Obfuscation and Deobfuscation

I was on Hack The Box Academy, happily reading along when the first word of the module popped up: understanding. Good.
Next word: code. Still good.
Then the third word appeared: deobfuscation.

And I just stared at it like, “How many alphabets did they use to make this word?” I tried pronouncing it five or six times. For a moment, I genuinely believed Shashi Tharoor writes simpler words 😂. Eventually, yes, I managed to say it without hurting my tongue.

Anyway, let’s move to the topic.

Obfuscation 

As the name suggest , it is process of converting simple things ( notes , words , sentences ) into complex form 😂. 
More precisely , it is the process of taking a simple , clear sentence and writing it in a complex cipher, using synonyms from a dead language, and adding alot of irrelevant words. The meaning remains preserved, but it is extremely hard to understand ( same as the name of topic obfuscation) . 

Defuscation

It is simply opposite of obfuscation. It is the process of taking unclear , messed cipher and decoding it's original, simple sentence.

Why do we need Deobfuscation ? 

It is primarily used for to completely opposing reasons:

(A) For Malicious Actors ( The "Bad Guy" )

  • To analyze the security products : An attacker might obfuscate a malicious payload to bypass the Web Application Firewall (WAF) . Then , you as a security researcher would deobfuscate the payload to understand the attack, and update the WAF's rule. 
  • To steal intellectual property : To understand and copy core logic of a competitor's obfuscate the software . 

(B) For Defenders and Developers ( The "Good Guys" )

  • Malware Analysis :  Malware authors heavily obfuscate their code to avoid detection by antivirus software and to avoid detection by hinder analysis. You as a security guy then deobfuscate the code to : 
    • Understand it's functionality ( What does it do ? ) 
    • Identify it's capabilities ( keylogging , data theft , ransomware )
    • Extract indicators of compromise ( IoC's like domain , IP address , file hashes )
    • Develop signature and counter measure. 
  • Vulnerability Research : To find weakness in obfuscated software .
  • Debugging and legacy code maintenance : To old or poorly documented code that has been obfuscated, either intentionally or as a side-effect of minification . 

Hope , you found something useful in this blog . We will come back again in order to cover this topic further in more depth like what are the techniques of obfuscation and deofuscation , moreover to this we will be also covering how deobfuscation is performed


Next Blog - Obfuscation and Deobfuscation part 2 ?


 

Comments

Post a Comment

Popular posts from this blog

OSINT Basics: Introduction, Scope, and Ethical Boundaries (Part 1)

Image
Disclaimer: All the tools and methods discussed in this blog are part of what I am learning in a safe and legal environment . This content is strictly for educational purposes only and is not intended to harm any individual or organization. Even though we all know that theoretical knowledge alone is not enough, most of my learning so far has been on the theory side. From now on, I’ll try to balance both theory and practical understanding — slowly and responsibly. That brings us to today’s topic: OSINT . What is OSINT? OSINT stands for Open Source Intelligence . As the name suggests, it is about gathering information from publicly available sources such as: the internet social media news articles public records OSINT has nothing to do with hacking . It focuses on collecting and analyzing information that is already exposed — often unintentionally. Why OSINT matters in cybersecurity OSINT helps us understand the human attack surface , which is often the weakest link in sec...
Read more

Cybersecurity Devices and Technologies Part 1

There is no single device or technology that can solve all the security needs of an organization on its own. A secure network is built by choosing the right tools for the right purpose. This blog covers some of the basic devices and technologies used in the field of network security. Security Appliances Security appliances can be physical devices like routers, or software tools running on those devices. They generally fall into six categories: Routers : Routers primarily connect different network segments, but they also offer basic traffic-filtering features. This helps decide which devices can connect and which networks they’re allowed to communicate with. Firewalls : Firewalls are the guardians of a network. They inspect traffic more deeply and can detect suspicious or harmful behaviour. Firewalls enforce security policies on every packet that passes through them. Intrusion Prevention System (IPS) : An IPS uses traffic signatures to detect and block malicious activities i...
Read more