Resources on reverse engineering?

[Bruce Dawson]

For figuring out what a linux program is/does, you'll use the following
tools:

   * ldd - lists share libraries used by an executable
   * gdb - used to pick apart an executable at the assembly-language level
   * strings - used to extract the strings from a file.
   * nm - lists the symbols in a file.
   * strace - lists the system calls a program makes (as it executes)
   * ltrace - lists the library calls a program makes (as it executes).

Things that help are:

   * A library of cracking tools - most script-kiddie tools are
permutations of others with relatively few changes between them. (Don't
ask me for such a library - I don't have one).
   * A rubber room - to help you deal with obfuscated executables. ;-)
   * A *lot* of disk space. Even more if you want to monitor traffic
to/from your honeypot.
   * Sources to everything.
   * Good knowledge of programming at the machine / assembler level (for
dealing with stripped executables).
   * An MD5 listing of every file on your honepot.

Oh, did I mention that patience helps?

Did I mention that patience helps a lot?

A lot of patience helps a lot!

And given the current state of the world, you may want a good lawyer/boss
who can defend your work.

And above all, keep your work under lock and key! We don't want these
script kiddies getting more help than hindrance. DO NOT put your tools on
your honeypot!