| Description |
1 online resource (802 pages) |
| Contents |
Warning; About the Authors; About the Technical Reviewer; About the Contributing Authors; Foreword; Acknowledgments; Individual Thanks; Introduction; What Is Malware Analysis?; Prerequisites; Practical, Hands-On Learning; What's in the Book?; 0: Malware Analysis Primer; The Goals of Malware Analysis; Malware Analysis Techniques; Basic Static Analysis; Basic Dynamic Analysis; Advanced Static Analysis; Advanced Dynamic Analysis; Types of Malware; General Rules for Malware Analysis; Part 1: Basic Analysis; 1: Basic Static Techniques; Antivirus Scanning: A Useful First Step |
|
Hashing: A Fingerprint for MalwareFinding Strings; Packed and Obfuscated Malware; Packing Files; Detecting Packers with PEiD; Portable Executable File Format; Linked Libraries and Functions; Static, Runtime, and Dynamic Linking; Exploring Dynamically Linked Functions with Dependency Walker; Imported Functions; Exported Functions; Static Analysis in Practice; PotentialKeylogger.exe: An Unpacked Executable; PackedProgram.exe: A Dead End; The PE File Headers and Sections; Examining PE Files with PEview; Viewing the Resource Section with Resource Hacker; Using Other PE File Tools |
|
PE Header SummaryConclusion; Lab 1-1; Questions; Lab 1-2; Questions; Lab 1-3; Questions; Lab 1-4; Questions; 2: Malware Analysis in Virtual Machines; The Structure of a Virtual Machine; Creating Your Malware Analysis Machine; Configuring VMware; Using Your Malware Analysis Machine; Connecting Malware to the Internet; Connecting and Disconnecting Peripheral Devices; Taking Snapshots; Transferring Files from a Virtual Machine; The Risks of Using VMware for Malware Analysis; Record/Replay: Running Your Computer in Reverse; Conclusion; 3: Basic Dynamic Analysis |
|
Sandboxes: The Quick-and-Dirty ApproachUsing a Malware Sandbox; Sandbox Drawbacks; Running Malware; Monitoring with Process Monitor; The Procmon Display; Filtering in Procmon; Viewing Processes with Process Explorer; The Process Explorer Display; Using the Verify Option; Comparing Strings; Using Dependency Walker; Analyzing Malicious Documents; Comparing Registry Snapshots with Regshot; Faking a Network; Using ApateDNS; Monitoring with Netcat; Packet Sniffing with Wireshark; Using INetSim; Basic Dynamic Tools in Practice; Conclusion; Lab 3-1; Questions; Lab 3-2; Questions; Lab 3-3; Questions |
|
Lab 3-4Questions; Part 2: Advanced Static Analysis; 4: A Crash Course in x86 Disassembly; Levels of Abstraction; Reverse-Engineering; The x86 Architecture; Main Memory; Instructions; Opcodes and Endianness; Operands; Registers; Simple Instructions; The Stack; Conditionals; Branching; Rep Instructions; C Main Method and Offsets; More Information: Intel x86 Architecture Manuals; Conclusion; 5: IDA Pro; Loading an Executable; The IDA Pro Interface; Disassembly Window Modes; Useful Windows for Analysis; Returning to the Default View; Navigating IDA Pro; Searching; Using Cross-References |
| Summary |
There are more than 100 malicious computer attacks every second, resulting in tens of billions of dollars in economic damages each year. Among security professionals, the skills required to quickly analyze and assess these attacks are in high demand. Practical Malware Analysis provides a rapid introduction to the tools and methods used to dissect malicious software (malware), showing readers how to discover, debug, and disassemble these threats. The book goes on to examine how to overcome the evasive techniques?stealth, code obfuscation, encryption, file packing, and others?that malware author |
| Notes |
Code Cross-References |
|
English |
|
Print version record |
| Subject |
Malware (Computer software)
|
|
Computer viruses.
|
|
Debugging in computer science.
|
|
Computer security
|
|
COMPUTERS -- Security -- Viruses & Malware.
|
|
Computer security
|
|
Computer viruses
|
|
Debugging in computer science
|
|
Malware (Computer software)
|
| Form |
Electronic book
|
| Author |
Honig, Andrew
|
| ISBN |
9781593274306 |
|
1593274300 |
|
1593272901 |
|
9781593272906 |
|
