Windows APT Warfare - Sheng-Hao Ma, Ziv Chang, Federico Maggi

Windows APT Warfare

Identify and prevent Windows APT attacks effectively
Buch | Softcover
258 Seiten
2023
Packt Publishing Limited (Verlag)
978-1-80461-811-0 (ISBN)
42,35 inkl. MwSt
Windows APT Warfare assists you in understanding the inner workings of Windows systems and carrying out APT attacks. It starts with a tutorial on compiling code and goes on to explain the process of Windows systems and how attackers can exploit it to evade security measures, ensuring that you can stay safe from ATP malware.
Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Understand how malware evades modern security products
Learn to reverse engineer standard PE format program files
Become familiar with modern attack techniques used by multiple red teams

Book DescriptionAn Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you've understood the internal design of operating systems, you'll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you'll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection.

As you advance, you'll cover practical examples of malware and online game hacking, such as EXE infection, shellcode development, software packers, UAC bypass, path parser vulnerabilities, and digital signature forgery, gaining expertise in keeping your system safe from this kind of malware.



By the end of this book, you'll be well equipped to implement the red team techniques that you've learned on a victim's computer environment, attempting to bypass security and antivirus products, to test its defense against Windows APT attacks.

What you will learn

Explore various DLL injection techniques for setting API hooks
Understand how to run an arbitrary program file in memory
Become familiar with malware obfuscation techniques to evade antivirus detection
Discover how malware circumvents current security measures and tools
Use Microsoft Authenticode to sign your code to avoid tampering
Explore various strategies to bypass UAC design for privilege escalation

Who this book is forThis book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.

Sheng-Hao Ma is currently working as a threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education.

Table of Contents

From Source to Binaries – The Journey of a C Program
Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing
Dynamic API Calling – Thread, Process, and Environment Information
Shellcode Technique – Exported Function Parsing
Application Loader Design
PE Module Relocation
PE to Shellcode – Transforming PE Files into Shellcode
Software Packer Design
Digital Signature – Authenticode Verification
Reversing User Account Control and Bypassing Tricks
Appendix – NTFS, Paths, and Symbols

Erscheinungsdatum
Verlagsort Birmingham
Sprache englisch
Maße 75 x 93 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-80461-811-X / 180461811X
ISBN-13 978-1-80461-811-0 / 9781804618110
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00