Details
| Title | Malware Analysis Techniques: Tricks for the Triage of Adversarial Software. |
|---|---|
| Creators | Barker Dylan. |
| Collection | Электронные книги зарубежных издательств ; Общая коллекция |
| Subjects | Malware (Computer software) ; Computer security. ; Computer Security ; Logiciels malveillants. ; Sécurité informatique. ; EBSCO eBooks |
| Document type | Other |
| File type | |
| Language | English |
| Rights | Доступ по паролю из сети Интернет (чтение, печать, копирование) |
| Record key | on1257077770 |
| Record create date | 6/19/2021 |
Allowed Actions
| pdf/2937321.pdf | – |
Action 'Read' will be available if you login or access site from another network
Action 'Download' will be available if you login or access site from another network
|
|---|---|---|
| epub/2937321.epub | – |
Action 'Download' will be available if you login or access site from another network
|
| Group | Anonymous |
|---|---|
| Network | Internet |
| Network | User group | Action |
|---|---|---|
| ILC SPbPU Local Network | All |
|
| Internet | Authorized users SPbPU |
|
| Internet | Anonymous |
|
- Cover
- Copyright
- Contributors
- Table of Contents
- Preface
- Section 1: Basic Techniques
- Chapter 1: Creating and Maintaining your Detonation Environment
- Technical requirements
- Setting up VirtualBox with Windows 10
- Downloading and verifying VirtualBox
- Installing Windows 10
- Installing the FLARE VM package
- Isolating your environment
- Maintenance and snapshotting
- Summary
- Chapter 2: Static Analysis – Techniques and Tooling
- Technical requirements
- The basics – hashing
- Hashing algorithms
- Obtaining file hashes
- Avoiding rediscovery of the wheel
- Leveraging VirusTotal
- Getting fuzzy
- Picking up the pieces
- Malware serotyping
- Collecting strings
- Challenges
- Challenge 1
- Challenge 2
- Summary
- Further reading
- Chapter 3: Dynamic Analysis – Techniques and Tooling
- Technical requirements
- Detonating your malware
- Monitoring for processes
- Network IOC collection
- Discovering enumeration by the enemy
- Domain checks
- System enumeration
- Network enumeration
- Case study – Dharma
- Discovering persistence mechanisms
- Run keys
- Scheduled tasks
- Malicious shortcuts and start up folders
- Service installation
- Uncovering common techniques
- Final word on persistence
- Using PowerShell for triage
- Persistence identification
- Registry keys
- Service installation
- Scheduled tasks
- Less common persistence mechanisms
- Checking user logons
- Locating secondary stages
- Examining NTFS (NT File System) alternate data streams
- Challenge
- Summary
- Chapter 4: A Word on Automated Sandboxing
- Technical requirements
- Using HybridAnalysis
- Using Any.Run
- Installing and using Cuckoo Sandbox
- Cuckoo installation – prerequisites
- Installing VirtualBox
- Cuckoo and VMCloak
- Defining our VM
- Configuring Cuckoo
- Network configuration
- Cuckoo web UI
- Running your first analysis in Cuckoo
- Shortcomings of automated analysis tools
- Challenge
- Summary
- Section 2: Debugging and Anti-Analysis – Going Deep
- Chapter 5: Advanced Static Analysis – Out of the White Noise
- Technical requirements
- Dissecting the PE file format
- The DOS header
- PE file header
- Optional header
- Section table
- The Import Address Table
- Examining packed files and packers
- Detecting packers
- Unpacking samples
- Utilizing NSA's Ghidra for static analysis
- Setting up a project in Ghidra
- Challenge
- Summary
- Further reading
- Chapter 6: Advanced Dynamic Analysis – Looking at Explosions
- Technical requirements
- Monitoring malicious processes
- Regshot
- Process Explorer
- Process Monitor
- Getting away with it
- Network-based deception
- FakeNet-NG
- ApateDNS
- Hiding in plain sight
- Types of process injection
- Detecting process injection
- Case study – TrickBot
- Challenge
- Summary
- Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
- Technical requirements
- Leveraging API calls to understand malicious capabilities
- x86 assembly primer
- Identifying anti-analysis techniques
- Examining binaries in Ghidra for anti-analysis techniques
- Other analysis checks
- Tackling packed samples
- Recognizing packed malware
- Manually unpacking malware
- Challenge
- Summary
- Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube
- Technical requirements
- Identifying obfuscation techniques
- String encoding
- String concatenation
- String replacement
- Other methodologies
- Deobfuscating malicious VBS scripts
- Utilizing VbsEdit
- Using WScript.Echo
- Deobfuscating malicious PowerShell scripts
- Compression
- Other methods within PowerShell
- Emotet obfuscation
- A word on obfuscation and de-obfuscation tools
- Invoke-Obfuscation and PSDecode
- JavaScript obfuscation and JSDetox
- Other languages
- Challenges
- Summary
- Section 3: Reporting and Weaponizing Your Findings
- Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense
- Technical requirements
- Hashing prevention
- Blocking hash execution with Group Policy
- Other methodologies
- Behavioral prevention
- Binary and shell-based blocking
- Network-based behaviors
- Network IOCs – blocking at the perimeter
- Common tooling for IOC-based blocking
- Challenge
- Summary
- Chapter 10: Malicious Functionality: Mapping Your Sample to
MITRE ATT&CK
- Technical requirements
- Understanding MITRE's ATT&CK framework
- Tactics – building a kill chain
- Case study: Andromeda
- Initial access
- Execution
- Persistence
- Defense evasion
- Command and Control
- Utilizing MITRE ATT&CK for C-level reporting
- Reporting considerations
- Challenge
- Summary
- Further reading
- Section 4: Challenge Solutions
- Chapter 11: Challenge Solutions
- Chapter 2 – Static Analysis – Techniques and Tooling
- Challenge 1
- Challenge 2
- Chapter 3 – Dynamic Analysis – Techniques and Tooling
- Chapter 4 – A Word on Automated Sandboxing
- Chapter 5 – Advanced Static Analysis – Out of the White Noise
- Chapter 6 – Advanced Dynamic Analysis – Looking at Explosions
- Chapter 7 – Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
- Chapter 8 – De-Obfuscating Malicious Scripts – Putting the Toothpaste Back in the Tube
- Chapter 9 – The Reverse Card – Weaponization of IOCs and OSINT for Defense
- Chapter 10 – Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK
- Summary
- Chapter 2 – Static Analysis – Techniques and Tooling
- Other Books You May Enjoy
- Index
