Say have a binary file without the source code available, how to get started understanding how it works?
I found some sources:
- http://decompilation.wiki/
- https://mahaloz.re/dec-progress-2024
- https://github.com/NationalSecurityAgency/ghidra
Can I spot places in the code that make network connection attempts, de obfuscate spyware?
You must log in or # to comment.
For network calls, they probably have socket related system calls in the binary file, that would be my second step in reversing. First step would be to try things like Wireshark to intercept the network calls, as that would be a lot cleaner.
When you say “intercept the network calls” with Wireshark, are you able to hook Wireshark to a selected binary so that it shows its network traffic?
