Static Analysis

Secondary Categories: 02-Malware

Description:

Most AV and EDR use some form of static analysis to determine if the the program is malicious or not. Some methods used for analyzing payloads is the use the following:

Checksums
Strings
Byte Sequences

Bypass

There are seveal ways to bypass static analysis by doing the the following:

Changing function names
Removing comments and ASCII Art
Encrypting shellcode
Unique variable names
Appending strings to the end of the payload that may not be used by the program but will make the EDR or AV think its safe. Such as using string from known safe exe files

IMPORTANT When encrypting shellcode it can give the payload a high entropy and for different EDR and AV a payload with a really high entropy can trigger EDR to flag the payload as malicious.

Resources:

Title	URL
place	holder

Also Check Out:

Binary Entropy

The Void 🌌

Explorer

Static Analysis

Description:

Bypass

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer