Limit search to available items
Book Cover
Author Kleymenov, Alexey

Title Mastering Malware Analysis : the Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks
Published Birmingham : Packt Publishing, Limited, 2019


Description 1 online resource (548 pages)
Contents Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Section 1: Fundamental Theory; Chapter 1: A Crash Course in CISC/RISC and Programming Basics; Basic concepts; Registers; Memory; Virtual memory; Stack; Branches, loops, and conditions; Exceptions, interrupts, and communicating with other devices; Assembly languages; CISC versus RISC; Types of instructions; Becoming familiar with x86 (IA-32 and x64); Registers; Special registers; The instruction structure; opcode; dest; src; The instruction set; Data manipulation instructions
Data transfer instructionsFlow control instructions; Arguments, local variables, and calling conventions (in x86 and x64); stdcall; Arguments; Local variables; cdecl; fastcall; thiscall; The x64 calling convention; Exploring ARM assembly; Basics; Instruction sets; Basics of MIPS; Basics; The instruction set; Diving deep into PowerPC; Basics; The instruction set; Covering the SuperH assembly; Basics; The instruction set; Working with SPARC; Basics; The instruction set; From assembly to high-level programming languages; Arithmetic statements; If conditions; While loop conditions; Summary
Section 2: Diving Deep into Windows MalwareChapter 2: Basic Static and Dynamic Analysis for x86/x64; Working with the PE header structure; Why PE?; Exploring PE structure; MZ header; PE header; File header; Optional header; Data directory; Section table; PE+ (x64 PE); PE analysis tools; Static and dynamic linking; Static linking; Dynamic linking; Dynamic link libraries; Application programming interface; Dynamic API loading; Using PE header information for static analysis; How to use PE header for incident handling; How to use a PE header for threat intelligence
PE loading and process creationBasic terminology; What's process?; Virtual memory to physical memory mapping; Threads; Important data structures: TIB, TEB, and PEB; Process loading step by step; PE file loading step by step; WOW64 processes; Dynamic analysis with OllyDbg/immunity debugger; Debugging tools; How to analyze a sample with OllyDbg; Types of breakpoints; Step into/step over breakpoint; INT3 breakpoint; Memory breakpoints; Hardware breakpoints; Modifying the program execution; Patching-modifying the program's assembly instructions; Change EFlags
Modifying the instruction pointer valueChanging the program data; Debugging malicious services; What is service?; Attaching to the service; Summary; Chapter 3: Unpacking, Decryption, and Deobfuscation; Exploring packers; Exploring packing and encrypting tools; Identifying a packed sample; Technique 1 -- checking PE tool static signatures; Technique 2 -- evaluating PE section names; Technique 3 -- using stub execution signs; Technique 4 -- detecting a small import table; Automatically unpacking packed samples; Technique 1 -- the official unpacking process; Technique 2 -- using OllyScript with OllyDbg
Summary Malware analysis is a powerful investigation technique widely used in various security areas including digital forensics and incident response processes. Working through practical examples, you'll be able to analyze any type of malware you may encounter within the modern world
Notes Print version record
SUBJECT Microsoft Windows (Computer file) -- Security measures
Microsoft Windows (Computer file) fast
Subject Malware (Computer software)
Computer security.
Cyberterrorism -- Security measures
Computer Security
Microsoft Windows (Programa de ordenador)) -- Estadio y enseƱanza.
Computer security
Malware (Computer software)
Security systems
Reading List SIT324 recommended text 2024
Form Electronic book
Author Thabet, Amr
ISBN 1789614872