- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Praise for Practical Malware Analysis
- Warning
- About the Authors
- Foreword
- Acknowledgments
- Introduction
- 0. Malware Analysis Primer
- I. Basic Analysis
- Conclusion
- Labs
- 2. Malware Analysis in Virtual Machines
- 3. Basic Dynamic Analysis
- Sandboxes: The Quick-and-Dirty Approach
- Running Malware
- Monitoring with Process Monitor
- Viewing Processes with Process Explorer
- Comparing Registry Snapshots with Regshot
- Faking a Network
- Packet Sniffing with Wireshark
- Using INetSim
- Basic Dynamic Tools in Practice
- Conclusion
- Labs
- Lab 3-1
- Lab 3-2
- Lab 3-3
- Lab 3-4
- Questions
- II. Advanced Static Analysis
- 4. A Crash Course in x86 Disassembly
- 5. IDA Pro
- Using Cross-References
- Analyzing Functions
- Using Graphing Options
- Enhancing Disassembly
- Extending IDA with Plug-ins
- Conclusion
- Labs
- 6. Recognizing C Code Constructs in Assembly
- 7. Analyzing Malicious Windows Programs
- The Windows API
- The Windows Registry
- Networking APIs
- Following Running Malware
- Kernel vs. User Mode
- The Native API
- Labs
- Lab 7-1
- Lab 7-2
- Lab 7-3
- Questions
- III. Advanced Dynamic Analysis
- 8. Debugging
- 9. OllyDbg
- 10. Kernel Debugging with WinDbg
- Rootkits
- Loading Drivers
- Kernel Issues for Windows Vista, Windows 7, and x64 Versions
- Conclusion
- Labs
- Lab 10-1
- Lab 10-2
- Lab 10-3
- Questions
- IV. Malware Functionality
- 11. Malware Behavior
- 12. Covert Malware Launching
- 13. Data Encoding
- 14. Malware-Focused Network Signatures
- Network Countermeasures
- Safely Investigate an Attacker Online
- Content-Based Network Countermeasures
- Combining Dynamic and Static Analysis Techniques
- The Danger of Overanalysis
- Hiding in Plain Sight
- Understanding Surrounding Code
- Finding the Networking Code
- Knowing the Sources of Network Content
- Hard-Coded Data vs. Ephemeral Data
- Identifying and Leveraging the Encoding Steps
- Creating a Signature
- Analyze the Parsing Routines
- Targeting Multiple Elements
- Understanding the Attacker’s Perspective
- Conclusion
- Labs
- Lab 14-1
- Lab 14-2
- Lab 14-3
- Questions
- V. Anti-Reverse-Engineering
- 15. Anti-Disassembly
- 16. Anti-Debugging
- 17. Anti-Virtual Machine Techniques
Using a suite of relatively simple tools, we can perform static analysis on malware to gain a certain amount of insight into its function. But static analysis is typically only the first step, and further analysis is usually necessary. The next step is setting up a safe environment so you can run the malware and perform basic dynamic analysis, as you’ll see in the next two chapters.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.