Applying Static Analysis
This lecture builds off of the Wk04.1 lecture by demonstrating how to use the tools introduced in that lecture in the construction of a tool for data management and ingestion.
Some key elements of MongoDB are introduced. More information is available here: MongoDB Documentation
Some existing open-source malware management platforms that we use as production examples:
We discuss how collection requirements are defined to give direction to what analysis is to be performed on a sample. From that, we integrate our tools from Tuesday’s discussion into a single script that performs the data extraction, normalization, and storage (into MongoDB) steps for us. We then demonstrate using that script on an entire directory of malware:
cd test_samples ls -1U | xargs -n 1 ../metadata_import.py -f
Once the data has been ingested, we are able to perform broad analysis across the entire dataset using single queries.
Slides: lecture-w04-2.pdf (PDF)
Video: CS7038: Wk04.2 - Static Analysis Introduction
Note: Video contains a bug where Wk04.1 is listed, but it is actually Wk04.2 lecture