Bishop Fox VP of Consulting Andrew Wilson will be virtually presenting "Reverse Engineering Websites" at the 7th annual BSides Connecticut conference. BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration.
In the ideal world, every engagement would grant you source code access and a copy of the application/environment. Having 100% visibility into the static and dynamic environment of an application is incredibly powerful. By its nature, it eliminates the need for guessing and will make attacks significantly more informed and reliable. Simply put, a better job can be done because this is a position of advantage. In all situations less than that ideal, we can use reverse engineering to get into that position.
This talk outlines the concepts, strategies, and specific methods I have used to learn the inner workings websites for exploitation. We will specifically cover:
- Pattern matching to quickly identify technologies
- Deductive and inductive reasoning as ways to dial in our understanding
- How to ask informed questions to prove out those assertions
- Walk through of how code structures look, and what the rendered website will show
- Demonstration of decomposition techniques