will explore some of the various anti-reverse engineering techniques malware uses. These include:
  • Detection
  • Obfuscation using
  • Anti-Debugging

Many more techniques exist, but we will focus on these three for this room.

Learning Objectives
  • Learn why malware authors use anti-reverse engineering techniques
  • Learn about different anti-reverse engineering techniques
  • Learn the techniques on how to circumvent anti-reverse engineering using various tools
  • Learn how anti-reverse engineering techniques are implemented by reading the source code
Room prerequisites
  • Familiarity with Basic and Advanced (How to use a debugger, read assembly code, and patching)
  • Basic knowledge of Assembly (What registers are, etc.)
  • Basic understanding of C programming concepts (Conditions, program flow, etc.)

Connecting to the machine

Start the virtual machine in split-screen view by clicking on the green "Start Machine" button on the upper right section of this task. If the is not visible, use the blue "Show Split View" button at the top-right of the page. Alternatively, you can connect to the using the credentials below via "Remote Desktop".
THM key
Username Administrator
Password Passw0rd!
IP MACHINE_IP
Answer the questions below
Let's go!

Ready to learn Cyber Security?

The Anti-Reverse Engineering room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information see our cookie policy.