Veze, linkovi
Kompjuter biblioteka
Mastering Malware Analysis

Zaštita i sigurnost Zaštita i sigurnost

Mastering Malware Analysis

Autor: Alexey Kleymenov, Amr Thabet
Broj strana: 562
ISBN broj: 9781789610789
Godina izdanja: 2019.

Twitter   Facebook   Linkedin   Pinterest   Email
Predlog za prevod


  • Explore widely used assembly languages to strengthen your reverse-engineering skills
  • Master different executable file formats, programming languages, and relevant APIs used by attackers
  • Perform static and dynamic analysis for multiple platforms and file types
  • Get to grips with handling sophisticated malware cases
  • Understand real advanced attacks, covering all stages from infiltration to hacking the system
  • Learn to bypass anti-reverse engineering techniques

With the ever-growing proliferation of technology, the risk of encountering malicious code or malware has also increased. Malware analysis has become one of the most trending topics in businesses in recent years due to multiple prominent ransomware attacks. Mastering Malware Analysis explains the universal patterns behind different malicious software types and how to analyze them using a variety of approaches. You will learn how to examine malware code and determine the damage it can possibly cause to your systems to ensure that it won't propagate any further. Moving forward, you will cover all aspects of malware analysis for the Windows platform in detail. Next, you will get to grips with obfuscation and anti-disassembly, anti-debugging, as well as anti-virtual machine techniques. This book will help you deal with modern cross-platform malware. Throughout the course of this book, you will explore real-world examples of static and dynamic malware analysis, unpacking and decrypting, and rootkit detection. Finally, this book will help you strengthen your defenses and prevent malware breaches for IoT devices and mobile platforms. By the end of this book, you will have learned to effectively analyze, investigate, and build innovative solutions to handle any malware incidents.

  • Set up and model solutions, investigate malware, and prevent it from occurring in future
  • Learn core concepts of dynamic malware analysis, memory forensics, decryption, and much more
  • A practical guide to developing innovative solutions to numerous malware incidents

Table of contents

1 A Crash Course in CISC/RISC and Programming Basics
Basic concepts
Assembly languages
Becoming familiar with x86 (IA-32 and x64)
Exploring ARM assembly
Basics of MIPS
Covering the SuperH assembly
Working with SPARC
From assembly to high-level programming languages

2 Basic Static and Dynamic Analysis for x86/x64
Working with the PE header structure
Static and dynamic linking
Using PE header information for static analysis
PE loading and process creation
Dynamic analysis with OllyDbg/immunity debugger
Debugging malicious services

3 Unpacking, Decryption, and Deobfuscation
Exploring packers
Identifying a packed sample
Automatically unpacking packed samples
Manual unpacking using OllyDbg
Dumping the unpacked sample and fixing the import table
Identifying different encryption algorithms and functions
String search detection techniques for simple algorithms
Identifying the RC4 encryption algorithm
Standard symmetric and asymmetric encryption algorithms
Applications of encryption in modern malware – Vawtrak banking Trojan
Using IDA for decryption and unpacking

4 Inspecting Process Injection and API Hooking
Understanding process injection
DLL injection
Working with process injection
Dynamic analysis of code injection
Memory forensics techniques for process injection
Understanding API hooking
Working with API hooking
Exploring IAT hooking

5 Bypassing Anti-Reverse Engineering Techniques
Exploring debugger detection
Handling debugger breakpoints evasion
Escaping the debugger
Obfuscation and anti-disassemblers
Detecting and evading behavioral analysis tools
Detecting sandboxes and virtual machines

6 Understanding Kernel-Mode Rootkits
Kernel mode versus user mode
Windows internals
Rootkits and device drivers
Hooking mechanisms
Process injection in kernel mode
KPP in x64 systems (PatchGuard)
Static and dynamic analysis in kernel mode

7 Handling Exploits and Shellcode
Getting familiar with vulnerabilities and exploits
Cracking the shellcode
Exploring bypasses for exploit mitigation technologies
Analyzing Microsoft Office exploits
Studying malicious PDFs

8 Reversing Bytecode Languages: .NET, Java, and More
Exploring the theory of bytecode languages
.NET explained
.NET malware analysis
The essentials of Visual Basic
Dissecting Visual Basic samples
The internals of Java samples
Python—script language internals
Analyzing compiled Python

9 Scripts and Macros: Reversing, Deobfuscation, and Debugging
Classic shell script languages
VBScript explained
Those evil macros inside documents
The power of PowerShell
Handling JavaScript
Behind C&C—even malware has its own backend
Other script languages

10 Dissecting Linux and IoT Malware
Explaining ELF files 
Exploring common behavioral patterns
Static and dynamic analysis of x86 (32- and 64-bit) samples
Learning Mirai, its clones, and more
Static and dynamic analysis of RISC samples
Handling other architectures

11 Introduction to macOS and iOS Threats
Understanding the role of the security model
File formats and APIs
Static and dynamic analyses of macOS and iOS samples
Attack stages
Advanced techniques
Analysis workflow

12 Analyzing Android Malware Samples
(Ab)using Android internals 
Understanding Dalvik and ART 
Malware behavior patterns
Static and dynamic analysis of threats



• Srdjan B
Da li je u plans izdavanje ove knjige .. Bilo bi vredno imati je u kolekciji. Pozdrav za Kombib

Ostavite komentar Ostavite komentar



Zaštita od zlonamernih programa (Malware analysis)

Zaštita od zlonamernih programa (Malware analysis)

Popust cena:
2100.00 rsd

CompTIA Security+: SY0-601 vodič za sertifikaciju

CompTIA Security+: SY0-601 vodič za sertifikaciju

Popust cena:
2200.00 rsd

Veze, linkovi
Linkedin Twitter Facebook
© Sva prava pridržana, Kompjuter biblioteka, Beograd, Obalskih radnika 4a, Telefon: +381 11 252 0 272