Reverse engineering
New, undiscovered vulnerabilities are often found using a process called reverse engineering. Although the title may be self-explanatory, let's have a closer look at what reverse engineering stands for.
Generally speaking, reverse engineering is the process of extracting information (basically from anything; it could be a building, software, or hardware) and reproducing it based on this information. Let's take an example of disassembling a LEGO building kit. What you do (probably without even realizing it) is that you use some kind of information about the subject and use this information to dig deeper, disassembling every LEGO part, leaving no parts connected. Then you use this information again to assemble the parts into something quite different, let's say an Android mascot.
Although this may sound weird reading all this in a penetration-testing book, it is absolutely the same for real penetration testing, finding and creating exploits for vulnerabilities...
