A year in review: 2020-2021

This article was published on the 20th of June 2021.

The first article in the Binary Analysis Course was published three years ago! The course is still far from finished, and new articles will be added over time. The course’s progress and direction will be highlighted in this article.

Table of contents

The course’s progress

Unfortunately, it feels like the course’s progress slowed down. There are two reasons as to why this happened. Firstly, and most importantly, I got infected with the Corona virus in early March 2020, after which I got the so called long covid. This caused me to be too tired to do anything after work, aside from sleeping and watching series. Safe to say, I am more than up to date on nearly any TV show.

Secondly, I worked on a different malware research project that I plan to reveal later on. This took me most of my non-sleeping spare time. As I feel much, much better now, and I completed most of the research project, I should be able to dedicate more time to this course again.

Even though the pace slowed down in the past year, I did write about the topics that I wanted to: focusing on multi-stage samples, unpacking samples, deobfuscating code, and writing scripts to automate a part of the analysis. The ReZer0 loader is one such example, where I wrote about both the analysis and created an automatic config and payload dumper. The article about the Ghidra script which decrypts the strings within Amadey 1.09 is also in-line with the goals, and can also be used as a template for different malware samples.

The future

The coming year, I will focus on smaller subjects, allowing me to write smaller blogs, whilst still keeping them very relevant. The usage of smaller here is meant to refer to the length of blogs. Barring cases that are too interesting to skip, specific subjects will be covered, rather than specific samples. Searching samples that contain elements that make for an interesting blog takes a lot of time, which should decrease with this approach. This should make it easier for me to publish blogs on a consistent basis, as I very much want to.

One more significant change to the course, is the addition of images to all articles, including the already published ones. Originally, the idea was to not use images in any way or form, as it forced me to completely and clearly explain the process. Based on the experience I gained in writing over the past few years, using images will only further improve the complete and clear explanation. The added visuals will help readers, but will not replace the extensive explanation that is the signature of this course. This also means that articles can be translated easily, and used by those who require (or prefer) text to speech tools.

I am still toying with the idea of making videos to explain the analysis in a completely visual way. As this is still merely an idea (even after several years of thinking about it), I doubt I will get to this anytime soon. I do have some more concrete ideas this time around, so who knows, and otherwise there is always next year.

To conclude

If you have a question about the course, or want to send me potentially interesting samples, please contact me via any of the methods that are given below.

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], or DM me on Twitter @Libranalysis.