دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Mastering Malware Analysis
دانلود کتاب تسلط بر تجزیه و تحلیل بدافزار
مشخصات کتاب
Mastering Malware Analysis
ویرایش:
نویسندگان: Alexey Kleymenov. Amr Thabet
سری:
ISBN (شابک) : 9781803240244
ناشر: Packt Publishing Pvt Ltd
سال نشر: 2022
تعداد صفحات: 0
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 40 مگابایت
قیمت کتاب (تومان) : 71,000
در صورت تبدیل فایل کتاب Mastering Malware Analysis به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب تسلط بر تجزیه و تحلیل بدافزار نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب تسلط بر تجزیه و تحلیل بدافزار
تاکتیک های موثر تجزیه و تحلیل بدافزار برای جلوگیری از آلوده شدن سیستم های خود را بیاموزید ویژگی های کلیدی: حملات سایبری را بررسی کنید و از وقوع حوادث مرتبط با بدافزار در آینده جلوگیری کنید مفاهیم اصلی تجزیه و تحلیل بدافزار استاتیک و پویا، پزشکی قانونی حافظه، رمزگشایی و موارد دیگر را بیاموزید. توسعه راهحلهای کارآمد برای رسیدگی به حوادث بدافزار شرح کتاب: فناوریهای جدید و در حال توسعه ناگزیر انواع جدیدی از بدافزارها را با خود به همراه میآورند و تقاضای زیادی برای متخصصان فناوری اطلاعات ایجاد میکنند که میتوانند بدافزار را از خود دور نگه دارند. با کمک این ویرایش دوم به روز شده Mastering Malware Analysis، میتوانید مهارتهای ارزشمند مهندسی معکوس را به CV خود اضافه کنید و یاد بگیرید که چگونه از سازمانها به کارآمدترین روش محافظت کنید. این کتاب شما را با چندین الگوی جهانی در پشت انواع مختلف نرم افزارهای مخرب آشنا می کند و به شما می آموزد که چگونه آنها را با استفاده از روش های مختلف تجزیه و تحلیل کنید. شما یاد خواهید گرفت که چگونه کدهای بدافزار را بررسی کنید و آسیب هایی را که احتمالاً می تواند به سیستم ها وارد کند را تعیین کنید، همراه با اطمینان از رعایت صحیح مراحل پیشگیری یا اصلاح. همانطور که تمام جنبه های تجزیه و تحلیل بدافزار برای ویندوز، لینوکس، macOS و پلتفرم های تلفن همراه را با جزئیات پوشش می دهید، با مبهم سازی، ضد اشکال زدایی و سایر تکنیک های پیشرفته ضد مهندسی معکوس نیز آشنا خواهید شد. مهارتهایی که در این کتاب امنیت سایبری کسب میکنید به شما کمک میکند با انواع بدافزارهای مدرن مقابله کنید، دفاعهای خود را تقویت کنید، و بدون در نظر گرفتن پلتفرمهای درگیر، از نقضها جلوگیری کنید یا به سرعت آنها را کاهش دهید. در پایان این کتاب، شما یاد خواهید گرفت که چگونه به طور کارآمد نمونه ها را تجزیه و تحلیل کنید، فعالیت های مشکوک را بررسی کنید، و راه حل های خلاقانه ای برای مدیریت حوادث بدافزار بسازید. آنچه یاد خواهید گرفت: برای تقویت مهارت های مهندسی معکوس خود، زبان های اسمبلی را کاوش کنید تا به فرمت های مختلف فایل و API های مرتبط مورد استفاده توسط مهاجمان تسلط پیدا کنید. تجزیه و تحلیل استاتیک و پویا فایلهای انواع مختلف با مدیریت موارد بدافزار پیچیده آشنا شوید حملات پیشرفته واقعی را که تمام مراحل آنها را پوشش میدهند، تمرکز کنید روی نحوه دور زدن تکنیکهای ضد مهندسی معکوس تمرکز کنید این کتاب برای چه کسی است: اگر یک محقق بدافزار هستید، تحلیلگر پزشکی قانونی، مدیر امنیت فناوری اطلاعات، یا هر کسی که به دنبال ایمن سازی در برابر نرم افزارهای مخرب یا بررسی کدهای مخرب است، این کتاب برای شما مناسب است. این نسخه جدید برای تمام سطوح دانش، از جمله مبتدیان کامل، مناسب است. هرگونه مواجهه قبلی با برنامه نویسی یا امنیت سایبری به سرعت بخشیدن به روند یادگیری شما کمک می کند.
توضیحاتی درمورد کتاب به خارجی
Learn effective malware analysis tactics to prevent your systems from getting infected Key Features: Investigate cyberattacks and prevent malware-related incidents from occurring in the future Learn core concepts of static and dynamic malware analysis, memory forensics, decryption, and much more Get practical guidance in developing efficient solutions to handle malware incidents Book Description: New and developing technologies inevitably bring new types of malware with them, creating a huge demand for IT professionals that can keep malware at bay. With the help of this updated second edition of Mastering Malware Analysis, you\'ll be able to add valuable reverse-engineering skills to your CV and learn how to protect organizations in the most efficient way. This book will familiarize you with multiple universal patterns behind different malicious software types and teach you how to analyze them using a variety of approaches. You\'ll learn how to examine malware code and determine the damage it can possibly cause to systems, along with ensuring that the right prevention or remediation steps are followed. As you cover all aspects of malware analysis for Windows, Linux, macOS, and mobile platforms in detail, you\'ll also get to grips with obfuscation, anti-debugging, and other advanced anti-reverse-engineering techniques. The skills you acquire in this cybersecurity book will help you deal with all types of modern malware, strengthen your defenses, and prevent or promptly mitigate breaches regardless of the platforms involved. By the end of this book, you will have learned how to efficiently analyze samples, investigate suspicious activity, and build innovative solutions to handle malware incidents. What You Will Learn: Explore assembly languages to strengthen your reverse-engineering skills Master various file formats and relevant APIs used by attackers Discover attack vectors and start handling IT, OT, and IoT malware Understand how to analyze samples for x86 and various RISC architectures Perform static and dynamic analysis of files of various types Get to grips with handling sophisticated malware cases Understand real advanced attacks, covering all their stages Focus on how to bypass anti-reverse-engineering techniques Who this book is for: If you are a malware researcher, forensic analyst, IT security administrator, or anyone looking to secure against malicious software or investigate malicious code, this book is for you. This new edition is suited to all levels of knowledge, including complete beginners. Any prior exposure to programming or cybersecurity will further help to speed up your learning process.
فهرست مطالب
Cover Title Page Copyright and Credits Contributors Table of Contents Preface Part 1: Fundamental Theory Chapter 1: Cybercrime, APT Attacks, and Research Strategies Why malware analysis? Malware analysis in collecting threat intelligence Malware analysis in incident response Malware analysis in threat hunting Malware analysis in creating detections Exploring types of malware A short history of malware development Malware categories Naming conventions The MITRE ATT&CK framework explained Basic terminology Enterprise Matrix APT and zero-day attacks and fileless malware APT attack Zero-day attack Fileless malware Choosing your analysis strategy Understand your audience Answer your audience’s questions Define your goals Avoid unnecessary technical details Example structures Typical analysis workflow Setting up the environment Choosing the virtualization software Safety features Summary Chapter 2: A Crash Course in Assembly and Programming Basics Basics of informatics Numeral systems Basic data units and data types Bitwise operations Architectures and their assembly Registers Memory Instructions (CISC and RISC) Becoming familiar with x86 (IA-32 and x64) Registers The instruction structure The instruction set Arguments, local variables, and calling conventions (in x86 and x64) Exploring ARM assembly Basics Instruction sets Basics of MIPS Basics The instruction set Diving deep into PowerPC Basics The instruction set Covering the SuperH assembly Basics The instruction set Working with SPARC Basics The instruction set Moving from assembly to high-level programming languages Arithmetic statements If conditions While loop conditions Summary Part 2: Diving Deep into Windows Malware Chapter 3: Basic Static and Dynamic Analysis for x86/x64 Working with the PE header structure Why PE? Exploring PE’s structure PE+ (x64 PE) PE header analysis tools Static and dynamic linking Static linking Dynamic linking Dynamic link libraries Application programming interface (API) Using PE header information for static analysis How to use the PE header for incident handling How to use a PE header for threat hunting PE loading and process creation Basic terminology Process creation step by step PE file loading step by step WOW64 processes Basics of dynamic analysis using OllyDbg and x64dbg Debugging tools How to analyze a sample with OllyDbg Types of breakpoints Modifying the program’s execution List strings, APIs, and cross-references Setting labels and comments Differences between OllyDbg and x64dbg Debugging malicious services What is a service? Attaching to services Essentials of behavioral analysis File operations Registry operations Process operations WinAPIs Network activity Sandboxes Summary Chapter 4: Unpacking, Decryption, and Deobfuscation Exploring packers Exploring packing and encrypting tools Identifying a packed sample Technique 1 – using static signatures Technique 2 – evaluating PE section names Technique 3 – using stub execution signs Technique 4 – detecting a small import table Automatically unpacking packed samples Technique 1 – the official unpacking process Technique 2 – using OllyScript with OllyDbg Technique 3 – using generic unpackers Technique 4 – emulation Technique 5 – memory dumps Manual unpacking techniques Technique 1 – memory breakpoint on execution Technique 2 – call stack backtracing Technique 3 – monitoring memory allocated spaces for unpacked code Technique 4 – in-place unpacking Technique 5 – searching for and transferring control to OEP Technique 6 – stack restoration-based Dumping the unpacked sample and fixing the import table Dumping the process Fixing the import table Identifying simple encryption algorithms and functions Types of encryption algorithms Basic encryption algorithms Identifying encryption functions in disassembly String search detection techniques for simple algorithms Identifying the RC4 encryption algorithm Advanced symmetric and asymmetric encryption algorithms Extracting information from Windows cryptography APIs Cryptography API: Next Generation (CNG) Applications of encryption in modern malware – Vawtrak banking Trojan String and API name encryption Network communication encryption Using IDA for decryption and unpacking IDA tips and tricks Classic and new syntax of IDA scripts Dynamic string decryption Dynamic WinAPIs resolution Summary Chapter 5: Inspecting Process Injection and API Hooking Understanding process injection What’s process injection? Why process injection? DLL injection Windows-supported DLL injection A simple DLL injection technique Diving deeper into process injection Finding the victim process Code block injection Reflective DLL injection Stuxnet secret technique – process hollowing A dynamic analysis of code injection Technique 1 – Debug it where it is Technique 2 – Attach to the targeted process Technique 3 – Dealing with process hollowing Memory forensics techniques for process injection Technique 1 – Detecting code injection and reflective DLL injection Technique 2 – Detecting process hollowing Technique 3 – Detecting process hollowing using the HollowFind plugin Understanding API hooking Why API hooking? Working with API hooking Detecting API hooking using memory forensics Exploring IAT hooking Summary Chapter 6: Bypassing Anti-Reverse Engineering Techniques Exploring debugger detection Using PEB information Using EPROCESS information Using DebugObject Using handles Using exceptions Using parent processes Handling the evasion of debugger breakpoints Detecting software breakpoints (INT3) Detecting single-stepping breakpoints using a trap flag Detecting single-stepping using timing techniques Evading hardware breakpoints Memory breakpoints Escaping the debugger Process injection TLS callbacks Windows events callbacks Attacking the debugger Understanding obfuscation and anti-disassemblers Encryption Junk code Code transportation Dynamic API calling with checksum Proxy functions and proxy argument stacking Using the COM functionality Detecting and evading behavioral analysis tools Finding the tool process Searching for the tool window Detecting sandboxes and VMs Different output between VMs and real machines Detecting virtualization processes and services Detecting virtualization through registry keys Detecting VMs using WMI Other VM detection techniques Detecting sandboxes using default settings Summary Chapter 7: Understanding Kernel-Mode Rootkits Kernel mode versus user mode Protection rings Windows internals The anatomy of Windows The execution path from user mode to kernel mode Rootkits and device drivers What is a rootkit? Types of rootkits What is a device driver? Hooking mechanisms Hooking the SYSENTER entry function Modifying SSDT in an x86 environment Modifying SSDT in an x64 environment Patching SSDT functions IRP hooking DKOM The kernel objects – EPROCESS and ETHREAD How do rootkits perform an object manipulation attack? Process injection in kernel mode Executing the inject code using APC queuing KPP in x64 systems (PatchGuard) Bypassing driver signature enforcement Bypassing PatchGuard – the Turla example Bypassing PatchGuard – GhostHook Static and dynamic analysis in kernel mode Static analysis Dynamic and behavioral analysis Setting up a testing environment Setting up the debugger Stopping at the driver's entry point Loading the driver Restoring the debugging state Summary Part 3: Examining Cross-Platform and Bytecode-Based Malware Chapter 8: Handling Exploits and Shellcode Getting familiar with vulnerabilities and exploits Types of vulnerabilities Types of exploits Cracking the shellcode What’s shellcode? Linux shellcode in x86-64 Linux shellcode for ARM Windows shellcode Static and dynamic analysis of exploits Exploring bypasses for exploit mitigation technologies Data execution prevention (DEP/NX) Return-oriented programming Address space layout randomization Other mitigation technologies Analyzing Microsoft Office exploits File structures Static and dynamic analysis of MS Office exploits Studying malicious PDFs File structure Static and dynamic analysis of PDF files Summary Chapter 9: Reversing Bytecode Languages – .NET, Java, and More The basic theory of bytecode languages Object-oriented programming Inheritance Polymorphism .NET explained .NET file structure How to identify a .NET application from PE characteristics The CIL language instruction set CIL language into higher-level languages .NET malware analysis .NET analysis tools Static and dynamic analysis Dealing with obfuscation The essentials of Visual Basic File structure P-code versus native code Common p-code instructions Dissecting Visual Basic samples Static analysis Dynamic analysis The internals of Java samples File structure JVM instructions Static analysis Dynamic analysis Dealing with anti-reverse engineering solutions Analyzing compiled Python threats File structure Bytecode instructions Static analysis Dynamic analysis Summary Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging Classic shell script languages Windows batch scripting Bash VBScript explained Basic syntax Static and dynamic analysis Deobfuscation VBA and Excel 4.0 (XLM) macros and more VBA macros Excel 4.0 (XLM) macros Besides macros The power of PowerShell Basic syntax Obfuscation Static and dynamic analysis Handling JavaScript Basic syntax Anti-reverse engineering tricks Static and dynamic analysis Behind C&C – even malware has its own backend Things to focus on Static and dynamic analysis Other script languages Where to start Questions to answer Summary Part 4: Looking into IoT and Other Platforms Chapter 11: Dissecting Linux and IoT Malware Explaining ELF files The ELF structure System calls Exploring common behavioral patterns Initial access and lateral movement Persistence Privilege escalation Command and control Impact Defense evasion Static and dynamic analysis of x86 (32- and 64-bit) samples Static analysis Dynamic analysis A radare2 cheat sheet Learning about Mirai, its clones, and more High-level functionality Later derivatives Other widespread families Static and dynamic analysis of RISC samples ARM MIPS PowerPC SuperH SPARC Handling other architectures What to start from Summary Chapter 12: Introduction to macOS and iOS Threats Understanding the role of the security model macOS Other technologies iOS File formats and APIs Mach-O Application bundles (.app) Installer packages (.pkg) Apple disk images (.dmg) iOS app store packages (.ipa) APIs Attack stages Jailbreaks on demand Initial access Execution and persistence Impact Other attack techniques Advanced techniques Anti-analysis and detection tricks Misusing dynamic data exchange (DDE) User hiding Using AppleScript API hijacking Other techniques Rootkits for Mac – do they exist? Static and dynamic analysis of macOS and iOS samples Static analysis Dynamic and behavioral analysis The analysis workflow Summary Chapter 13: Analyzing Android Malware Samples (Ab)using the Android internals The file hierarchy The Android security model To root or not to root? Understanding Dalvik and ART Dalvik VM (DVM) Android runtime (ART) The bytecode set File formats and APIs DEX ODEX OAT VDEX ART ELF APK APIs Malware behavior patterns Initial access Privilege escalation Persistence Impact Collection Defence evasion Static and dynamic analysis of threats Static analysis Dynamic analysis Behavioral analysis and tracing The analysis workflow Summary Index Other Books You May Enjoy
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Culture Conflicts in East Pakistan, 1947-1971: A Study in the Attitude of Bengali Muslim Intelligentsia Towards Bengali Literature and Islam
دانلود کتاب Το κόκκινο πουλάρι
