Advanced Malware Analysis
Christopher C. Elisan
Language: English
Pages: 544
ISBN: 0071819746
Format: PDF / Kindle (mobi) / ePub
A one-of-a-kind guide to setting up a malware research lab, using cutting-edge analysis tools, and reporting the findings
Advanced Malware Analysis is a critical resource for every information security professional's anti-malware arsenal. The proven troubleshooting techniques will give an edge to information security professionals whose job involves detecting, decoding, and reporting on malware.
After explaining malware architecture and how it operates, the book describes how to create and configure a state-of-the-art malware research lab and gather samples for analysis. Then, you’ll learn how to use dozens of malware analysis tools, organize data, and create metrics-rich reports.
- A crucial tool for combatting malware―which currently hits each second globally
- Filled with undocumented methods for customizing dozens of analysis software tools for very specific uses
- Leads you through a malware blueprint first, then lab setup, and finally analysis and reporting activities
- Every tool explained in this book is available in every country around the world
PCs for Dummies (12th Edition)
(Re)Inventing the Internet: Critical Case Studies
iPad: The Missing Manual (7th Edition)
OS X El Capitan: The Missing Manual
Combinations, or different methods. Malware analysis is an art after all. ŠŠŠŠŠŠŠŠŠŠŠTIP ŠŠŠŠŠŠŠŠŠŠŠŠIt is important to remember that malware analysis is not a set process, wherein you just follow a series of steps and arrive at your destination. Nothing is set in stone. Every malware analysis case can be different. The best thing to do is to recognize patterns of analysis so you can apply them as a mental template when faced with a malware analysis problem. Recap Malware analysis is a fun.
Messaging and chat take advantage of trust. A compromised system can make use of the victim舗s IM account to send malicious links or files to that victim舗s entire list of friends. The receiving friend will think that the link or file is legitimate because it came from their friend. Some of the target friends won舗t think twice about clicking the link or downloading and executing the transferred file. The two popular ways a malware uses IM and chat to spread is by hijacking a user舗s IM account once.
Motion, i.e., running in the system, it has the full capabilities of its code. This means, when executing, the malware has available to it whatever protective mechanism it is endowed with by its writer. The following are the most common protective mechanisms employed by dynamic malware: ŠŠŠŠŠAnti-debugging ŠŠŠŠŠAnti-sandboxing ŠŠŠŠŠEnvironment lock ŠŠŠŠŠAnti-AV scanning ŠŠŠŠŠNetwork behavior protection Anti-debugging One of the most effective ways of tracing malware is to use a debugger.
For the reverser. The more difficult it is, the more time and effort that are needed. Sometimes, this is more than enough for the malware to be successful. ŠŠŠŠŠŠŠŠŠŠŠTIP ŠŠŠŠŠŠŠŠŠŠŠŠIt is always good to have disassembled code available while doing a debugging session. This is a good way to check for inconsistencies between the disassembled code and the actual execution path the debugger is taking. Anti-sandboxing In rare cases, static analysis is enough to extract information from malware.
Are those who have knowledge of and access to the needed credentials or tokens. In short, encryption when it comes to storage can occur by using the following: ŠŠŠŠŠPublic key cryptography ŠŠŠŠŠWhole data storage encryption Also, when it comes to confidentiality, it is important to consider data transmission and the security of the credentials needed to access to data. If for some reason the credentials, such as usernames, passwords, tokens, and private keys, are compromised and the malware.