Basic Static Analysis Part 1

In this module, we'll be discussing basic static analysis and begin with assembly code. You'll learn how to read the raw assembly code from the executable. You'll also be learning about debuggers, compilers, and disassemblers. The key characteristics of static analysis are that it is a slow, very detail-oriented process, requiring huge technical know-how. Static analysis is utilised to confirm your findings in dynamic analysis and understand the behaviour of malware. It also helps you to identify additional Indicators of Compromise (IOCs) such as encrypted strings or payloads, domain generation algorithms (DGA's), and network traffic encryption algorithms. Static analysis helps in determining malware defences such as anti-debugging and anti-VM. You'll also learn how to assess malware risks and their impact on a system, malware sophistication, and attributions. Further, you'll learn that assembly code is a human readable code for a particular chip. You'll also learn about various chip architectures like x86, x64. We'll also discuss about the various chip manufacturers such as Intel, AMD, ARM, MIPS and where these are used. Next, we'll understand the x64 and x86 assembly. X86 is the most common architecture and we'll discuss this in some detail as most malware is written in it. X86 is known as a complex syntax instruction set and has many functions. As an aspiring assembly coder or someone trying to read/understand assembly, you'll need programming knowledge like functions, local variables, and application programming interface (API's) and some math know-how like binary, hexadecimal and decimal (and how to convert them). We then move on to demonstrating compilers like GCC C, Cygwin; debuggers like IDA Pro, OllyDbg 2.0, and finally Visual Studio.