Document Type
|
:
|
BL
|
Record Number
|
:
|
856690
|
Main Entry
|
:
|
Kleymenov, Alexey.
|
Title & Author
|
:
|
Mastering Malware Analysis : : the Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks.
|
Publication Statement
|
:
|
Birmingham :: Packt Publishing, Limited,, 2019.
|
Page. NO
|
:
|
1 online resource (548 pages)
|
ISBN
|
:
|
1789614872
|
|
:
|
: 9781789614879
|
|
:
|
1789610788
|
|
:
|
9781789610789
|
Contents
|
:
|
Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Section 1: Fundamental Theory; Chapter 1: A Crash Course in CISC/RISC and Programming Basics; Basic concepts; Registers; Memory; Virtual memory; Stack; Branches, loops, and conditions; Exceptions, interrupts, and communicating with other devices; Assembly languages; CISC versus RISC; Types of instructions; Becoming familiar with x86 (IA-32 and x64); Registers; Special registers; The instruction structure; opcode; dest; src; The instruction set; Data manipulation instructions
|
|
:
|
Data transfer instructionsFlow control instructions; Arguments, local variables, and calling conventions (in x86 and x64); stdcall; Arguments; Local variables; cdecl; fastcall; thiscall; The x64 calling convention; Exploring ARM assembly; Basics; Instruction sets; Basics of MIPS; Basics; The instruction set; Diving deep into PowerPC; Basics; The instruction set; Covering the SuperH assembly; Basics; The instruction set; Working with SPARC; Basics; The instruction set; From assembly to high-level programming languages; Arithmetic statements; If conditions; While loop conditions; Summary
|
|
:
|
Modifying the instruction pointer valueChanging the program data; Debugging malicious services; What is service?; Attaching to the service; Summary; Chapter 3: Unpacking, Decryption, and Deobfuscation; Exploring packers; Exploring packing and encrypting tools; Identifying a packed sample; Technique 1 -- checking PE tool static signatures; Technique 2 -- evaluating PE section names; Technique 3 -- using stub execution signs; Technique 4 -- detecting a small import table; Automatically unpacking packed samples; Technique 1 -- the official unpacking process; Technique 2 -- using OllyScript with OllyDbg.
|
|
:
|
PE loading and process creationBasic terminology; What's process?; Virtual memory to physical memory mapping; Threads; Important data structures: TIB, TEB, and PEB; Process loading step by step; PE file loading step by step; WOW64 processes; Dynamic analysis with OllyDbg/immunity debugger; Debugging tools; How to analyze a sample with OllyDbg; Types of breakpoints; Step into/step over breakpoint; INT3 breakpoint; Memory breakpoints; Hardware breakpoints; Modifying the program execution; Patching-modifying the program's assembly instructions; Change EFlags
|
|
:
|
Section 2: Diving Deep into Windows MalwareChapter 2: Basic Static and Dynamic Analysis for x86/x64; Working with the PE header structure; Why PE?; Exploring PE structure; MZ header; PE header; File header; Optional header; Data directory; Section table; PE+ (x64 PE); PE analysis tools; Static and dynamic linking; Static linking; Dynamic linking; Dynamic link libraries; Application programming interface; Dynamic API loading; Using PE header information for static analysis; How to use PE header for incident handling; How to use a PE header for threat intelligence
|
Abstract
|
:
|
Malware analysis is a powerful investigation technique widely used in various security areas including digital forensics and incident response processes. Working through practical examples, you'll be able to analyze any type of malware you may encounter within the modern world.
|
Subject
|
:
|
Computer security.
|
Subject
|
:
|
Cyberterrorism-- Security measures.
|
Subject
|
:
|
Malware (Computer software)
|
Subject
|
:
|
Computer security.
|
Subject
|
:
|
Malware (Computer software)
|
Subject
|
:
|
Security systems.
|
Subject
|
:
|
Microsoft Windows (Computer file)-- Security measures.
|
|
:
|
Microsoft Windows (Computer file)
|
Dewey Classification
|
:
|
005.88
|
LC Classification
|
:
|
QA76.76.C68
|
Added Entry
|
:
|
Thabet, Amr.
|