Windows APT Warfare: Identify and prevent Windows APT attacks effectively
暫譯: Windows APT 戰爭:有效識別與防範 Windows APT 攻擊

Ma, Sheng-Hao

  • 出版商: Packt Publishing
  • 出版日期: 2023-03-10
  • 售價: $1,640
  • 貴賓價: 9.5$1,558
  • 語言: 英文
  • 頁數: 258
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 180461811X
  • ISBN-13: 9781804618110
  • 立即出貨 (庫存=1)

商品描述

此書是作者 aaaddress1(馬聖豪)暢銷書 Windows APT Warfare:惡意程式前線戰術指南 的英文版本。

Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Understand how malware evades modern security products
• Learn to reverse engineer standard PE format program files
• Become familiar with modern attack techniques used by multiple red teams

Book Description

An Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you've understood the internal design of operating systems, you'll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you'll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection.

As you advance, you'll cover practical examples of malware and online game hacking, such as EXE infection, shellcode development, software packers, UAC bypass, path parser vulnerabilities, and digital signature forgery, gaining expertise in keeping your system safe from this kind of malware.

 

By the end of this book, you'll be well equipped to implement the red team techniques that you've learned on a victim's computer environment, attempting to bypass security and antivirus products, to test its defense against Windows APT attacks.

What you will learn

• Explore various DLL injection techniques for setting API hooks
• Understand how to run an arbitrary program file in memory
• Become familiar with malware obfuscation techniques to evade antivirus detection
• Discover how malware circumvents current security measures and tools
• Use Microsoft Authenticode to sign your code to avoid tampering
• Explore various strategies to bypass UAC design for privilege escalation

Who this book is for

This book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.

商品描述(中文翻譯)

此書是作者 aaaddress1(馬聖豪)暢銷書 [Windows APT Warfare:惡意程式前線戰術指南](https://www.tenlong.com.tw/products/9789864347544) 的英文版本。

從 PE 二進位結構學習 Windows 系統設計,並了解紅隊用於實施先進防禦的現代實用攻擊技術。

購買印刷版或 Kindle 書籍包括免費 PDF 電子書。

主要特點

- 了解惡意程式如何躲避現代安全產品
- 學習逆向工程標準 PE 格式程式檔案
- 熟悉多個紅隊使用的現代攻擊技術

書籍描述

高級持續性威脅(APT)是一種嚴重的網路攻擊形式,會在系統中潛伏較長時間,尋找並利用敏感資訊。防止 APT 需要堅實的基本安全技術基礎,並結合有效的安全監控。本書將幫助您從紅隊的角度理解如何利用系統設計,並掌握防止 APT 攻擊的技術。一旦您了解了作業系統的內部設計,您將準備好親自進行紅隊攻擊,並進一步學習如何將 C 源碼創建並編譯成 EXE 程式檔案。在本書中,您將探索 Windows 系統的運作方式,以及攻擊者如何利用這些知識來繞過防毒產品和保護措施。

隨著進展,您將涵蓋惡意程式和線上遊戲駭客的實用範例,例如 EXE 感染、shellcode 開發、軟體打包器、UAC 繞過、路徑解析漏洞和數位簽章偽造,獲得保護系統免受這類惡意程式的專業知識。

在本書結束時,您將能夠在受害者的電腦環境中實施您所學的紅隊技術,嘗試繞過安全和防毒產品,以測試其對 Windows APT 攻擊的防禦能力。

您將學到的內容

- 探索各種 DLL 注入技術以設置 API 鉤子
- 了解如何在記憶體中運行任意程式檔案
- 熟悉惡意程式混淆技術以躲避防毒檢測
- 發現惡意程式如何繞過當前的安全措施和工具
- 使用 Microsoft Authenticode 簽署您的程式碼以避免篡改
- 探索各種策略以繞過 UAC 設計以提升權限

本書適合對象

本書適合網路安全專業人士,特別是任何從事 Windows 安全、惡意程式研究、網路管理員、道德駭客,尋求探索 Windows 漏洞、核心實踐和逆向工程的人士。對逆向工程和 C/C++ 的基本理解將會有所幫助。

目錄大綱

1. From Source to Binaries – The Journey of a C Program
2. Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing
3. Dynamic API Calling – Thread, Process, and Environment Information
4. Shellcode Technique – Exported Function Parsing
5. Application Loader Design
6. PE Module Relocation
7. PE to Shellcode – Transforming PE Files into Shellcode
8. Software Packer Design
9. Digital Signature – Authenticode Verification
10. Reversing User Account Control and Bypassing Tricks
11. Appendix – NTFS, Paths, and Symbols

目錄大綱(中文翻譯)

1. From Source to Binaries – The Journey of a C Program

2. Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing

3. Dynamic API Calling – Thread, Process, and Environment Information

4. Shellcode Technique – Exported Function Parsing

5. Application Loader Design

6. PE Module Relocation

7. PE to Shellcode – Transforming PE Files into Shellcode

8. Software Packer Design

9. Digital Signature – Authenticode Verification

10. Reversing User Account Control and Bypassing Tricks

11. Appendix – NTFS, Paths, and Symbols