I think (i could be wrong though), that a lot of reverse engineering jobs in the commercial sector are advertised as "Software engineers" or "software security", rarely do they use the title "Reverse Engineer", focus on the job description that contains relevant keywords.
As for A community for RE, unfortunately I only know of /r/ReverseEngineering and a discord channel, they both smack of elitism (those who know something will make you jump through hoops rather than suggest a reading material, some other place to look for your answer, or antagonize you in different ways), that has been my experience with them so far.
I found this video to be very interesting and inspiring for people like me who'd love to do projects to improve their reverse engineering skills (even the content is not strictly about reverse engineering).
> Also, you haven't really defined what "makes sense" means for you. Does that mean being able to refactor it, maintain or just evaluate it?
I meant to be able to understand the components that make up the software, so to be able to maintain it and contribute to code base.
Easiest way to work around this, for me, is to right-click the "web" link at the top of the HN post, then open that in a private/incognito window, then click through to the actual article from Google.
Since publishers are more concerned about not appearing to serve different content to Google (against Google's TOS), they generally show the full article content from that referer.
I'm able to see it, but this banner is on the bottom of the page "This is your last free article." I wonder if it the number of articles resets monthly, or if this is my last one until I clear my cookies.
This was the require textbook when i took a PSY101 class, I found that it covered many aspects in psychology in friendly and easy manner, along with examples and explanations:
"Psychology And Life"
https://www.amazon.com/dp/0205843379/
> Leave the reverse engineering of malware etc. to people with more interest and time.
...
> (remember, your average consumer believes in using an anti-virus to clean out a infected machine, when the correct thing to do is a complete wipe and reinstallation). Easier get them to offload most of their productivity tools to SaaSes and buy plenty of insurance than try to force FANG-level access control protocols on them.
Not really, do you honestly want people to be hosting their own email servers? Stuff like networked filesystems and NAS over VPN requires a tremendous amount of work to properly secure. Better give the money to a *aas company than to waste it on incompetent IT departments. Especially since a lot of companies consider IT to be a cost center instead of a source of value. Idealism is nice and all but most companies won't care enough and data protection laws don't magically make the problem go away. More pragmatic to simply outsource security to more qualified technical companies instead of trying to do it yourself. Also, low level OS/assembly level domain knowledge isn't as useful for non-technical, SMEs. There's not much a company can do when you tell them their 30 year old in-house CAD software written in Fortran 77 parses file in an insecure way after fuzzing it. Their original programmer is long gone. They are not going to rewrite it anytime soon. Sticking it in a VM may be their best option. You are not there to engineer a malware to break their systems. You are their to tell them what's wrong and how to fix it in the cheapest way possible. Threats from phishing, ransomware, and poorly implemented BYOD policies are a lot more dangerous to most companies.
putting aside CMU (a lot of people wouldn't be able to get into it), what would you recommend for someone getting a Software Engineering degree to get into low level security ?
Pick a school that uses a low-level language. C is great. Java, Python, Javascript, and Scheme are all bad.
Take the courses that involve writing compilers and operating systems.
Do a project that involves writing an emulator, perhaps for one of the things DD-WRT runs on. You could start from MAME or Qemu, or do the whole thing from nothing.
Write a boot sector for the demo scene. For example, recently somebody wrote a PAC-MAN clone to run in 512 bytes.
Solve a DEFCON CTF problem. They are difficult puzzles, so try several. Learn to use Ghidra (free) or a similar tool. Freeware and demo versions are available for IDA Pro, Hopper Disassembler, and Binary Ninja.
