WINDOWS APT WARFARE identify and prevent Windows APT attacks effectively /

Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand how malware evades modern security products Learn to reverse en...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Ma, Sheng-Hao (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: [S.l.] : PACKT PUBLISHING LIMITED, 2023.
Edición:1st edition.
Temas:
Malware (Computer software) > Prevention.
Windows (Computer programs) > Security measures.
Fenêtres (Informatique) > Sécurité > Mesures.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Foreword
  • Contributors
  • Disclaimer
  • Table of Contents
  • Preface
  • Part 1
  • Modern Windows Compiler
  • Chapter 1: From Source to Binaries
  • The Journey of a C Program
  • The simplest Windows program in C
  • C compiler
  • assembly code generation
  • Assembler
  • transforming assembly code into machine code
  • Compiling code
  • Windows linker
  • packing binary data into PE format
  • Running static PE files as dynamic processes
  • Summary
  • Chapter 2: Process Memory
  • File Mapping, PE Parser, tinyLinker, and Hollowing
  • Sample programs
  • The memory of the static contents of PE files
  • NT Headers
  • Section Headers
  • PE Parser example
  • Dynamic file mapping
  • PE infection (PE Patcher) example
  • tinyLinker example
  • Examples of process hollowing
  • PE files to HTML
  • Summary
  • Chapter 3: Dynamic API Calling
  • Thread, Process, and Environment Information
  • Sample programs
  • Function calling convention
  • Calling convention
  • Thread Environment Block (TEB)
  • Process Environment Block
  • Examples of process parameter forgery
  • Examples of enumerating loaded modules without an API
  • Examples of disguising and hiding loaded DLLs
  • Summary
  • Part 2
  • Windows Process Internals
  • Chapter 4: Shellcode Technique
  • Exported Function Parsing
  • Sample programs
  • EATs in PE
  • Examples of a DLL file analyzer
  • Dynamic crawling function in PE
  • Examples of writing shellcode in x86
  • A shellcode generator in Python
  • Summary
  • Chapter 5: Application Loader Design
  • Import Address Table in PE
  • Import API analyzer example
  • Calling programs directly in memory
  • Examples of IAT hijack
  • DLL side-loading example
  • Summary
  • Chapter 6: PE Module Relocation
  • Relocation table of PE
  • tinyLoader example
  • Summary
  • Part 3
  • Abuse System Design and Red Team Tips
  • Chapter 7: PE to Shellcode
  • Transforming PE Files into Shellcode
  • The open source project pe_to_shellcode analysis
  • Parsing Kernel32's export table in x86 assembly
  • Getting API addresses in x86 assembly
  • File mapping and repairing an import table in x86
  • Handling relocation in x86
  • An example of PE to shellcode
  • Summary
  • Chapter 8: Software Packer Design
  • What is a software packer?
  • Packer builder
  • Stub
  • the main program of an unpacker
  • Examples of software packers
  • Summary
  • Chapter 9: Digital Signature
  • Authenticode Verification
  • Authenticode digital signatures
  • Signature verification
  • WinVerifyTrust under the hood
  • Signature data in PE files
  • PKCS#7 information
  • Examples of mock signatures
  • Examples of bypassing hash verification
  • Examples of signature steganography
  • Getting signed by abusing path normalization
  • Summary
  • Chapter 10: Reversing User Account Control and Bypassing Tricks
  • UAC overview
  • RAiLaunchAdminProcess callback
  • Two-level authentication mechanism
  • Authentication A

Ejemplares similares