Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Walmart Gift Card
Put the fun of shopping in their hands with Walmart Gift Cards! Ship to Home or Send via email.
Advertisement
Advertisement

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Format:  Paperback,

766 pages

Publisher: Oreilly & Associates Inc

Publish Date: Feb 2012

ISBN-13: 9781593272906

ISBN-10: 1593272901

Buy from Walmart

Shipping & Pickup
Online
$39.99
Not Available at this time

  • Store information not available.

 Buy from Marketplace

Shipping & Additional Information

Book Information

The following content was provided by the publisher.

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, "Practical Malware Analysis" will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You'll learn how to: Set up a safe virtual environment to analyze malwareQuickly extract network signatures and host-based indicatorsUse key analysis tools like IDA Pro, OllyDbg, and WinDbgOvercome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniquesUse your newfound knowledge of Windows internals for malware analysisDevelop a methodology for unpacking malware and get practical experience with five of the most popular packersAnalyze special cases of malware with shellcode, C++, and 64-bit code

Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in "Practical Malware Analysis."

Specifications

Publisher: Oreilly & Associates Inc
Publish Date: Feb 2012
ISBN-13: 9781593272906
ISBN-10: 1593272901
Format: Paperback
Number of Pages: 766
Shipping Weight (in pounds): 2.74
Product in Inches (L x W x H): 7.0 x 9.25 x 1.75

Chapter outline

Praise for Practical Malware Analysis
Warning
About The Authors
About the Technical Reviewer
About the Contributing Authors; Foreword
Acknowledgments
Individual Thanks
Introduction
What Is Malware Analysis?
Prerequisites
Practical, Hands-On Learning
What's in the Book?
Malware Analysis Primer
The Goals of Malware Analysis
Malware Analysis Techniques
Types of Malware
General Rules for Malware Analysis; Basic Analysis
Basic Static Techniques
Antivirus Scanning: A Useful First Step
Hashing: A Fingerprint for Malware
Finding Strings
Packed and Obfuscated Malware
Portable Executable File Format
Linked Libraries and Functions
Static Analysis in Practice
The PE File Headers and Sections
Conclusion
Labs
Malware Analysis in Virtual Machines
The Structure of a Virtual Machine
Creating Your Malware Analysis Machine
Using Your Malware Analysis Machine
The Risks of Using VMware for Malware Analysis
Record/Replay: Running Your Computer in Reverse
Conclusion
Basic Dynamic Analysis
Sandboxes: The Quick-and-Dirty Approach
Running Malware
Monitoring with Process Monitor
Viewing Processes with Process Explorer
Comparing Registry Snapshots with Regshot
Faking a Network
Packet Sniffing with Wireshark
Using INetSim
Basic Dynamic Tools in Practice
Conclusion
Labs; Advanced Static Analysis
A Crash Course in x86 Disassembly
Levels of Abstraction
Reverse-Engineering
The x86 Architecture
Conclusion
IDA Pro
Loading an Executable
The IDA Pro Interface
Using Cross-References
Analyzing Functions
Using Graphing Options
Enhancing Disassembly
Extending IDA with Plug-ins
Conclusion
Labs
Recognizing C Code Constructs in Assembly
Global vs. Local Variables
Disassembling Arithmetic Operations
Recognizing if Statements
Recognizing Loops
Understanding Function Call Conventions
Analyzing switch Statements
Disassembling Arrays
Identifying Structs
Analyzing Linked List Traversal
Conclusion
Labs
Analyzing Malicious Windows Programs
The Windows API
The Windows Registry
Networking APIs
Following Running Malware
Kernel vs. User Mode
The Native API
Conclusion
Labs; Advanced Dynamic Analysis
Debugging
Source-Level vs. Assembly-Level Debuggers
Kernel vs. User-Mode Debugging
Using a Debugger
Exceptions
Modifying Execution with a Debugger
Modifying Program Execution in Practice
Conclusion
OllyDbg
Loading Malware
The OllyDbg Interface
Memory Map
Viewing Threads and Stacks
Executing Code
Breakpoints
Loading DLLs
Tracing
Exception Handling
Patching
Analyzing Shellcode
Assistance Features
Plug-ins
Scriptable Debugging
Conclusion
Labs
Kernel Debugging with WinDbg
Drivers and Kernel Code
Setting Up Kernel Debugging
Using WinDbg
Microsoft Symbols
Kernel Debugging in Practice
Rootkits
Loading Drivers
Kernel Issues for Windows Vista, Windows 7, and x64 Versions
Conclusion
Labs; Malware Functionality
Malware Behavior
Downloaders and Launchers
Backdoors
Credential Stealers
Persistence Mechanisms
Privilege Escalation
Covering Its Tracks—User-Mode Rootkits
Conclusion
Labs
Covert Malware Launching
Launchers
Process Injection
Process Replacement
Hook Injection
Detours
APC Injection
Conclusion
Labs
Data Encoding
The Goal of Analyzing Encoding Algorithms
Simple Ciphers
Common Cryptographic Algorithms
Custom Encoding
Decoding
Conclusion
Labs
Malware-Focused Network Signatures
Network Countermeasures
Safely Investigate an Attacker Online
Content-Based Network Countermeasures
Combining Dynamic and Static Analysis Techniques
Understanding the Attacker's Perspective
Conclusion
Labs; Anti-Reverse-Engineering
Anti-Disassembly
Understanding Anti-Disasseeeeeembly
Defeating Disassembly Algorithms
Anti-Disassembly Techniques
Obscuring Flow Control
Thwarting Stack-Frame Analysis
Conclusion
Labs
Anti-Debugging
Windows Debugger Detection
Identifying Debugger Behavior
Interfering with Debugger Functionality
Debugger Vulnerabilities
Conclusion
Labs
Anti-Virtual Machine Techniques
VMware Artifacts
Vulnerable Instructions
Tweaking Settings
Escaping the Virtual Machine
Conclusion
Labs
Packers and Unpacking
Packer Anatomy
Identifying Packed Programs
Unpacking Options
Automated Unpacking
Manual Unpacking
Tips and Tricks for Common Packers
Analyzing Without Fully Unpacking
Packed DLLs
Conclusion
Labs; Special Topics
Shellcode Analysis
Loading Shellcode for Analysis
Position-Independent Code
Identifying Execution Location
Manual Symbol Resolution
A Full Hello World Example
Shellcode Encodings
NOP Sleds
Finding Shellcode
Conclusion
Labs
C++ Analysis
Object-Oriented Programming
Virtual vs. Nonvirtual Functions
Creating and Destroying Objects
Conclusion
Labs
64-Bit Malware
Why 64-Bit Malware?
Differences in x64 Architecture
Windows 32-Bit on Windows 64-Bit
64-Bit Hints at Malware Functionality
Conclusion
Labs
Important Windows Functions
Tools for Malware Analysis
Solutions to Labs
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions
Solutions

Book description

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You'll learn how to:

  • Set up a safe virtual environment to analyze malware
  • Quickly extract network signatures and host-based indicators
  • Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
  • Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
  • Use your newfound knowledge of Windows internals for malware analysis
  • Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
  • Analyze special cases of malware with shellcode, C++, and 64-bit code

Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Gifting Plans

Financing Offers

Make the most of your shopping experience with the Walmart® MasterCard® or Walmart Credit Card.

Save $25 when you open a Walmart® Credit Card and spend $75 today.

*Offer subject to credit approval

Learn More or Apply Now