Learning Malware Analysis : Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware.
Malware analysis and memory forensics are powerful analysis and investigation techniques used in reverse engineering, digital forensics, and incident response. This book teaches you the concepts, tools, and techniques to determine the behavior and characteristics of malware using malware analysis an...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham :
Packt Publishing Ltd,
2018.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Malware Analysis; 1. What Is Malware?; 2. What Is Malware Analysis?; 3. Why Malware Analysis?; 4. Types Of Malware Analysis; 5. Setting Up The Lab Environment; 5.1 Lab Requirements; 5.2 Overview Of Lab Architecture; 5.3 Setting Up And Configuring Linux VM; 5.4 Setting Up And Configuring Windows VM; 6. Malware Sources; Summary; Chapter 2: Static Analysis; 1. Determining the File Type; 1.1 Identifying File Type Using Manual Method.
- 1.2 Identifying File Type Using Tools1.3 Determining File Type Using Python; 2. Fingerprinting the Malware; 2.1 Generating Cryptographic Hash Using Tools; 2.2 Determining Cryptographic Hash in Python; 3. Multiple Anti-Virus Scanning; 3.1 Scanning the Suspect Binary with VirusTotal; 3.2 Querying Hash Values Using VirusTotal Public API; 4. Extracting Strings; 4.1 String Extraction Using Tools; 4.2 Decoding Obfuscated Strings Using FLOSS; 5. Determining File Obfuscation; 5.1 Packers and Cryptors; 5.2 Detecting File Obfuscation Using Exeinfo PE; 6. Inspecting PE Header Information.
- 6.1 Inspecting File Dependencies and Imports6.2 Inspecting Exports; 6.3 Examining PE Section Table And Sections; 6.4 Examining the Compilation Timestamp; 6.5 Examining PE Resources; 7. Comparing And Classifying The Malware; 7.1 Classifying Malware Using Fuzzy Hashing; 7.2 Classifying Malware Using Import Hash; 7.3 Classifying Malware Using Section Hash; 7.4 Classifying Malware Using YARA; 7.4.1 Installing YARA; 7.4.2 YARA Rule Basics; 7.4.3 Running YARA; 7.4.4 Applications of YARA; Summary; Chapter 3: Dynamic Analysis; 1. Lab Environment Overview; 2. System And Network Monitoring.
- 3. Dynamic Analysis (Monitoring) Tools3.1 Process Inspection with Process Hacker; 3.2 Determining System Interaction with Process Monitor; 3.3 Logging System Activities Using Noriben; 3.4 Capturing Network Traffic With Wireshark; 3.5 Simulating Services with INetSim; 4. Dynamic Analysis Steps; 5. Putting it All Together: Analyzing a Malware Executable; 5.1 Static Analysis of the Sample; 5.2 Dynamic Analysis of the Sample; 6. Dynamic-Link Library (DLL) Analysis; 6.1 Why Attackers Use DLLs; 6.2 Analyzing the DLL Using rundll32.exe; 6.2.1 Working of rundll32.exe.
- 6.2.2 Launching the DLL Using rundll32.exeExample 1
- Analyzing a DLL With No Exports; Example 2
- Analyzing a DLL Containing Exports; Example 3
- Analyzing a DLL Accepting Export Arguments; 6.3 Analyzing a DLL with Process Checks; Summary; Chapter 4: Assembly Language and Disassembly Primer; 1. Computer Basics; 1.1 Memory; 1.1.1 How Data Resides In Memory; 1.2 CPU; 1.2.1 Machine Language; 1.3 Program Basics; 1.3.1 Program Compilation; 1.3.2 Program On Disk; 1.3.3 Program In Memory; 1.3.4 Program Disassembly (From Machine code To Assembly code); 2. CPU Registers; 2.1 General-Purpose Registers.