Advanced Malware Analysis
1st Edition
Published on 5. September 2015
570 pages
978-0-07-181975-6 (ISBN)
Available for download
Description
A one-of-a-kind guide to setting up a malware research lab, using cutting-edge analysis tools, and reporting the findings Advanced Malware Analysis is a critical resource for every information security professional's anti-malware arsenal. The proven troubleshooting techniques will give an edge to information security professionals whose job involves detecting, decoding, and reporting on malware. After explaining malware architecture and how it operates, the book describes how to create and configure a state-of-the-art malware research lab and gather samples for analysis. Then, you ll learn how to use dozens of malware analysis tools, organize data, and create metrics-rich reports. A crucial tool for combatting malware which currently hits each second globally Filled with undocumented methods for customizing dozens of analysis software tools for very specific uses Leads you through a malware blueprint first, then lab setup, and finally analysis and reporting activities Every tool explained in this book is available in every country around the world
More details
Other editions
Additional editions
Christopher Elisan
Advanced Malware Analysis
Book
08/2015
McGraw-Hill Professional
€73.10
Shipment within 15-20 days
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Contents
- Foreword
- Acknowledgments
- Introduction
- Part I Malware Blueprint
- Chapter 1 Malware Analysis 101
- Malware Analysis
- Malware Analysis and Reverse Engineering
- Types of Malware Analysis
- Purpose of Malware Analysis
- Limitations of Malware Analysis
- The Malware Analysis Process
- The Effective Malware Analyst
- Familiarization with Malware
- Familiarization with Analysis Tools
- Patience
- Recap
- Chapter 2 Malware Taxonomy
- Malware Classes
- Infectors
- Network Worms
- Trojan Horse
- Backdoors
- Remote-Access Trojan
- Information Stealers
- Ransomware
- Scareware
- Fakeware
- Greyware
- Recap
- Chapter 3 Malware Deployment
- Malware Infection Vectors
- Speed
- Stealth
- Coverage
- Shelf Life
- Types of Malware Infection Vectors
- Physical Media
- E-mails
- Instant Messaging and Chat
- Social Networking
- URL Links
- File Shares
- Software Vulnerabilities
- Potential Infection Vectors
- Recap
- Chapter 4 Protective Mechanisms
- The Two States of Malware
- Static Malware
- Dynamic Malware
- Protective Mechanisms
- Static Malware Protective Mechanisms
- Dynamic Malware Protective Mechanisms
- Recap
- Chapter 5 Malware Dependencies
- Dependency Types
- Environment Dependencies
- Program Dependencies
- Timing Dependencies
- Event Dependencies
- User Dependencies
- File Dependencies
- Recap
- Part II Malware Research Lab
- Chapter 6 Malware Collection
- Your Own Backyard
- Scan for Malicious Files
- Look for Active Rootkits
- Inspect Startup Programs
- Inspect Running Processes
- Extract Suspicious Files
- Free Sources
- Contagio
- KernelMode.info
- MalShare.com
- Malware.lu
- Malware Blacklist
- Malwarebytes Forum
- Malekal's Forum
- Open Malware
- Tuts4You
- VirusShare.com
- VX Heaven
- Malware Trackers
- Research Mailing Lists
- Sample Exchange
- Commercial Sources
- Honeypots
- Dionaea
- Recap
- Tools
- Chapter 7 Static Analysis Lab
- The Static Analysis Lab
- Host File Inspection Tools
- Mitigate Possible Infection
- Mitigate Becoming a Malware Staging Point
- Anonymous Communication
- Setting Up the Lab
- Choose the Hardware
- Install the Operating System
- Harden the Lab
- Anonymize the Lab
- Isolate the Lab
- The Virtualized Static Analysis Lab
- Backing Up and Restoring
- Recap
- Tools
- Chapter 8 Dynamic Analysis Lab
- Setting Up the Lab
- Choose the Hardware
- Install the Operating System
- Make the Lab Malware Friendly
- Anonymize the Lab
- Isolate the Lab
- Restoring to a Clean State
- Virtualized Environment Clean State Restoration
- Bare-Metal Environment Clean State Restoration
- Backing Up and Restoring
- The Golden Image
- Host OS
- Other Systems Supporting the Lab
- Recap
- Tools
- Part III Malware Inspection
- Chapter 9 The Portable Executable File
- The Windows Portable Executable File
- The PE File Format
- Relative Virtual Address
- PE Import Functions
- PE Export Functions
- 64-Bit PE File Format
- Recap
- Tools
- Chapter 10 The Proper Way to Handle Files
- File's Analysis Life Cycle
- Transfer
- Analysis
- Storage
- Recap
- Tools
- Chapter 11 Inspecting Static Malware
- Static Analysis Techniques
- ID Assignment
- File Type Identification
- Antivirus Detection
- Protective Mechanisms Identification
- PE Structure Verification
- Strings Analysis
- Recap
- Tools
- Chapter 12 Inspecting Dynamic Malware
- Virtual vs. Bare Metal
- Dynamic Analysis
- Analyzing Host Behavior
- Analyzing Network Behavior
- Dynamic Analysis Limitations
- Recap
- Tools
- Chapter 13 Tools of the Trade
- Malware Analysis Use Cases
- Malware Analyst Toolbox
- Tools of the Trade
- Sysinternals Suite
- Yara
- Cygwin
- Debuggers
- Disassemblers
- Memory Dumpers
- PE Viewers
- PE Reconstructors
- Malcode Analyst Pack
- Rootkit Tools
- Network Capturing Tools
- Automated Sandboxes
- Free Online Automated Sandbox Services
- Recap
- Tools
- Part IV Appendixes
- Appendix A Tools List
- Appendix B List of Laboratories
- Appendix C Volatility Framework Basic Plug-ins
- Index
