Practical Malware Analysis : the Hands-On Guide to Dissecting Malicious Software.
Material type: TextPublication details: San Francisco : No Starch Press, 2012.Description: (xxxi ; 802 pages)Content type:- text
- Book
- online resource
- 9781593274306
- 1593274300
- 1593272901
- 9781593272906
- Sikorski, Michael
- Malware (Computer software)
- Computer viruses
- Debugging in computer science
- Computer security
- Logiciels malveillants
- Virus informatiques
- COMPUTERS -- Security -- Viruses & Malware
- Computer security
- Computer viruses
- Debugging in computer science
- Malware (Computer software)
- Malware Analysis - Dissecting Malicious Software - Static Analysis
- 005.84 SIK
- QA76.76.C68 S534 2012
Item type | Current library | Collection | Call number | Copy number | Status | Date due | Barcode | |
---|---|---|---|---|---|---|---|---|
Books | Botho University eSwatini Open Shelves | Information Technology | 005.84 SIK (Browse shelf(Opens below)) | Available | BUESW24074182 | |||
Books | Botho University Lesotho Open Shelves | Information Technology | 005.84 SIK (Browse shelf(Opens below)) | 1 | Available | BK000133 | ||
Books | Botho University Lesotho Open Shelves | Information Technology | 005.84 SIK (Browse shelf(Opens below)) | 2 | Available | BK000336 |
Hashing: A Fingerprint for MalwareFinding Strings; Packed and Obfuscated Malware; Packing Files; Detecting Packers with PEiD; Portable Executable File Format; Linked Libraries and Functions; Static, Runtime, and Dynamic Linking; Exploring Dynamically Linked Functions with Dependency Walker; Imported Functions; Exported Functions; Static Analysis in Practice; PotentialKeylogger.exe: An Unpacked Executable; PackedProgram.exe: A Dead End; The PE File Headers and Sections; Examining PE Files with PEview; Viewing the Resource Section with Resource Hacker; Using Other PE File Tools.
PE Header SummaryConclusion; Lab 1-1; Questions; Lab 1-2; Questions; Lab 1-3; Questions; Lab 1-4; Questions; 2: Malware Analysis in Virtual Machines; The Structure of a Virtual Machine; Creating Your Malware Analysis Machine; Configuring VMware; Using Your Malware Analysis Machine; Connecting Malware to the Internet; Connecting and Disconnecting Peripheral Devices; Taking Snapshots; Transferring Files from a Virtual Machine; The Risks of Using VMware for Malware Analysis; Record/Replay: Running Your Computer in Reverse; Conclusion; 3: Basic Dynamic Analysis.
Sandboxes: The Quick-and-Dirty ApproachUsing a Malware Sandbox; Sandbox Drawbacks; Running Malware; Monitoring with Process Monitor; The Procmon Display; Filtering in Procmon; Viewing Processes with Process Explorer; The Process Explorer Display; Using the Verify Option; Comparing Strings; Using Dependency Walker; Analyzing Malicious Documents; Comparing Registry Snapshots with Regshot; Faking a Network; Using ApateDNS; Monitoring with Netcat; Packet Sniffing with Wireshark; Using INetSim; Basic Dynamic Tools in Practice; Conclusion; Lab 3-1; Questions; Lab 3-2; Questions; Lab 3-3; Questions.
Lab 3-4Questions; Part 2: Advanced Static Analysis; 4: A Crash Course in x86 Disassembly; Levels of Abstraction; Reverse-Engineering; The x86 Architecture; Main Memory; Instructions; Opcodes and Endianness; Operands; Registers; Simple Instructions; The Stack; Conditionals; Branching; Rep Instructions; C Main Method and Offsets; More Information: Intel x86 Architecture Manuals; Conclusion; 5: IDA Pro; Loading an Executable; The IDA Pro Interface; Disassembly Window Modes; Useful Windows for Analysis; Returning to the Default View; Navigating IDA Pro; Searching; Using Cross-References.
There are more than 100 malicious computer attacks every second, resulting in tens of billions of dollars in economic damages each year. Among security professionals, the skills required to quickly analyze and assess these attacks are in high demand. Practical Malware Analysis provides a rapid introduction to the tools and methods used to dissect malicious software (malware), showing readers how to discover, debug, and disassemble these threats. The book goes on to examine how to overcome the evasive techniques?stealth, code obfuscation, encryption, file packing, and others?that malware author.
English.
Print version record.
There are no comments on this title.