The theater of the information security professional has changed
drastically in recent years. We are no longer tasked with defending
critical organizational assets from the unwelcome inquiry of curious
youth; we, as a community, are now faced with fending off relentless and
technically sophisticated attacks perpetrated by organized and nation
state-backed criminals motivated by fi nancial or geopolitical gain.
The prevalence of security holes in programs and protocols, the
increasing size and complexity of the Internet, and the sensitivity of the
information stored throughout have created a target-rich environment
for our next-generation adversary. This criminal element is employing
advanced polymorphic software that is specifi cally engineered to evade
IDS, IPS and AV detection engines, and provide complete remote control
and eavesdropping functionality on the victims’ computer. One of the
few offenses we can deploy in order to understand and predict the
impact of these malicious software programs is through employment of
advanced reverse engineering techniques, leveraging industry-standard
tools from companies like Data Rescue and Zynamics.
This book represents the leading thought from the reverse engineering
world. The authors are tremendous people in their own right, and I trust
you and your organization will fi nd a wealth of information that will
help prepare you for the proactive computer security frontier.