Malware Analyst's Cookbook and DVD

(0) Donner la première évaluation
CHF 39.00
Download est disponible immédiatement
eBook (epub)
Informations sur les eBooks
Les eBooks conviennent également aux appareils mobiles (voir les instructions).
Les eBooks d'Ex Libris sont protégés contre la copie par ADOBE DRM: apprenez-en plus.
Pour plus d'informations, cliquez ici.


A computer forensics "e;how-to"e; for fighting malicious code and analyzing incidents With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers.

Michael Hale Ligh is a malicious code analyst at Verisign iDefense and Chief of Special Projects at MNIN Security.

Steven Adair is a member of the Shadowserver Foundation and frequently analyzes malware and tracks botnets. He also investigates cyber attacks of all kinds with an emphasis on those linked to cyber espionage.

Blake Hartstein is the author of multiple security tools and a Rapid Response Engineer at Verisign iDefense, where he responds to malware incidents.

Matthew Richard has authored numerous security tools and also ran a managed security service for banks and credit unions.

Texte du rabat
Powerful, step-by-step solutions to dozens of common threats

We called this a cookbook because each "recipe" presents both the ingredients and the steps you take to resolve a specific problem or research a given threat. On the DVD, you'll find supporting files and original programs that provide additional resources. You'll learn how to analyze malware using tools written by the authors as well as hundreds of other publicly available tools. If your job involves incident response, computer forensics, systems security, or antivirus research, this book will become invaluable to you.

  • Learn to conduct online investigations without revealing your identity

  • Use honeypots to collect malware being distributed by bots and worms

  • Analyze JavaScript, PDFs, and Office documents for suspicious content

  • Build a low-budget malware lab with virtualization or bare bones hardware

  • Reverse engineer common encoding and encryption algorithms

  • Set up an advanced memory forensics platform for malware analysis

  • Investigate prevalent threats such as Zeus, Silent Banker, CoreFlood, Conficker, Virut, Clampi, Bankpatch, BlackEnergy, and many more!

On the DVD

Use the files on the DVD to follow along with the recipes or to conduct your own investigations and analyses. You will find:

  • Evidence files

  • Annotated videos

  • Source code

  • Windows and Linux tools

  • Over 50 original programs in Python, C/C++, and Perl

"The most useful technical security book I've read this year. A must-have for all who protect systems from malicious software."
Lenny Zeltser, Security Practice Director at Savvis and Senior Faculty Member at SANS Institute

"The ultimate guide for anyone interested in malware analysis."
Ryan Olson, Director, VeriSign iDefense Rapid Response Team

"Every page is filled with practical malware knowledge, innovative ideas, and useful tools. Worth its weight in gold!"
AAron Walters, Lead Developer of Volatility and VP of Security R&D at Terremark


Introduction xv

On The Book's DVD xxiii

1 Anonymizing Your Activities 1

Recipe 1-1: Anonymous Web Browsing with Tor 3

Recipe 1-2: Wrapping Wget and Network Clients with Torsocks 5

Recipe 1-3: Multi-platform Tor-enabled Downloader in Python 7

Recipe 1-4: Forwarding Traffic through Open Proxies 12

Recipe 1-5: Using SSH Tunnels to Proxy Connections 16

Recipe 1-6: Privacy-enhanced Web browsing with Privoxy 18

Recipe 1-7: Anonymous Surfing with 20

Recipe 1-8: Internet Access through Cellular Networks 21

Recipe 1-9: Using VPNs with Anonymizer Universal 23

2 Honeypots 27

Recipe 2-1: Collecting Malware Samples with Nepenthes 29

Recipe 2-2: Real-Time Attack Monitoring with IRC Logging 32

Recipe 2-3: Accepting Nepenthes Submissions over HTTP with Python 34

Recipe 2-4: Collecting Malware Samples with Dionaea 37

Recipe 2-5: Accepting Dionaea Submissions over HTTP with Python 40

Recipe 2-6: Real-time Event Notification and Binary Sharing with XMPP 41

Recipe 2-7: Analyzing and Replaying Attacks Logged by Dionea 43

Recipe 2-8: Passive Identification of Remote Systems with p0f 44

Recipe 2-9: Graphing Dionaea Attack Patterns with SQLite and Gnuplot 46

3 Malware Classification 51

Recipe 3-1: Examining Existing ClamAV Signatures 52

Recipe 3-2: Creating a Custom ClamAV Database 54

Recipe 3-3: Converting ClamAV Signatures to YARA 59

Recipe 3-4: Identifying Packers with YARA and PEiD 61

Recipe 3-5: Detecting Malware Capabilities with YARA 63

Recipe 3-6: File Type Identification and Hashing in Python 68

Recipe 3-7: Writing a Multiple-AV Scanner in Python 70

Recipe 3-8: Detecting Malicious PE Files in Python 75

Recipe 3-9: Finding Similar Malware with ssdeep 79

Recipe 3-10: Detecting Self-modifying Code with ssdeep 82

Recipe 3-11: Comparing Binaries with IDA and BinDiff 83

4 Sandboxes and Multi-AV Scanners 89

Recipe 4-1: Scanning Files with VirusTotal 90

Recipe 4-2: Scanning Files with Jotti 92

Recipe 4-3: Scanning Files with NoVirusThanks 93

Recipe 4-4: Database-Enabled Multi-AV Uploader in Python 96

Recipe 4-5: Analyzing Malware with ThreatExpert 100

Recipe 4-6: Analyzing Malware with CWSandbox 102

Recipe 4-7: Analyzing Malware with Anubis 104

Recipe 4-8: Writing AutoIT Scripts for Joebox 105

Recipe 4-9: Defeating Path-dependent Malware with Joebox 107

Recipe 4-10: Defeating Process-dependent DLLs with Joebox 109

Recipe 4-11: Setting an Active HTTP Proxy with Joebox 111

Recipe 4-12: Scanning for Artifacts with Sandbox Results 112

5 Researching Domains and IP Addresses 119

Recipe 5-1: Researching Domains with WHOIS 120

Recipe 5-2: Resolving DNS Hostnames 125

Recipe 5-3: Obtaining IP WHOIS Records 129

Recipe 5-4: Querying Passive DNS with BFK 132

Recipe 5-5: Checking DNS Records with Robtex 133

Recipe 5-6: Performing a Reverse IP Search with DomainTools 134

Recipe 5-7: Initiating Zone Transfers with dig 135

Recipe 5-8: Brute-forcing Subdomains with dnsmap 137

Recipe 5-9: Mapping IP Addresses to ASNs via Shadowserver 138

Recipe 5-10: Checking IP Reputation with RBLs 140

Recipe 5-11: Detecting Fast Flux with Passive DNS and TTLs 143

Recipe 5-12: Tracking Fast Flux Domains 146

Recipe 5-13: Static Maps with Maxmind, matplotlib, and pygeoip 148

Recipe 5-14: Interactive Maps with Google Charts API 152

6 Documents, Shellcode, and URLs 155

Recipe 6-1: Analyzing JavaScript with Spidermonkey 156

Recipe 6-2: Automatically Decoding JavaScript with Jsunpack 159

Recipe 6-3: Optimizing Jsunpack-n Decodings for Speed and Completeness 162

Recipe 6-4: Triggering exploits by Emulating Browser DOM Elements 163

Recipe 6-5: Extracting JavaScript from PDF Files with ...

Afficher plus

Détails sur le produit

Malware Analyst's Cookbook and DVD
Tools and Techniques for Fighting Malicious Code
eBook (epub)
Protection contre la copie numérique
Adobe DRM
Taille de fichier
12.55 MB
Nombre de pages
Afficher plus
Les clients ayant acheté cet article ont également acheté :