Futaba _ Webs 🕸🕸🎃🕸🕸

🎃 The Art of Code Analysis

Learn The Language 🕸🕸🎃🕸🕸

It’s a no brainer on this one…. But YES, LEARN…THE….LANGUAGE! Remember, you CAN reverse engineer and put two and two together, but you’re better off knowing the native language, otherwise you’ll not only have to research the language itself as you study it, but the code itself, on top of any unique techniques that might be embedded within the code. By simply being somewhat knowledgeable about the language first, from there, you can simply worry about studying the code for any vulnerabilities that might exist within it.

There are resources like W3 schools for example that can increase your level of literacy in a language depending on how experienced you are already with a programming language. For me this is about 12 hours per language to be prepped and ready in case I don't know the language.

Part of the main reason I know many programming languages is to avoid having to learn a new one. I'm literate in many already and can read and pick up as I go, which allows me to FOCUS on the analysis.

Break The System Apart 🕸🕸🎃🕸🕸

One of the many benefits of studying code analysis, whether it be for vulnerability assessments or forensics malware analysis, is you get to “break” the system apart and see what makes it tick. This is where you get your hands dirty and REALLY get under the hood to properly understand how the system works.

Whether you be a threat actor or a professional who does things ethical offensively/defensively, This is a great opportunity to to learn, more so if you’re on the more offensive side of things, as you’ll not only be tasked with finding vulnerabilities and figuring out how to mitigate them, but threat modeling various attack vectors that are possible should a vulnerability exist within the code, meaning…. YOU GET HANDS ON EXPERIENCE CRAFTING EXPLOITS/SCENARIOS depending on which side you’re on which is the fun part. This also, of course, depends on the role you work for and overall responsibilities. This is also where you “learn” more complex programming techniques related to your area of choice in Cyber.

When you’re analyzing code, you want to get into the habit of breaking down each line of code at a time. Each line has a story to tell, and you might miss something if you overlook it no matter how simple it is.

For example, there was a set of JS code I was studying a while back for the new malware analysis series I’m working on. The code revolved around DOS’ing a server, but at a quick glance I assumed the way the code was behaving had much to do with overloading the web application server via HTTP requests only, HOWEVER, what I overlooked was memory overloads that were being used to crash the server. Each time the code ran, it behaved in a manner that would cause the server to store more and more memory which is unethical, which can lead to an eventual crash in the long run, more so since it is used for loops to enhance the process. For those that don’t know, using for loops consumes quite an amount of memory, and without proper memory deallocation techniques, with today’s modern processing power, you can crash a system in seconds.

By properly analyzing the code flow, I was able to both formulate a mitigation to the threat, as well as figuring out crafty ways to abuse the exploit.