PDA

View Full Version : Working as a reverse engineer


avixz
July 17th, 2008, 03:04
I wonder how hard is to get a job as a reverse engineer, and I wanted to ask you if this is a hobby for you or do you have a job related to rce? and if you have a rce related job what qualifications your employers asked for?

Sab
July 17th, 2008, 05:01
see the job openings section on openrce's website forum.

Silver
July 17th, 2008, 11:19
Quote:
[Originally Posted by avixz;75925]I wonder how hard is to get a job as a reverse engineer, and I wanted to ask you if this is a hobby for you or do you have a job related to rce? and if you have a rce related job what qualifications your employers asked for?


There is a limited field of work for pure reverse engineering - AV and malware research, protection coding, systems integration etc. However I would guess that many jobs are "related" to RCE, for example penetration testers or security specialists would find significant benefits to having RCE skills, even if they weren't reversing code full-time. On that basis employers would look for field-centric qualifications (eg: CISSP) with reversing experience.

Perhaps your question is better phrased by explaining what you're interested in and what your skill set is.

But as I'm fortunate enough to be part of the Aristocracy, I've never had to do this thing you call "work" before. In fact my butler is typing this reply whilst I dictate.

OHPen
July 17th, 2008, 13:16
@silver: so probably all your reverse engineering till today is also done by your butler This would also imply that you are no reverser. Am i right ?

BTW I'm working as Reverse Engineer and i can confirm that it is not a simple task to get a 100% reverse engineering job. You need a lot of luck and the country you are living in is also important. I never gave up my dream once getting a job as a reverser and the time showed it. It was a damn good decision

Regards,

OHPen

Ricardo Narvaja
July 18th, 2008, 01:14
my work is exploit writing, researcher, and is needed know reverse engeniering, is a posibility too for work.

ricnar

morel
July 18th, 2008, 04:30
Don't waste time on "hacker/reverse engineer certificates". From my exp. I can say that's the most important thing is to have good "portfolio" -- something (articles/code) that proves you have the required skill.

Certificates in this field will give you a meaningless paper -- you can't learn RE in just few months.

Btw., the "buy + for five dollars" thing makes me puke. +ORC must be turning in his grave :P

evlncrn8
July 18th, 2008, 06:22
buy the + for 5 dollars? where?

Maximus
July 18th, 2008, 08:30
..."buy + for five dollars", morel??

So do it, no? If it is so easy as you 'affirm'...

About what you said, I found it's far far easier to get a 1st page cover on IT magazines than + challenges -only my opinion, of course.

...by personal experience, I mean.

TiGa
July 18th, 2008, 08:34
Where? In his misinformed mind, of course!

He probably thinks that people have to pay to try the new strainers or that they can directly "buy a + for 5$", like it was a t-shirt.
The new strainers are free, just like the old ones were in +ORC's time.
What a pukey concept! How immorel to do such a thing!

When applying for any job, good basic reading skills are always a must!
That's why even McDonalds asks for a high school degree as it certifies that you can read, write and count at a certain level.
They don't ask you to prove your skills in an essay, they only want to see the diploma as it proves your skills instantly, like a 100% Pure Beef stamp.

Usually, a college degree trumps a certification and a certification trumps a portfolio full of possibly plagiarized papers.
What about a person with a certification and an equally good portfolio? Wouldn't it be better than a portfolio alone?
If 2 persons with the same college degree apply for the same job, certifications set them apart. The one with certifications has more chances to get it.

People coming fresh out of college are already 2-3 years behind on the technology.
Often, reverse-engineering is not even part of college programs or is seen only very briefly
Certifications are a way to stay up-to-date with the new trends and technologies without going back to college every few years.
In computers, learning is a continuous process, what you learned 5-10 years ago may not apply anymore today.

Many employers today still require that "useless" piece of paper, whether it is a degree or certification.
Telling them that they are wrong during the interview is probably not a good idea.

TiGa

Silver
July 18th, 2008, 10:55
Quote:
[Originally Posted by OHPen;75937]@silver: so probably all your reverse engineering till today is also done by your butler This would also imply that you are no reverser. Am i right ?


Yes, dammit. He does all the work, I steal all the glory

avixz
July 18th, 2008, 14:11
I was thinking about a "pure" reverse engineering job, I can only think of malware analyst, I guess industrial espionage is not a job description

If I try to get a job as a malware analyst I'm sure they won't have a training course so between the jobs I could get which would be the most useful to end having a malware analyst job, penetration testing? I have a friend in a computer security company, maybe that would be a path to try

I have pretty good reading skills :P besides good level of english use to be an advantage for us non natives, but those human resources guys give me the creeps

habituallurker
July 18th, 2008, 14:24
Industrial espionage IS a job description. Check out Jason Raber's bio here: http://recon.cx/2008/speakers.html#helikaon But I'd guess with 99% confidence that you have to have a high-level .gov security clearance, and perhaps Chinese language ability, to get it. As for getting a job in AV, my advice would be to analyze malware manually (get some off of http://www.offensivecomputing.net, or anywhere really) and publish the results on some legitimate site (say offensivecomputing itself).

OHPen
July 19th, 2008, 16:52
Only time will give you the necessary reputation you need to enter the job. Before i switched to the reverse engineering career, i had more than 6 years "experince" in the scene. And really, in my application i applied as "Cracker & Reverse Engineer". I admitted that i had several years in a cracking groups and it was the right way. But to be honest, i really had a huge portion of luck. The company i work for is one of the biggest out but regarding the development & reverse engineering section the working atmosphere is more than familiar.
Anyway collect some years of experience and then try the step, if you are not over 30. Only the time will show if it was a good decision

OHPen

Maximus
July 19th, 2008, 17:36
Quote:
[Originally Posted by OHPen;75989]if you are not over 30.



OHPen
July 20th, 2008, 02:39
@Maximus: Maybe you missunderstood me. I just meant that it is very difficult to change from a standard computer related job, which has nothing to do with reversing to a pure reversing job, because you have nothing more than the promise that you are a good reverser (even if you have published articles and codesnippets, etc.). It will be quite difficult to persuade a potential employer that you are qualified enough.
Thats why i mentioned the 30 years age border. The old you get the catchier it gets. Nothing more. I don't want to offent people over 30 yeare although I'm 28, lol.

Regards,

OHPen

avixz
July 20th, 2008, 04:18
No problem I'm almost 28 too I just don't want to end being yet another java programmer, I'll try to go low level but I think it will be easier in the computer security field, I don't have much experience and there's a one year computer security master I can do, I guess that would be easier than getting a job as driver writer without experience

Silver
July 20th, 2008, 14:56
Getting IT security qualifications is easy. Getting into a basic IT security role is almost as easy. Actually being a decent security consultant and working for a decent company takes many years of experience & learning. Security isn't an "easy option".

morel
July 21st, 2008, 05:37
@TiGa:
http://community.reverse-engineering.net/viewtopic.php?f=10&t=6856&sid=9895a4deec4707290c0c8d67c3a80d25 ("http://community.reverse-engineering.net/viewtopic.php?f=10&t=6856&sid=9895a4deec4707290c0c8d67c3a80d25")

"This is the OFFICIAL +Sign with challenges by +Sign owners and officially licensed by them!"

Look around before you start offending people.
FYI I'm currently employed in RE. Nobody asked me for any certificate, the only thing employers were interested in, was my RE related exp.
By "portfolio" I did not mean a bullshit article in a bullshit magazine, but projects strictly related to RE.

Maximus
July 21st, 2008, 06:07
...It means that it is made by +guys allowed to do so -with authorized, 'official' legacy dating back to old days... read what you pasted, at least

---
hehe, dont worry about OHPen, was kidding ...and the knowledge you are 28 makes me not feel so old as would be if you were 21

...sometime when you know the age at which some Reverser were able to do something 'impossible' you start wishing to drown your head into a bucket of orange juice

morel
July 21st, 2008, 06:19
shure, also it's a great way to advertise their bullshit certificates.
i hope they will publish the strainer, after every single one of these 50 lucky bastards who got admitted get their "+", bcoz i'm shure they all will :P.
it'd be better if they were giving out "<=8" (penis) signs instead of "+", to accurately resemble this whole idea.

Maximus
July 21st, 2008, 06:23
?? what do you want over a '+' ??
Is there anything more? Dont think so.

Strainer is free. People that check it do it free.

As it were, is, and will be. It is for the best reversers, made by them for them.
I do not see any problem in it.

About leaks in the strainer -it always happens. But in the end, you see who is really competent and who is a moron.

TiGa
July 21st, 2008, 10:22
There goes that basic reading skills thing again...

Quote:
@TiGa:
http://community.reverse-engineering.net/viewtopic.php?f=10&t=6856&sid=9895a4deec4707290c0c8d67c3a80d25

"This is the OFFICIAL +Sign with challenges by +Sign owners and officially licensed by them!"

Look around before you start offending people.


@Morel:
http://community.reverse-engineering.net/viewtopic.php?f=10&t=6856&sid=9895a4deec4707290c0c8d67c3a80d25

"This is the OFFICIAL +Sign with challenges by +Sign owners and officially licensed by them!"

Look around before you start offending people.

TiGa

rakish
July 21st, 2008, 12:16
zero is one of them?


OHPen
July 21st, 2008, 14:51
@Maximus
did you mean moron or morel ?

OHPen

Zero
July 21st, 2008, 23:24
@morel

maybe you do not got it - or you have not read carefully.

+Sign is free, SciHa website is free.
+Sign is community driven by the largest 3 communities for RCE.

The admins of the 3 communities will now decide where to place the +sign at a neutral page.

Woodmann
July 21st, 2008, 23:25
Howdy,

I dont get this hatred towards the + sign.
And why do you people not think it is relevant to getting a job?

OK, the only thing I can think of about the hatred is jealousy.
I WISH I could complete a strainer for no other reason than to have earned the +. Dont you understand? Oh wait you dont. You are not old enough to understand. When you earn it, you get respect from your peers.
It is not something you get from releasing shitty warez/cracks/keygens/serials.

If you think the + sign is a lame designation, go and earn the + and then renounce it. Nothing would be better. I beg you.

Now, for those of you who dont think you can get a job regarding RCE skills. Stop the negative thoughts. You have no idea how many people here are employed because of their skill at reversing code.
I would not say these things if I did not have first hand knowledge.

What is on your resume?
I have a certificate from a university?
Great, so does everyone else.

What do you list for experience?

Start exploiting your skill.
Tell them you have found the weakness of the XXXX protection.
Tell them that the ZZZZ packer has flaws.
Tell them that you have discovered how the WWWW virus works.
Tell them why you are the best at what you do.

Papers respected by your peers will go a long way to validating these things.

You want more ?

Woodmann

Zero
July 22nd, 2008, 00:14
btw, @morel:

I have checked your posts: 3 out of 5 were flames, and the other 2...
This is your constructive week?

JMI
July 22nd, 2008, 00:59
Judging from morel's second post, I'd say he is just suffering from a bad case of penis envy!

Those who can, "do". Those who can't, "teach". Those who can't teach, "adminstrate". Those who can't do any of these thing just bitch and moan about those who can!

Regards,

disavowed
July 27th, 2008, 18:37
speaking from personal experience, in regard to being a full-time malware analyst, i'd suggest you make sure your automation development skills are just as good as your reversing skills

Kayaker
July 27th, 2008, 20:59
That's an interesting point disavowed. I take that to mean creating your own tools/scripts for various specific or general needs? What kind of things have you found have been required or useful in the real world, beyond the basic debugger/pe editor/import rebuilding tools and techniques? Automation development - unpacking scripts??


Developing your own suite of personalized tools and scripts would be something every serious coder/analyst should develop over time for their work I would presume. I can't see doing much serious long-term work unless you can code your own tools when necessary.

LaBBa
July 28th, 2008, 00:02
Well i was just reading the blackHat forum and then i have found out that even Intel has it's own hackers and reverse engineers

https://www.blackhat.com/presentations/bh-usa-07/Bulygin/Presentation/bh-usa-07-bulygin.pdf ("https://www.blackhat.com/presentations/bh-usa-07/Bulygin/Presentation/bh-usa-07-bulygin.pdf")

so i guess allot of companys want reversers even if we don't think about them ....

evaluator
July 28th, 2008, 11:56
at MY PointER mapVIEWof:

"+" sign WAS emblem of men, whoes opened for MASS - DOORs of knowledge..
&/or made for MASS free tools, progs, fun;
trashing their RSRC (time, health, money) .. for this!

so IMHO "+" in no way can mean some_or_even_big&Certified
knowlege/proffesionalizm! which mostly will used for them_selves.

forget it!

SO:WIDE:IMHO: Certified"+" = is<PEN
& can't be other;

disavowed
July 29th, 2008, 23:06
LaBBa, yes, Tony Kohlenberg (http://www.linkedin.com/pub/0/00a/087) is also a well known security guru at Intel.

Kayaker, it depends on the job. For virus analysts, it typically involves automating the following:
Retrieval of samples.
Categorization of samples.
Unpacking of samples.
Analysis of samples (the most challenging part of the automation).
Signature extraction of samples.
Adding signatures to AV engine.