Windows Malware Analysis Essentials

Victor Marak

  • 出版商: Packt Publishing
  • 出版日期: 2015-08-31
  • 售價: $2,180
  • 貴賓價: 9.5$2,071
  • 語言: 英文
  • 頁數: 330
  • 裝訂: Paperback
  • ISBN: 1785281518
  • ISBN-13: 9781785281518
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Master the fundamentals of malware analysis for the Windows platform and enhance your anti-malware skill set

About This Book

  • Set the baseline towards performing malware analysis on the Windows platform and how to use the tools required to deal with malware
  • Understand how to decipher x86 assembly code from source code inside your favourite development environment
  • A step-by-step based guide that reveals malware analysis from an industry insider and demystifies the process

Who This Book Is For

This book is best for someone who has prior experience with reverse engineering Windows executables and wants to specialize in malware analysis. The book presents the malware analysis thought process using a show-and-tell approach, and the examples included will give any analyst confidence in how to approach this task on their own the next time around.

What You Will Learn

  • Use the positional number system for clear conception of Boolean algebra, that applies to malware research purposes
  • Get introduced to static and dynamic analysis methodologies and build your own malware lab
  • Analyse destructive malware samples from the real world (ITW) from fingerprinting and static/dynamic analysis to the final debrief
  • Understand different modes of linking and how to compile your own libraries from assembly code and integrate the codein your final program
  • Get to know about the various emulators, debuggers and their features, and sandboxes and set them up effectively depending on the required scenario
  • Deal with other malware vectors such as pdf and MS-Office based malware as well as scripts and shellcode

In Detail

Windows OS is the most used operating system in the world and hence is targeted by malware writers. There are strong ramifications if things go awry. Things will go wrong if they can, and hence we see a salvo of attacks that have continued to disrupt the normal scheme of things in our day to day lives. This book will guide you on how to use essential tools such as debuggers, disassemblers, and sandboxes to dissect malware samples. It will expose your innards and then build a report of their indicators of compromise along with detection rule sets that will enable you to help contain the outbreak when faced with such a situation.

We will start with the basics of computing fundamentals such as number systems and Boolean algebra. Further, you'll learn about x86 assembly programming and its integration with high level languages such as C++.You'll understand how to decipher disassembly code obtained from the compiled source code and map it back to its original design goals.

By delving into end to end analysis with real-world malware samples to solidify your understanding, you'll sharpen your technique of handling destructive malware binaries and vector mechanisms. You will also be encouraged to consider analysis lab safety measures so that there is no infection in the process.

Finally, we'll have a rounded tour of various emulations, sandboxing, and debugging options so that you know what is at your disposal when you need a specific kind of weapon in order to nullify the malware.

Style and approach

An easy to follow, hands-on guide with descriptions and screenshots that will help you execute effective malicious software investigations and conjure up solutions creatively and confidently.

商品描述(中文翻譯)

掌握 Windows 平台的惡意程式分析基礎,提升您的反惡意程式技能組合

關於本書
- 設定在 Windows 平台上執行惡意程式分析的基準,以及如何使用處理惡意程式所需的工具
- 理解如何從您喜愛的開發環境中的源代碼解讀 x86 組合語言代碼
- 一個逐步指導的手冊,揭示來自業界內部人士的惡意程式分析,並揭開這一過程的神秘面紗

本書適合誰
本書最適合具有反向工程 Windows 可執行檔經驗的人,並希望專精於惡意程式分析。書中以展示和說明的方式呈現惡意程式分析的思考過程,所包含的範例將使任何分析師在下次獨立處理此任務時充滿信心。

您將學到什麼
- 使用位置數字系統以清晰理解適用於惡意程式研究的布林代數
- 了解靜態和動態分析方法,並建立自己的惡意程式實驗室
- 從指紋識別和靜態/動態分析到最終報告,分析來自現實世界的破壞性惡意程式樣本
- 理解不同的連結模式,以及如何從組合語言代碼編譯自己的庫並將代碼整合到最終程式中
- 了解各種模擬器、除錯器及其功能,以及沙盒,並根據所需情境有效設置它們
- 處理其他惡意程式載體,如基於 PDF 和 MS-Office 的惡意程式,以及腳本和 shellcode

詳細內容
Windows 作業系統是全球使用最廣泛的作業系統,因此成為惡意程式作者的目標。如果事情出錯,將會有嚴重的後果。如果有可能,事情就會出錯,因此我們看到一波波攻擊持續擾亂我們日常生活的正常運作。本書將指導您如何使用除錯器、反組譯器和沙盒等基本工具來剖析惡意程式樣本。它將揭示您的內部結構,並建立其妥協指標的報告,連同檢測規則集,幫助您在面對此類情況時控制疫情。

我們將從計算基礎的基本概念開始,例如數字系統和布林代數。接著,您將學習 x86 組合語言編程及其與高級語言(如 C++)的整合。您將理解如何解讀從編譯源代碼獲得的反組譯代碼,並將其映射回原始設計目標。

通過深入分析現實世界的惡意程式樣本以鞏固您的理解,您將提升處理破壞性惡意程式二進位檔和載體機制的技巧。您還將被鼓勵考慮分析實驗室的安全措施,以確保過程中不會發生感染。

最後,我們將全面了解各種模擬、沙盒和除錯選項,以便您知道在需要特定類型的武器以消除惡意程式時可以使用什麼。

風格與方法
一本易於跟隨的實用指南,配有描述和截圖,幫助您有效執行惡意軟體調查,並創造性和自信地提出解決方案。