Nyre-Yu, MeganButler, KarinBolstad, Cheryl2021-12-242021-12-242022-01-04978-0-9981331-5-7http://hdl.handle.net/10125/79608Software is ubiquitous in society, but understanding it, especially without access to source code, is both non-trivial and critical to security. A specialized group of cyber defenders conducts reverse engineering (RE) to analyze software. The expertise-driven process of software RE is not well understood, especially from the perspective of workflows and automated tools. We conducted a task analysis to explore the cognitive processes that analysts follow when using static techniques on binary code. Experienced analysts were asked to statically find a vulnerability in a small binary that could allow for unverified access to root privileges. Results show a highly iterative process with commonly used cognitive states across participants of varying expertise, but little standardization in process order and structure. A goal-centered analysis offers a different perspective about dominant RE states. We discuss implications about the nature of RE expertise and opportunities for new automation to assist analysts using static techniques.10 pagesengAttribution-NonCommercial-NoDerivatives 4.0 InternationalCyber Deception and Cyberpsychology for Defensecybersecurityreverse engineeringcognitive processautomationtext10.24251/HICSS.2022.275