Say have a binary file without the source code available, how to get started understanding how it works?
I found some sources:
- http://decompilation.wiki/
- https://mahaloz.re/dec-progress-2024
- https://github.com/NationalSecurityAgency/ghidra
Can I spot places in the code that make network connection attempts, de obfuscate spyware?
I don’t really know much about how capable Wireshark filtering is to be honest. I usually can filter out what I think are background noises, and it has been enough for me so far. No clue if Wireshark allows filtering by process ID.