Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Which of these would a reverse engineer be allowed to do with the disassembled malware executable?
Replace bytes
Add additional bytes
Remove bytes
None of these
He can only replace bytes in a reversed executable. If he adds or removes bytes, the resultant .exe would be non-functional. Comment: Wrong. Are you referring to a hex editor instead of a disassembler? *** Actually, reverse engineers are allowed to do all of these things and typically do. Replacing bytes is simply patching. But removing bytes can also be usefull, for example, to cutt-off the wrapper for better perception. Adding bytes is rarely useful, but can be done in some cases. Basically, reverse engineers can ARE ALLOWED to edit the file in any way needed. The question should have been something like: "Which of these would a reverse engineer USUALLY/ TYPICALLY do with the disassembled malware executable?" -- Please rephrase this question and better the complete malware analysis section, because the authors of the question obviously lack competence.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.