Вход в систему
Инструкция по поиску

Детальная информация

Название Malware Analysis Techniques: Tricks for the Triage of Adversarial Software.
Авторы Barker Dylan.
Коллекция Электронные книги зарубежных издательств ; Общая коллекция
Тематика Malware (Computer software) ; Computer security. ; Computer Security ; Logiciels malveillants. ; Sécurité informatique. ; EBSCO eBooks
Тип документа Другой
Тип файла PDF
Язык Английский
Права доступа Доступ по паролю из сети Интернет (чтение, печать, копирование)
Ключ записи on1257077770
Дата создания записи 19.06.2021

Разрешенные действия

pdf/2937321.pdf
Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
epub/2937321.epub
Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Группа Анонимные пользователи
Сеть Интернет
Место доступа Группа пользователей Действие
Локальная сеть ИБК СПбПУ Все
Прочитать Печать Загрузить
Интернет Авторизованные пользователи СПбПУ
Прочитать Печать Загрузить
Интернет Анонимные пользователи
  • Cover
  • Copyright
  • Contributors
  • Table of Contents
  • Preface
  • Section 1: Basic Techniques
  • Chapter 1: Creating and Maintaining your Detonation Environment
    • Technical requirements
    • Setting up VirtualBox with Windows 10
      • Downloading and verifying VirtualBox
      • Installing Windows 10
    • Installing the FLARE VM package
    • Isolating your environment
    • Maintenance and snapshotting
    • Summary
  • Chapter 2: Static Analysis – Techniques and Tooling
    • Technical requirements
    • The basics – hashing
      • Hashing algorithms
      • Obtaining file hashes
    • Avoiding rediscovery of the wheel
      • Leveraging VirusTotal
    • Getting fuzzy
    • Picking up the pieces
      • Malware serotyping
      • Collecting strings
    • Challenges
      • Challenge 1
      • Challenge 2
    • Summary
    • Further reading
  • Chapter 3: Dynamic Analysis – Techniques and Tooling
    • Technical requirements
    • Detonating your malware
      • Monitoring for processes
      • Network IOC collection
    • Discovering enumeration by the enemy
      • Domain checks
      • System enumeration
      • Network enumeration
    • Case study – Dharma
    • Discovering persistence mechanisms
      • Run keys
      • Scheduled tasks
      • Malicious shortcuts and start up folders
      • Service installation
      • Uncovering common techniques
      • Final word on persistence
    • Using PowerShell for triage
    • Persistence identification
      • Registry keys
      • Service installation
      • Scheduled tasks
      • Less common persistence mechanisms
    • Checking user logons
    • Locating secondary stages
    • Examining NTFS (NT File System) alternate data streams
    • Challenge
    • Summary
  • Chapter 4: A Word on Automated Sandboxing
    • Technical requirements
    • Using HybridAnalysis
    • Using Any.Run
    • Installing and using Cuckoo Sandbox
      • Cuckoo installation – prerequisites
      • Installing VirtualBox
      • Cuckoo and VMCloak
      • Defining our VM
      • Configuring Cuckoo
      • Network configuration
      • Cuckoo web UI
      • Running your first analysis in Cuckoo
    • Shortcomings of automated analysis tools
    • Challenge
    • Summary
  • Section 2: Debugging and Anti-Analysis – Going Deep
  • Chapter 5: Advanced Static Analysis – Out of the White Noise
    • Technical requirements
    • Dissecting the PE file format
      • The DOS header
      • PE file header
      • Optional header
      • Section table
      • The Import Address Table
    • Examining packed files and packers
      • Detecting packers
      • Unpacking samples
    • Utilizing NSA's Ghidra for static analysis
      • Setting up a project in Ghidra
    • Challenge
    • Summary
    • Further reading
  • Chapter 6: Advanced Dynamic Analysis – Looking at Explosions
    • Technical requirements
    • Monitoring malicious processes
      • Regshot
      • Process Explorer
      • Process Monitor
      • Getting away with it
    • Network-based deception
      • FakeNet-NG
      • ApateDNS
    • Hiding in plain sight
      • Types of process injection
      • Detecting process injection
    • Case study – TrickBot
    • Challenge
    • Summary
  • Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
    • Technical requirements
    • Leveraging API calls to understand malicious capabilities
      • x86 assembly primer
    • Identifying anti-analysis techniques
      • Examining binaries in Ghidra for anti-analysis techniques
      • Other analysis checks
    • Tackling packed samples
      • Recognizing packed malware
      • Manually unpacking malware
    • Challenge
    • Summary
  • Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube
    • Technical requirements
    • Identifying obfuscation techniques
      • String encoding
      • String concatenation
      • String replacement
      • Other methodologies
    • Deobfuscating malicious VBS scripts
      • Utilizing VbsEdit
      • Using WScript.Echo
    • Deobfuscating malicious PowerShell scripts
      • Compression
      • Other methods within PowerShell
      • Emotet obfuscation
    • A word on obfuscation and de-obfuscation tools
      • Invoke-Obfuscation and PSDecode
      • JavaScript obfuscation and JSDetox
      • Other languages
    • Challenges
    • Summary
  • Section 3: Reporting and Weaponizing Your Findings
  • Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense
    • Technical requirements
    • Hashing prevention
      • Blocking hash execution with Group Policy
      • Other methodologies
    • Behavioral prevention
      • Binary and shell-based blocking
      • Network-based behaviors
    • Network IOCs – blocking at the perimeter
    • Common tooling for IOC-based blocking
    • Challenge
    • Summary
  • Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK
    • Technical requirements
    • Understanding MITRE's ATT&CK framework
      • Tactics – building a kill chain
    • Case study: Andromeda
      • Initial access
      • Execution
      • Persistence
      • Defense evasion
      • Command and Control
    • Utilizing MITRE ATT&CK for C-level reporting
      • Reporting considerations
    • Challenge
    • Summary
    • Further reading
  • Section 4: Challenge Solutions
  • Chapter 11: Challenge Solutions
    • Chapter 2 – Static Analysis – Techniques and Tooling
      • Challenge 1
      • Challenge 2
    • Chapter 3 – Dynamic Analysis – Techniques and Tooling
    • Chapter 4 – A Word on Automated Sandboxing
    • Chapter 5 – Advanced Static Analysis – Out of the White Noise
    • Chapter 6 – Advanced Dynamic Analysis – Looking at Explosions
    • Chapter 7 – Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
    • Chapter 8 – De-Obfuscating Malicious Scripts – Putting the Toothpaste Back in the Tube
    • Chapter 9 – The Reverse Card – Weaponization of IOCs and OSINT for Defense
    • Chapter 10 – Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK
    • Summary
  • Other Books You May Enjoy
  • Index
pdf/2937321.pdf

Количество обращений: 1 
За последние 30 дней: 0

Подробная статистика

epub/2937321.epub

Количество обращений: 0 
За последние 30 дней: 0

Подробная статистика