Image from Google Jackets

Practical Malware Analysis : the Hands-On Guide to Dissecting Malicious Software.

By: Contributor(s): Material type: TextTextPublication details: San Francisco : No Starch Press, 2012.Description: (xxxi ; 802 pages)Content type:
  • text
Media type:
  • Book
Carrier type:
  • online resource
ISBN:
  • 9781593274306
  • 1593274300
  • 1593272901
  • 9781593272906
Subject(s): Additional physical formats: Print version:: Practical Malware Analysis : A Hands-On Guide to Dissecting Malicious Software.DDC classification:
  • 005.84 SIK
LOC classification:
  • QA76.76.C68 S534 2012
Online resources:
Contents:
Hashing: A Fingerprint for MalwareFinding Strings; Packed and Obfuscated Malware; Packing Files; Detecting Packers with PEiD; Portable Executable File Format; Linked Libraries and Functions; Static, Runtime, and Dynamic Linking; Exploring Dynamically Linked Functions with Dependency Walker; Imported Functions; Exported Functions; Static Analysis in Practice; PotentialKeylogger.exe: An Unpacked Executable; PackedProgram.exe: A Dead End; The PE File Headers and Sections; Examining PE Files with PEview; Viewing the Resource Section with Resource Hacker; Using Other PE File Tools.
PE Header SummaryConclusion; Lab 1-1; Questions; Lab 1-2; Questions; Lab 1-3; Questions; Lab 1-4; Questions; 2: Malware Analysis in Virtual Machines; The Structure of a Virtual Machine; Creating Your Malware Analysis Machine; Configuring VMware; Using Your Malware Analysis Machine; Connecting Malware to the Internet; Connecting and Disconnecting Peripheral Devices; Taking Snapshots; Transferring Files from a Virtual Machine; The Risks of Using VMware for Malware Analysis; Record/Replay: Running Your Computer in Reverse; Conclusion; 3: Basic Dynamic Analysis.
Sandboxes: The Quick-and-Dirty ApproachUsing a Malware Sandbox; Sandbox Drawbacks; Running Malware; Monitoring with Process Monitor; The Procmon Display; Filtering in Procmon; Viewing Processes with Process Explorer; The Process Explorer Display; Using the Verify Option; Comparing Strings; Using Dependency Walker; Analyzing Malicious Documents; Comparing Registry Snapshots with Regshot; Faking a Network; Using ApateDNS; Monitoring with Netcat; Packet Sniffing with Wireshark; Using INetSim; Basic Dynamic Tools in Practice; Conclusion; Lab 3-1; Questions; Lab 3-2; Questions; Lab 3-3; Questions.
Lab 3-4Questions; Part 2: Advanced Static Analysis; 4: A Crash Course in x86 Disassembly; Levels of Abstraction; Reverse-Engineering; The x86 Architecture; Main Memory; Instructions; Opcodes and Endianness; Operands; Registers; Simple Instructions; The Stack; Conditionals; Branching; Rep Instructions; C Main Method and Offsets; More Information: Intel x86 Architecture Manuals; Conclusion; 5: IDA Pro; Loading an Executable; The IDA Pro Interface; Disassembly Window Modes; Useful Windows for Analysis; Returning to the Default View; Navigating IDA Pro; Searching; Using Cross-References.
Summary: There are more than 100 malicious computer attacks every second, resulting in tens of billions of dollars in economic damages each year. Among security professionals, the skills required to quickly analyze and assess these attacks are in high demand. Practical Malware Analysis provides a rapid introduction to the tools and methods used to dissect malicious software (malware), showing readers how to discover, debug, and disassemble these threats. The book goes on to examine how to overcome the evasive techniques?stealth, code obfuscation, encryption, file packing, and others?that malware author.
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Collection Call number Copy number Status Date due Barcode
Books Books Botho University eSwatini Open Shelves Information Technology 005.84 SIK (Browse shelf(Opens below)) Available BUESW24074182
Books Books Botho University Lesotho Open Shelves Information Technology 005.84 SIK (Browse shelf(Opens below)) 1 Available BK000133
Books Books Botho University Lesotho Open Shelves Information Technology 005.84 SIK (Browse shelf(Opens below)) 2 Available BK000336

Hashing: A Fingerprint for MalwareFinding Strings; Packed and Obfuscated Malware; Packing Files; Detecting Packers with PEiD; Portable Executable File Format; Linked Libraries and Functions; Static, Runtime, and Dynamic Linking; Exploring Dynamically Linked Functions with Dependency Walker; Imported Functions; Exported Functions; Static Analysis in Practice; PotentialKeylogger.exe: An Unpacked Executable; PackedProgram.exe: A Dead End; The PE File Headers and Sections; Examining PE Files with PEview; Viewing the Resource Section with Resource Hacker; Using Other PE File Tools.

PE Header SummaryConclusion; Lab 1-1; Questions; Lab 1-2; Questions; Lab 1-3; Questions; Lab 1-4; Questions; 2: Malware Analysis in Virtual Machines; The Structure of a Virtual Machine; Creating Your Malware Analysis Machine; Configuring VMware; Using Your Malware Analysis Machine; Connecting Malware to the Internet; Connecting and Disconnecting Peripheral Devices; Taking Snapshots; Transferring Files from a Virtual Machine; The Risks of Using VMware for Malware Analysis; Record/Replay: Running Your Computer in Reverse; Conclusion; 3: Basic Dynamic Analysis.

Sandboxes: The Quick-and-Dirty ApproachUsing a Malware Sandbox; Sandbox Drawbacks; Running Malware; Monitoring with Process Monitor; The Procmon Display; Filtering in Procmon; Viewing Processes with Process Explorer; The Process Explorer Display; Using the Verify Option; Comparing Strings; Using Dependency Walker; Analyzing Malicious Documents; Comparing Registry Snapshots with Regshot; Faking a Network; Using ApateDNS; Monitoring with Netcat; Packet Sniffing with Wireshark; Using INetSim; Basic Dynamic Tools in Practice; Conclusion; Lab 3-1; Questions; Lab 3-2; Questions; Lab 3-3; Questions.

Lab 3-4Questions; Part 2: Advanced Static Analysis; 4: A Crash Course in x86 Disassembly; Levels of Abstraction; Reverse-Engineering; The x86 Architecture; Main Memory; Instructions; Opcodes and Endianness; Operands; Registers; Simple Instructions; The Stack; Conditionals; Branching; Rep Instructions; C Main Method and Offsets; More Information: Intel x86 Architecture Manuals; Conclusion; 5: IDA Pro; Loading an Executable; The IDA Pro Interface; Disassembly Window Modes; Useful Windows for Analysis; Returning to the Default View; Navigating IDA Pro; Searching; Using Cross-References.

There are more than 100 malicious computer attacks every second, resulting in tens of billions of dollars in economic damages each year. Among security professionals, the skills required to quickly analyze and assess these attacks are in high demand. Practical Malware Analysis provides a rapid introduction to the tools and methods used to dissect malicious software (malware), showing readers how to discover, debug, and disassemble these threats. The book goes on to examine how to overcome the evasive techniques?stealth, code obfuscation, encryption, file packing, and others?that malware author.

English.

Print version record.

There are no comments on this title.

to post a comment.

Powered by Koha