ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Mastering Malware Analysis

دانلود کتاب تسلط بر تجزیه و تحلیل بدافزار

Mastering Malware Analysis

مشخصات کتاب

Mastering Malware Analysis

ویرایش:  
نویسندگان:   
سری:  
ISBN (شابک) : 9781789610789 
ناشر: Packt Publishing Ltd. 
سال نشر: 2019 
تعداد صفحات: 547 
زبان: English 
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 28 مگابایت 

قیمت کتاب (تومان) : 32,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 11


در صورت تبدیل فایل کتاب Mastering Malware Analysis به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب تسلط بر تجزیه و تحلیل بدافزار نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی در مورد کتاب تسلط بر تجزیه و تحلیل بدافزار

برای محافظت از سیستم های خود در برابر آلوده شدن، آنالیز بدافزار را مسلط کنید ویژگی های کلیدی راه حل ها را تنظیم و مدل کنید، بدافزارها را بررسی کنید و از تکرار آن جلوگیری کنید مفاهیم اصلی مربوط به تجزیه و تحلیل بدافزار پویا، پزشکی قانونی حافظه، رمزگشایی و موارد دیگر را بیاموزید راه‌حل‌های نوآورانه برای حوادث متعدد بدافزار توسعه دهید توضیحات کتاب با گسترش فناوری و افزایش حملات باج افزار برجسته، تجزیه و تحلیل بدافزار به موضوعی پرطرفدار در سال های اخیر تبدیل شده است. با کمک این کتاب، می‌توانید خطر مواجهه با کدهای مخرب و بدافزارها را کاهش دهید. تسلط بر تجزیه و تحلیل بدافزار الگوهای جهانی پشت انواع مختلف نرم افزارهای مخرب و نحوه تجزیه و تحلیل آنها با استفاده از روش های مختلف را توضیح می دهد. شما یاد خواهید گرفت که چگونه کد بدافزار را بررسی کنید، آسیبی که می تواند به سیستم شما وارد کند را تعیین کنید و از انتشار آن جلوگیری کنید. این کتاب حتی تمام جنبه های تجزیه و تحلیل بدافزار برای پلتفرم ویندوز را به طور مفصل پوشش می دهد. با پیشروی، با مبهم سازی مقابله می کنید و همچنین به تکنیک های ضد جداسازی، رفع اشکال و ضد ماشین مجازی می پردازید. در طول دوره این کتاب، نمونه‌های واقعی از تجزیه و تحلیل بدافزار استاتیک و پویا، باز کردن بسته‌بندی و رمزگشایی، و شناسایی روت‌کیت را بررسی خواهید کرد و نحوه برخورد با بدافزارهای چند پلتفرمی مدرن را یاد خواهید گرفت. در نهایت، نحوه تقویت سیستم دفاعی خود و جلوگیری از نفوذ بدافزار برای دستگاه های اینترنت اشیا و پلتفرم های تلفن همراه را مطالعه خواهید کرد. در پایان این کتاب، شما یاد خواهید گرفت که به طور موثر حوادث بدافزار را تجزیه و تحلیل و بررسی کنید و راه حل های خلاقانه ای برای مقابله با آنها بسازید. آنچه خواهید آموخت برای تقویت مهارت های مهندسی معکوس خود، زبان های اسمبلی پرکاربرد را کاوش کنید به فرمت های مختلف فایل های اجرایی، زبان های برنامه نویسی و API های مرتبط مورد استفاده مهاجمان تسلط داشته باشید انجام تجزیه و تحلیل استاتیک و پویا برای چندین پلتفرم و انواع فایل با رسیدگی به پرونده های بدافزار پیچیده مقابله کنید تمام مراحل حملات پیشرفته واقعی، از نفوذ گرفته تا هک سیستم را درک کنید کشف کنید که چگونه می توانید تکنیک های ضد مهندسی معکوس را دور بزنید این کتاب برای چه کسی است اگر مدیر امنیت فناوری اطلاعات، تحلیلگر پزشکی قانونی، یا محقق بدافزار هستید که به دنبال ایمن سازی در برابر نرم افزارهای مخرب یا بررسی کدهای مخرب هستید، این کتاب برای شما مناسب است. تجربه برنامه نویسی و درک درستی از حملات و تحقیقات بدافزار انتظار می رود. فهرست مطالب


توضیحاتی درمورد کتاب به خارجی

Master malware analysis to protect your systems from getting infected Key Features Set up and model solutions, investigate malware, and prevent it from recurring Learn core concepts relating to dynamic malware analysis, memory forensics, decryption, and much more Develop innovative solutions to numerous malware incidents Book Description With the proliferation of technology and increase in prominent ransomware attacks, malware analysis has become a trending topic in recent years. With the help of this book, you'll be able to mitigate the risk of encountering malicious code and malware. Mastering Malware Analysis explains the universal patterns behind different malicious software types and how to analyze them using a variety of approaches. You'll learn how to examine malware code, determine the damage it can cause to your systems, and prevent it from propagating. This book even covers all aspects of malware analysis for the Windows platform in detail. As you advance, you'll get to grips with obfuscation as well as delve into anti-disassembly, anti-debugging, and anti-virtual machine techniques. Throughout the course of this book, you'll explore real-world examples of static and dynamic malware analysis, unpacking and decrypting, and rootkit detection, and learn to deal with modern cross-platform malware. Finally, you'll study how to strengthen your defenses and prevent malware breaches for IoT devices and mobile platforms. By the end of this book, you'll have learned to effectively analyze and investigate malware incidents and build innovative solutions to tackle them. What you will learn Explore widely used assembly languages to enhance your reverse-engineering skills Master different executable file formats, programming languages, and relevant APIs used by attackers Perform static and dynamic analysis for multiple platforms and file types Get to grips with handling sophisticated malware cases Understand all stages of real advanced attacks, from infiltration to hacking the system Discover how you can bypass anti-reverse engineering techniques Who this book is for If you are an IT security administrator, forensic analyst, or malware researcher looking to secure against malicious software or investigate malicious code, this book is for you. Some programming experience and a fair understanding of malware attacks and investigation is expected. Table of Contents



فهرست مطالب

Cover
Title Page
Copyright and Credits
About Packt
Contributors
Table of Contents
Preface
Section 1: Fundamental Theory
Chapter 1: A Crash Course in CISC/RISC and Programming Basics
	Basic concepts
		Registers
		Memory
			Virtual memory
			Stack
		Branches, loops, and conditions
		Exceptions, interrupts, and communicating with other devices
	Assembly languages
		CISC versus RISC
		Types of instructions
	Becoming familiar with x86 (IA-32 and x64)
		Registers
			Special registers
		The instruction structure
			opcode
			dest
			src
		The instruction set
			Data manipulation instructions
			Data transfer instructions
			Flow control instructions
		Arguments, local variables, and calling conventions (in x86 and x64)
			stdcall
				Arguments
				Local variables
			cdecl
			fastcall
			thiscall
			The x64 calling convention
	Exploring ARM assembly
		Basics
		Instruction sets
	Basics of MIPS
		Basics
		The instruction set
		Diving deep into PowerPC
		Basics
		The instruction set
	Covering the SuperH assembly
		Basics
		The instruction set
	Working with SPARC
		Basics
		The instruction set
	Moving from assembly to high-level programming languages
		Arithmetic statements
		If conditions
		While loop conditions
	Summary
Section 2: Diving Deep into Windows Malware
Chapter 2: Basic Static and Dynamic Analysis for x86/x64
	Working with the PE header structure
		Why PE?
		Exploring PE structure
			MZ header
			PE header
			File header
			Optional header
			Data directory
			Section table
		PE+ (x64 PE)
		PE analysis tools
	Static and dynamic linking
		Static linking
		Dynamic linking
		Dynamic link libraries
		Application programming interface
		Dynamic API loading
	Using PE header information for static analysis
		How to use PE header for incident handling
		How to use a PE header for threat intelligence
	PE loading and process creation
		Basic terminology
			What's process?
			Virtual memory to physical memory mapping
			Threads
			Important data structures: TIB, TEB, and PEB
		Process loading step by step
		PE file loading step by step
		WOW64 processes
	Dynamic analysis with OllyDbg/immunity debugger
		Debugging tools
		How to analyze a sample with OllyDbg
		Types of breakpoints
			Step into/step over breakpoint
			INT3 breakpoint
		Memory breakpoints
			Hardware breakpoints
		Modifying the program execution
			Patching—modifying the program's assembly instructions
			Change EFlags
			Modifying the instruction pointer value
			Changing the program data
	Debugging malicious services
		What is service?
		Attaching to the service
	Summary
Chapter 3: Unpacking, Decryption, and Deobfuscation
	Exploring packers
		Exploring packing and encrypting tools
	Identifying a packed sample
		Technique 1 – checking PE tool static signatures
		Technique 2 – evaluating PE section names
		Technique 3 – using stub execution signs
		Technique 4 – detecting a small import table
	Automatically unpacking packed samples
		Technique 1 – the official unpacking process
		Technique 2 – using OllyScript with OllyDbg
		Technique 3 – using generic unpackers
		Technique 4 – emulation
		Technique 5 – memory dumps
	Manual unpacking using OllyDbg
		Technique 6 – memory breakpoint on execution
			Step 1 – setting the breakpoints
			Step 2 – turning on Data Execution Prevention
			Step 3 – preventing any further attempts to change memory permissions
			Step 4 – executing and getting the OEP
		Technique 7 – call stack backtracing
			Step 1 – setting the breakpoints
			Step 2 – following the call stack
			Step 3 – reaching the OEP
		Technique 8 – monitoring memory allocated spaces for unpacked code
		Technique 9 – in-place unpacking
		Technique 10 – stack restoration based
	Dumping the unpacked sample and fixing the import table
		Dumping the process
		Fixing the import table
	Identifying different encryption algorithms and functions
		Types of encryption algorithms
		Basic encryption algorithms
		How to identify encryption functions
	String search detection techniques for simple algorithms
		The basics of X-RAYING
			Simple static encryption
			Other encryption algorithms
		X-RAYING tools for malware analysis and detection
	Identifying the RC4 encryption algorithm
		The RC4 encryption algorithm
			Key-scheduling algorithm
			Pseudo-random generation algorithm
		Identifying RC4 algorithms in a malware sample
	Standard symmetric and asymmetric encryption algorithms
		Extracting information from Windows cryptography APIs
			Step 1 – initializing and connecting to the cryptographic service provider (CSP)
			Step 2 – preparing the key
			Step 3 – encrypting or decrypting the data
			Step 4 – freeing the memory
		Cryptography API next generation (CNG)
	Applications of encryption in modern malware – Vawtrak banking Trojan
		String and API name encryption
		Network communication encryption
	Using IDA for decryption and unpacking
		IDA tips and tricks
			Static analysis
			Dynamic analysis
		Classic and new syntax of IDA scripts
		Dynamic string decryption
		Dynamic WinAPIs resolution
	Summary
Chapter 4: Inspecting Process Injection and API Hooking
	Understanding process injection
		What's process injection?
		Why process injection?
	DLL injection
		Windows-supported DLL injection
		A simple DLL injection technique
	Working with process injection
		Getting the list of running processes
		Code injection
		Advanced code injection-reflective DLL injection
		Stuxnet secret technique-process hollowing
	Dynamic analysis of code injection
		Technique 1—debug it where it is
		Technique 2—attach to the targeted process
		Technique 3—dealing with process hollowing
	Memory forensics techniques for process injection
		Technique 1—detecting code injection and reflective DLL injection 
		Technique 2—detecting process hollowing
		Technique 3—detecting process hollowing using the HollowFind plugin
	Understanding API hooking
		Why API hooking?
	Working with API hooking
		Inline API hooking
		Inline API hooking with trampoline
		Inline API hooking with a length disassembler
		Detecting API hooking using memory forensics
	Exploring IAT hooking
	Summary
Chapter 5: Bypassing Anti-Reverse Engineering Techniques
	Exploring debugger detection
		Direct check for debugger presence
		Detecting a debugger through an environment change
		Detecting a debugger using parent processes
	Handling debugger breakpoints evasion
		Detecting software breakpoints (INT3)
		Detecting single-stepping breakpoints (trap flag)
			Detecting a trap flag using the SS register
			Detecting single-stepping using timing techniques
		Evading hardware breakpoints
			What is structured exception handling?
			Detecting and removing hardware breakpoints
		Memory breakpoints
	Escaping the debugger
		Process injection
		TLS callbacks
		Windows events callbacks
	Obfuscation and anti-disassemblers
		Encryption
		Junk code insertion
		Code transportation
		Dynamic API calling with checksum
		Proxy functions and proxy argument stacking
	Detecting and evading behavioral analysis tools
		Finding the tool process
		Searching for the tool window
	Detecting sandboxes and virtual machines
		Different output between virtual machines and real machines
		Detecting virtualization processes and services
		Detecting virtualization through registry keys
		Detecting virtual machines using PowerShell
		Detecting sandboxes by using default settings
		Other techniques
	Summary
Chapter 6: Understanding Kernel-Mode Rootkits
	Kernel mode versus user mode
		Protection rings
	Windows internals
		The infrastructure of Windows
		The execution path from user mode to kernel mode
	Rootkits and device drivers
		What is a rootkit?
			Types of rootkits
		What is a device driver?
	Hooking mechanisms
		SSDT hooking
			Hooking the SYSENTER entry function
			Modifying SSDT in an x86 environment
			Modifying SSDT in an x64 environment
			Hooking SSDT functions
		IRP hooking
			Devices and major functions
			Attaching to a device
			Modifying the IRP response and setting a completion routine
	DKOM
		The kernel objects—EPROCESS and ETHREAD
		How do rootkits perform an object manipulation attack?
	Process injection in kernel mode
		Executing the inject code using APC queuing
	KPP in x64 systems (PatchGuard)
		Bypassing driver signature enforcement
		Bypassing PatchGuard—the Turla example
		Bypassing PatchGuard—GhostHook
		Disabling PatchGuard using the Command Prompt
	Static and dynamic analysis in kernel mode
		Static analysis
			Tools
			Tips and tricks
		Dynamic and behavioral analysis
			Tools
			Monitors
			Rootkit detectors
		Setting up a testing environment
		Setting up the debugger
			Stopping at the driver's entrypoint
			Loading the driver
			Restoring the debugging state
	Summary
Section 3: Examining Cross-Platform Malware
Chapter 7: Handling Exploits and Shellcode
	Getting familiar with vulnerabilities and exploits
		Types of vulnerabilities
			Stack overflow vulnerability
			Heap overflow vulnerabilities
			The use-after-free vulnerability
			Logical vulnerabilities
		Types of exploits
	Cracking the shellcode
		What's shellcode?
		Linux shellcode in x86-64
			Getting the absolute address
			Null-free shellcode
			Local shell shellcode
			Reverse shell shellcode
		Linux shellcode for ARM
			Null-free shellcode
		Windows shellcode
			Getting the Kernel32.dll ImageBase
			Getting the required APIs from Kernel32.dll
			The download and execute shellcode
		Static and dynamic analysis of exploits
			Analysis workflow
			Shellcode analysis
	Exploring bypasses for exploit mitigation technologies
		Data execution prevention (DEP/NX)
			Return-oriented programming
		Address space layout randomization
			DEP and partial ASLR
			DEP and full ASLR – partial ROP and chaining multiple vulnerabilities
			DEP and full ASLR – heap spray technique
		Other mitigation technologies
	Analyzing Microsoft Office exploits
		File structures
			Compound file binary format
			Rich text format
			Office open XML format
		Static and dynamic analysis of MS Office exploits
			Static analysis
			Dynamic analysis
	Studying malicious PDFs
		File structure
		Static and dynamic analysis of PDF files
			Static analysis
			Dynamic analysis
	Summary
Chapter 8: Reversing Bytecode Languages: .NET, Java, and More
	Exploring the theory of bytecode languages
		Object-oriented programming
		Inheritance
			Polymorphism
	.NET explained
		.NET file structure
			.NET COR20 header
			Metadata streams
		How to identify a .NET application from PE characteristics
		The CIL language instruction set
			Pushing into stack instructions
			Pulling out a value from the stack
			Mathematical and logical operations
			Branching instructions
		CIL language to higher-level languages
			Local variable assignments
			Local variable assignment with a method return value
			Basic branching statements
			Loops statements
	.NET malware analysis
		.NET analysis tools
		Static and dynamic analysis (with Dnspy)
			.NET static analysis
			.NET dynamic analysis
			Patching a .NET sample
		Dealing with obfuscation
			Obfuscated names for classes, methods, and others
			Encrypted strings inside the binary
			The sample is obfuscated using an obfuscator
	The essentials of Visual Basic
		File structure
		P-code versus native code
		Common p-code instructions
	Dissecting Visual Basic samples
		Static analysis
			P-code
			Native code
		Dynamic analysis
			P-code
			Native code
	The internals of Java samples
		File structure
		JVM instructions
		Static analysis
		Dynamic analysis
			Dealing with anti-reverse engineering solutions
	Python—script language internals
		File structure
		Bytecode instructions
	Analyzing compiled Python
		Static analysis
		Dynamic analysis
	Summary
Chapter 9: Scripts and Macros: Reversing, Deobfuscation, and Debugging
	Classic shell script languages
		Windows batch scripting
		Bash
	VBScript explained
		Basic syntax
		Static and dynamic analysis
		Deobfuscation
	Those evil macros inside documents
		Basic syntax
		Static and dynamic analysis
		Besides macros
	The power of PowerShell
		Basic syntax
		Static and dynamic analysis
	Handling JavaScript
		Basic syntax
		Static and dynamic analysis
		Anti-reverse engineering tricks
	Behind C&C—even malware has its own backend
		Things to focus on
		Static and dynamic analysis
	Other script languages
		Where to start from
		Questions to answer
	Summary
Section 4: Looking into IoT and Other Platforms
Chapter 10: Dissecting Linux and IoT Malware
	Explaining ELF files 
		ELF structure
		System calls
			Filesystem
			Network
			Process management
			Other
			Syscalls in assembly
		Common anti-reverse engineering tricks
	Exploring common behavioral patterns
		Initial delivery and lateral movement
		Persistence
		Privilege escalation
		Interaction with the command and control server
		Attacking stage
	Static and dynamic analysis of x86 (32- and 64-bit) samples
		Static analysis
			File type detectors
			Data carving
			Disassemblers
				Actual tools
				Engines
				How to choose
		Dynamic analysis
			Tracers
			Network monitors
			Debuggers
			Binary emulators
		Radare2 cheat sheet
		Anti-reverse engineering techniques
	Learning Mirai, its clones, and more
		High-level functionality
			Propagation
			Weaponry
			Self-defense
		Later derivatives
		Other widespread families
	Static and dynamic analysis of RISC samples
		ARM
		MIPS
		PowerPC
		SuperH
		SPARC
	Handling other architectures
		What to start from
	Summary
Chapter 11: Introduction to macOS and iOS Threats
	Understanding the role of the security model
		macOS
			Security policies
			Filesystem hierarchy and encryption
				Directory structure
				Encryption
			Apps protection
				Gatekeeper
				App sandbox
				Other technologies
		iOS
			System security
			Data encryption and password management
			Apps' security
	File formats and APIs
		Mach-O
			Thin
			Fat
		Application bundles (.app)
			Info.plist
				macOS
				iOS
		Installer packages (.pkg)
		Apple disk images (.dmg)
		iOS app store packages (.ipa)
		APIs
	Static and dynamic analyses of macOS and iOS samples
		Static analysis
			Retrieving samples
			Disassemblers and decompilers
			Auxiliary tools and libraries
		Dynamic and behavioral analysis
			macOS
				Debuggers
				Monitoring and dynamic instrumentation
				Network analysis
			iOS
				Installers and loaders
				Debuggers
				Dumping and decryption
				Monitors and in-memory patching
				Network analysis
	Attack stages
		Jailbreaks on demand
		Penetration
		Deployment and persistence
			macOS
			iOS
		Action phase
			macOS
			iOS
		Other attack techniques
			macOS
			iOS
	Advanced techniques
		Anti-reverse-engineering (RE) tricks
		Misusing dynamic data exchange (DDE)
		User hiding
		Use of AppleScript
		API hijacking
		Rootkits for Mac—do they exist?
	Analysis workflow
	Summary
Chapter 12: Analyzing Android Malware Samples
	(Ab)using Android internals 
		File hierarchy
		Android security model
			Process management
			Filesystem
			App permissions
			Security services
			Console
		To root or not to root?
	Understanding Dalvik and ART 
		Dalvik VM (DVM)
		Android runtime (ART)
		APIs
		File formats
			DEX
			ODEX
			OAT
			VDEX
			ART
			ELF
			APK
		Bytecode set
	Malware behavior patterns
		Attack stages
			Penetration
			Deployment
			Action phase
		Advanced techniques—investment pays off
			Patching system libraries
			Keylogging
			Self-defense
			Rootkits—get it covered
	Static and dynamic analysis of threats
		Static analysis
			Disassembling and data extraction
			Decompiling
		Dynamic analysis
			Android debug bridge
			Emulators
			Behavioral analysis and tracing
			Debuggers
		Analysis workflow
	Summary
Other Books You May Enjoy
	Leave a review - let other readers know what you think
Index




نظرات کاربران