Dynamic analysis is a great technique to understand the behavior of malware and to determine its network and host-based indicators. You can use dynamic analysis to validate findings obtained during static analysis. Combining static  analysis and dynamic analysis helps you gain a better understanding of the malware binary. Basic dynamic analysis has its limitations, and to gain a deeper insight into the workings of the malware binary, you will have to perform code analysis (reverse engineering).

For example, most malware samples used in this chapter used encrypted communication to communicate with their C2 server. Using dynamic analysis, we were only able to determine the encrypted communication, but to understand how the malware is encrypting the traffic and what data it is encrypting, you need to learn how to perform code analysis.

In the next few chapters, you will learn the basics, tools, and techniques to perform code analysis.