Damon Vessey's Blog

Where Do I Even Begin to Learn Reverse Engineering?

Where Do I Even Begin to Learn Reverse Engineering?

Damon Vessey's photo
Damon Vessey
·

5 min read

That's the million dollar question. My personal opinion, learning the C programming language would be an excellent place to start. There will be others that argue to learn python, but once you get into reverse engineering, you'll have to learn C anyway. I wouldn't say you have to be an expert software developer to be able to make sense of any of this. I'm not, nor ever have been, a software developer and I am a beginner at all of this too. What I have done is read and research anything that interests me, which has been, as some would say, detrimental, but I believe it has given me a very wide range of knowledge on way too many topics. I know a lot of people fall into my shoes, because there is just way too much information out there, and it's hard to know where to even begin without getting discouraged and giving up. It's going to take some sacrifices and even doing things that might seem dreadful before being able to do and understand the "fun" stuff.

About me

To give context to where I am at in my career, I grew up around computers, in middle school I wanted to be a game developer so I struggled through teaching myself C++ as my first language. I highly discourage that. In high school I was fortunate enough to have a 2 year computer networking class, which covered all the CCNA objectives. I joined the Texas Army National Guard as a Combat Engineer while in my junior year of high school. I worked as a machinist for 10 years and forgot a lot about computers. I grown tired of working 10 years of 12+ hour shifts 6 to 7 days a week, so I decided to burn myself out even more by going to college through WGU for software development after my 12 hour shifts. I graduated with my bachelor's in 1 year, gave up all my free time and sleep, took a huge pay cut to get my first job in tech, where I was a Network Operations Center technician for an ISP. While there, I had to learn more networking than the CCNA will ever teach, on top of Voice Over IP and analog phone systems (things I never had any clue of prior to working there). I had no idea what I was in for. I was literally learning my job by answering the phone with angry customers asking why things were not working. You know the saying, "like drinking from the fire hose", well it felt more like standing under Niagara falls. I am very grateful for the experience. I learned a lot about how the internet really works, DNS, BGP routing, MPLS, but most importantly, I learned how to effectively communicate with non-technical people, as well as very technical people.

One example for effective communication that I noticed while working at the ISP is, most networking guys will ask an ISP if they are blocking any ports because they are experiencing one way audio, or their phones are not registering. Most people you talk with at the ISP aren't as knowledgeable and will just tell you they're not blocking any ports, and leave it at that. The real issue is that your phone couldn't reach a cloud hosted server because of a fiber cut on another ISP upstream from that ISP. So if you were to run a traceroute to the IP of your cloud provider, and ask your ISP why can't you reach this IP address, then that solves a lot of confusion and narrows down the problem considerably, leading to faster resolution.

Now that I was only working 8 hour days 5 days a week, I continued my education and got a Master's in Cybersecurity and Information Assurance. Today, I work as a technical engineer for a cloud hosted VOIP provider.

College and Certifications

Has college helped me out in anyway? I don't think so... yet? Maybe it'll boost my resume a tad to get passed HR filters. I enjoyed my learning experience at WGU. Going for my Master's was more of a personal achievement more than anything, and I do enjoy learning. As part of my Master's program I had to pass the Certified Ethical Hacker certification, which I am more than glad I didn't pay for. My brain dumped just about everything I learned after I passed. Would not recommend it, unless your employer really really wanted you to have it. If it wasn't for the army, I would have never gone to college.

Do you need college? No. Do you need certifications? Maybe to get passed HR. Other than that, employers want experience. Home labs and being able to talk about what you learned and what you're currently doing in your home labs IS experience. You just need to land that first tech job, even if it's help desk to prove you are capable of working in that environment, being able to communicate with people and your team and can help them and the company solve issues. Writing a blog as I am doing right now can put you ahead of your peers. Maybe there's 1,000 blogs out there just like mine, and they might even be better in every way, but my goal is to teach as I'm learning, and will help serve as reference material later on, because there is just so much information, that very few, if any, has all this memorized.

Know Your Why

The key is to have a goal. Are you learning this just for fun? Are you wanting to learn tactics hackers use in order for you to be able to defend against them? Knowing why you want to learn this will help you stay focused and moving towards your goal without giving up, and being stuck in the proverbial tutorial hell, where a lot of us get stuck. You will learn 100 times more by struggling through learning hands-on than you will watching 1,000 hours of youtube.

People that really got me interested in the topic

There are way too many people to list, but off the top of my head,

Off By One Security was the one who really got me interested in reverse engineering, who I found through David Bombal

John Hammond, who I found through Network Chuck.

Dr Josh Stroschein

Those are the big influences I found, I am sure I am missing quite a few.

Now let's start learning......

reverse engineeringmalware analysisprogramming languagesdebugging