Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Practical, Hands-On Learning
Дальше: 0. Malware Analysis Primer

, establishes the overall process and methodology of analyzing malware.

  • , teaches ways to get information from an executable without running it.

  • , walks you through setting up virtual machines to use as a safe environment for running malware.

  • , teaches easy-to-use but effective techniques for analyzing a malicious program by running it.

  • , “A Crash Course in x86 Assembly,” is an introduction to the x86 assembly language, which provides a foundation for using IDA Pro and performing in-depth analysis of malware.

  • , shows you how to use IDA Pro, one of the most important malware analysis tools. We’ll use IDA Pro throughout the remainder of the book.

  • , provides examples of C code in assembly and teaches you how to understand the high-level functionality of assembly code.

  • , covers a wide range of Windows-specific concepts that are necessary for understanding malicious Windows programs.

  • , explains the basics of debugging and how to use a debugger for malware analysts.

  • , shows you how to use OllyDbg, the most popular debugger for malware analysts.

  • , covers how to use the WinDbg debugger to analyze kernel-mode malware and rootkits.

  • , describes common malware functionality and shows you how to recognize that functionality when analyzing malware.

  • , discusses how to analyze a particularly stealthy class of malicious programs that hide their execution within another process.

  • , demonstrates how malware may encode data in order to make it harder to identify its activities in network traffic or on the victim host.

  • , teaches you how to use malware analysis to create network signatures that outperform signatures made from captured traffic alone.

  • , explains how some malware authors design their malware so that it is hard to disassemble, and how to recognize and defeat these techniques.

  • , describes the tricks that malware authors use to make their code difficult to debug and how to overcome those roadblocks.

  • , demonstrates techniques used by malware to make it difficult to analyze in a virtual machine and how to bypass those techniques.

  • , teaches you how malware uses packing to hide its true purpose, and then provides a step-by-step approach for unpacking packed programs.

  • , explains what shellcode is and presents tips and tricks specific to analyzing malicious shellcode.

  • , instructs you on how C++ code looks different once it is compiled and how to perform analysis on malware created using C++.

  • , discusses why malware authors may use 64-bit malware and what you need to know about the differences between x86 and x64.

  • , briefly describes Windows functions commonly used in malware.

  • , lists useful tools for malware analysts.

  • , provides the solutions for the labs included in the chapters throughout the book.

  • Our goal throughout this book is to arm you with the skills to analyze and defeat malware of all types. As you’ll see, we cover a lot of material and use labs to reinforce the material. By the time you’ve finished this book, you will have learned the skills you need to analyze any malware, including simple techniques for quickly analyzing ordinary malware and complex, sophisticated ones for analyzing even the most enigmatic malware.

    Let’s get started.

    sss
    sss

    © RuTLib.com 2015-2018