What Part of JMP RSP Don’t You Understand

Assembly Language Bootcamp for Malware Analysis

I’ll be running this workshop at the 35th FIRST Conference to be held this year on 8 June 2023, in Montreal, Canada. If you’re planning to attend, please drop in, attend the workshop or just come around to say Hello!

Summary

Assembly language is one of the building blocks of all applications that we analyse in the field of Malware Analysis today. This workshop starts of with the basics of Assembly language and goes into details of how to write and subsequently read Assembly code and make sense of it all. Attendees will get to write simple applications and then analyse them in this hands-on, fully practical workshop. We finish off by analysing real-world malware by looking at their assembly code and interpreting it into actionable information.

Session Outline

Assembly Language basics — 30 mins
1. Instructions
2. OpCodes
3. Registers (EFLAGS)
Writing Assembly code — 60 mins
1. Environment Setup
2. NASM — online and offline versions
3. Code examples — building applications in NASM
Reading Assembly code — 30 mins
1. Code examples
2. Applications
Real-world Malware — 60 mins
1. Binary Analysis — Static

2. Binary Analysis — Dynamic

More details on the conference:
https://www.first.org/conference/2023/program