Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Malware Analysis
  • Table Of Contents Toc
Mastering Malware Analysis

Mastering Malware Analysis - Second Edition

By : Alexey Kleymenov, Amr Thabet
4.4 (7)
Buy this Book
close
close
Mastering Malware Analysis

Mastering Malware Analysis

4.4 (7)
By: Alexey Kleymenov, Amr Thabet
Buy this Book

Overview of this book

New and developing technologies inevitably bring new types of malware with them, creating a huge demand for IT professionals that can keep malware at bay. With the help of this updated second edition of Mastering Malware Analysis, you’ll be able to add valuable reverse-engineering skills to your CV and learn how to protect organizations in the most efficient way. This book will familiarize you with multiple universal patterns behind different malicious software types and teach you how to analyze them using a variety of approaches. You'll learn how to examine malware code and determine the damage it can possibly cause to systems, along with ensuring that the right prevention or remediation steps are followed. As you cover all aspects of malware analysis for Windows, Linux, macOS, and mobile platforms in detail, you’ll also get to grips with obfuscation, anti-debugging, and other advanced anti-reverse-engineering techniques. The skills you acquire in this cybersecurity book will help you deal with all types of modern malware, strengthen your defenses, and prevent or promptly mitigate breaches regardless of the platforms involved. By the end of this book, you will have learned how to efficiently analyze samples, investigate suspicious activity, and build innovative solutions to handle malware incidents.
Table of Contents (20 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Part 1 Fundamental Theory
Icon
Part 1 Fundamental Theory
Lock Free Chapter
2
Chapter 1: Cybercrime, APT Attacks, and Research Strategies
Icon
Chapter 1: Cybercrime, APT Attacks, and Research Strategies
Icon
Why malware analysis?
Icon
Exploring types of malware
Icon
The MITRE ATT&CK framework explained
Icon
APT and zero-day attacks and fileless malware
Icon
Choosing your analysis strategy
Icon
Setting up the environment
Icon
Summary
3
Chapter 2: A Crash Course in Assembly and Programming Basics
Icon
Chapter 2: A Crash Course in Assembly and Programming Basics
Icon
Basics of informatics
Icon
Architectures and their assembly
Icon
Becoming familiar with x86 (IA-32 and x64)
Icon
Exploring ARM assembly
Icon
Basics of MIPS
Icon
Diving deep into PowerPC
Icon
Covering the SuperH assembly
Icon
Working with SPARC
Icon
Moving from assembly to high-level programming languages
Icon
Summary
4
Part 2 Diving Deep into Windows Malware
Icon
Part 2 Diving Deep into Windows Malware
5
Chapter 3: Basic Static and Dynamic Analysis for x86/x64
Icon
Chapter 3: Basic Static and Dynamic Analysis for x86/x64
Icon
Working with the PE header structure
Icon
Static and dynamic linking
Icon
Using PE header information for static analysis
Icon
PE loading and process creation
Icon
Basics of dynamic analysis using OllyDbg and x64dbg
Icon
Debugging malicious services
Icon
Essentials of behavioral analysis
Icon
Summary
6
Chapter 4: Unpacking, Decryption, and Deobfuscation
chevron up
Icon
Chapter 4: Unpacking, Decryption, and Deobfuscation
Icon
Exploring packers
Icon
Identifying a packed sample
Icon
Automatically unpacking packed samples
Icon
Manual unpacking techniques
Icon
Dumping the unpacked sample and fixing the import table
Icon
Identifying simple encryption algorithms and functions
Icon
Advanced symmetric and asymmetric encryption algorithms
Icon
Applications of encryption in modern malware – Vawtrak banking Trojan
Icon
Using IDA for decryption and unpacking
Icon
Summary
7
Chapter 5: Inspecting Process Injection and API Hooking
Icon
Chapter 5: Inspecting Process Injection and API Hooking
Icon
Understanding process injection
Icon
DLL injection
Icon
Diving deeper into process injection
Icon
A dynamic analysis of code injection
Icon
Memory forensics techniques for process injection
Icon
Understanding API hooking
Icon
Exploring IAT hooking
Icon
Summary
8
Chapter 6: Bypassing Anti-Reverse Engineering Techniques
Icon
Chapter 6: Bypassing Anti-Reverse Engineering Techniques
Icon
Exploring debugger detection
Icon
Handling the evasion of debugger breakpoints
Icon
Escaping the debugger
Icon
Understanding obfuscation and anti-disassemblers
Icon
Detecting and evading behavioral analysis tools
Icon
Detecting sandboxes and VMs
Icon
Summary
9
Chapter 7: Understanding Kernel-Mode Rootkits
Icon
Chapter 7: Understanding Kernel-Mode Rootkits
Icon
Kernel mode versus user mode
Icon
Windows internals
Icon
Rootkits and device drivers
Icon
Hooking mechanisms
Icon
DKOM
Icon
Process injection in kernel mode
Icon
KPP in x64 systems (PatchGuard)
Icon
Static and dynamic analysis in kernel mode
Icon
Summary
10
Part 3 Examining Cross-Platform and Bytecode-Based Malware
Icon
Part 3 Examining Cross-Platform and Bytecode-Based Malware
11
Chapter 8: Handling Exploits and Shellcode
Icon
Chapter 8: Handling Exploits and Shellcode
Icon
Getting familiar with vulnerabilities and exploits
Icon
Cracking the shellcode
Icon
Exploring bypasses for exploit mitigation technologies
Icon
Analyzing Microsoft Office exploits
Icon
Studying malicious PDFs
Icon
Summary
12
Chapter 9: Reversing Bytecode Languages – .NET, Java, and More
Icon
Chapter 9: Reversing Bytecode Languages – .NET, Java, and More
Icon
The basic theory of bytecode languages
Icon
.NET explained
Icon
.NET malware analysis
Icon
The essentials of Visual Basic
Icon
Dissecting Visual Basic samples
Icon
The internals of Java samples
Icon
Analyzing compiled Python threats
Icon
Summary
13
Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging
Icon
Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging
Icon
Classic shell script languages
Icon
VBScript explained
Icon
VBA and Excel 4.0 (XLM) macros and more
Icon
The power of PowerShell
Icon
Handling JavaScript
Icon
Behind C&C – even malware has its own backend
Icon
Other script languages
Icon
Summary
14
Part 4 Looking into IoT and Other Platforms
Icon
Part 4 Looking into IoT and Other Platforms
15
Chapter 11: Dissecting Linux and IoT Malware
Icon
Chapter 11: Dissecting Linux and IoT Malware
Icon
Explaining ELF files
Icon
Exploring common behavioral patterns
Icon
Static and dynamic analysis of x86 (32- and 64-bit) samples
Icon
Learning about Mirai, its clones, and more
Icon
Static and dynamic analysis of RISC samples
Icon
Handling other architectures
Icon
Summary
16
Chapter 12: Introduction to macOS and iOS Threats
Icon
Chapter 12: Introduction to macOS and iOS Threats
Icon
Understanding the role of the security model
Icon
File formats and APIs
Icon
Attack stages
Icon
Advanced techniques
Icon
Static and dynamic analysis of macOS and iOS samples
Icon
The analysis workflow
Icon
Summary
17
Chapter 13: Analyzing Android Malware Samples
Icon
Chapter 13: Analyzing Android Malware Samples
Icon
(Ab)using the Android internals
Icon
Understanding Dalvik and ART
Icon
File formats and APIs
Icon
Malware behavior patterns
Icon
Static and dynamic analysis of threats
Icon
Summary
18
Index
Icon
Index
Icon
Why subscribe?
19
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you

Unpacking, Decryption, and Deobfuscation

In this chapter, we are going to explore different techniques that have been introduced by malware authors to bypass antivirus software static signatures and trick inexperienced reverse engineers. These are mainly, packing, encryption, and obfuscation. We will learn how to identify packed samples, how to unpack them, how to deal with different encryption algorithms – from simple ones, such as sliding key encryption, to more complex algorithms, such as 3DES, AES, and RSA – and how to deal with API encryption, string encryption, and network traffic encryption.

This chapter will help you deal with malware that uses packing and encryption to evade detection and hinder reverse engineering. With the information in this chapter, you will be able to manually unpack malware samples with custom types of packers, understand the malware encryption algorithms that are needed to decrypt its code, strings, APIs, or network traffic, and extract...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Malware Analysis
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon