Windows Malware Analysis Essentials

Description

Master the fundamentals of malware analysis for the Windows platform and enhance your anti-malware skill set About This Book Set the baseline towards performing malware analysis on the Windows platform and how to use the tools required to deal with malware Understand how to decipher x86 assembly code from source code inside your favourite development environment A step-by-step based guide that reveals malware analysis from an industry insider and demystifies the process Who This Book Is For This book is best for someone who has prior experience with reverse engineering Windows executables and wants to specialize in malware analysis. The book presents the malware analysis thought process using a show-and-tell approach, and the examples included will give any analyst confidence in how to approach this task on their own the next time around. What You Will Learn Use the positional number system for clear conception of Boolean algebra, that applies to malware research purposes Get introduced to static and dynamic analysis methodologies and build your own malware lab Analyse destructive malware samples from the real world (ITW) from fingerprinting and static/dynamic analysis to the final debrief Understand different modes of linking and how to compile your own libraries from assembly code and integrate the codein your final program Get to know about the various emulators, debuggers and their features, and sandboxes and set them up effectively depending on the required scenario Deal with other malware vectors such as pdf and MS-Office based malware as well as scripts and shellcode In Detail Windows OS is the most used operating system in the world and hence is targeted by malware writers. There are strong ramifications if things go awry. Things will go wrong if they can, and hence we see a salvo of attacks that have continued to disrupt the normal scheme of things in our day to day lives. This book will guide you on how to use essential tools such as debuggers, disassemblers, and sandboxes to dissect malware samples. It will expose your innards and then build a report of their indicators of compromise along with detection rule sets that will enable you to help contain the outbreak when faced with such a situation. We will start with the basics of computing fundamentals such as number systems and Boolean algebra. Further, you'll learn about x86 assembly programming and its integration with high level languages such as C++.You'll understand how to decipher disassembly code obtained from the compiled source code and map it back to its original design goals. By delving into end to end analysis with real-world malware samples to solidify your understanding, you'll sharpen your technique of handling destructive malware binaries and vector mechanisms. You will also be encouraged to consider analysis lab safety measures so that there is no infection in the process. Finally, we'll have a rounded tour of various emulations, sandboxing, and debugging options so that you know what is at your disposal when you need a specific kind of weapon in order to nullify the malware. Style and approach An easy to follow, hands-on guide with descriptions and screenshots that will help you execute effective malicious software investigations and conjure up solutions creatively and confidently.

Get the book

Amazon.com

Search the book

eBay.com

Search the book

Similar books

• 

  Family History Digital Libraries

  By William Sims Bainbridge

  One named Sara and Timberlake had 11 male workers, 1 female worker, and 4 children workers, so it might have employed the Minor family.

• 

  Foundation Dreamweaver MX

  By Craig Grannell, Jerome Turner, Matt Stephens

  So here's what we need to do to arrive at our layout: s Create the main table to hold all the page elements. s Deal with the navigation area which is ...

• 

  Cisco CCNA Certification, 2 Volume Set: Exam 200-301

  By Todd Lammle

  This inclusive, two-book set provides what you need to know to succeed on the new CCNA exam. The set includes Understanding Cisco Networking Technologies: Volume 1 and the CCNA Certification Study Guide: Volume 2.

• 

  CompTIA Network+ Study Guide: Exam N10-006

  By Todd Lammle

  ... you can use: –a –A –c –n –r –R –S –s All nbtstat switches are case sensitive. Generally speaking, lowercase switches deal with NetBIOS names of hosts, ...

• 

  CompTIA Network+ Study Guide with Online Labs: N10-007 Exam

  By Todd Lammle, Jon Buhagiar

  ... you can use: –a –A –c –n –r –R –S –s All nbtstat switches are case sensitive. Generally speaking, lowercase switches deal with NetBIOS names of hosts, ...

• 

  CCNA: Cisco Certified Network Associate FastPass

  By Todd Lammle

  S The S reference point defines the point between the customer router and an ... with the letter E deal with using ISDN on the existing telephone network.

• 

  Stranger in the Chat Room

  By Todd Hafer, Jedd Hafer

  A sequel to In the Chat Room With God finds a group of teens contacted by a mysterious and increasingly malevolent character who claims to know about their encounters with the Almighty and challenges their beliefs. Original.

• 

  Error Correction Coding: Mathematical Methods and Algorithms

  By Todd K. Moon

  M M−1∑ k=0 −∞ ∞ k=0 The average energy per signal E s ∫ can be related to the ... we will deal primarily with additive white Gaussian noise (AWGN), ...

• 

  Security+ Training Guide

  By Todd King

  ... to deal with most , but unfortunately not all , of these potential threats . ... The S / MIME standard implements encryption for message content using ...

• 

  CCDA: Cisco Certified Design Associate Study Guide: Exam 640-861

  By Todd Lammle, Andy Barkl

  S reference point The S reference point defines the reference point between ... with the letter E deal with using ISDN on the existing telephone network.