Use the below steps to review the binary containing the decoder stub.

1. Run the signature detection script against the binary by typing the following in the open Terminal session:

$ ./sigDetect.py ch09-revshell64-decoder

2. Next, run objdump against the binary:

$ objdump -d -M intel ch09-revshell64-decoder

3. After reviewing the output, let's look at the binary in EDB:

$ edb --run ./ch09-revshell64-decoder

4. Next, press the Run button so that EDB hits the breakpoint on the main function within the binary.
5. Left-click and highlight the call rdx instruction at 004004ef and press F2 on the keyboard to place a breakpoint.
6. Press the Run button so that EDB hits the breakpoint.
7. Step into the call rdx instruction by pressing the Step Into button.
8. Press the Step Into button.
9. Press the Step Into button.
10. Place a breakpoint on the jmp 0x60105c instruction at the 00601055 address by highlighting that line and pressing F2 on the keyboard.
11. Press the Step Into button.
12. Review the Registers window, specifically the rcx register and the r10 register.
13. Press the Step Into button. 
14. Continue to press the Step Into button and watch the instructions beginning at address 0060105c transform.
15. Press the Run button to hit the breakpoint we set in step 10.
16. Review the decoded instructions starting at address 060105c. Do they look familiar?