Evasive Malware - Kyle Cucci

Evasive Malware

Understanding Deceptive and Self-Defending Threats

(Autor)

Buch | Softcover
488 Seiten
2024
No Starch Press,US (Verlag)
978-1-7185-0326-7 (ISBN)
83,50 inkl. MwSt
Dive into the fascinating and terrifying world of evasive malware - malicious software designed to avoid detection. The first of its kind, this thorough introduction is full of practical information, real-world examples, and cutting-edge techniques for discovering, reverse-engineering, and analysing state-of-the-art malware. Beginning with foundational knowledge about malware analysis in the context of the Windows OS, you'll learn about the evasive manoeuvres that malware programs use to determine whether they're being analysed and the tricks they employ to avoid detection. You'll explore the ways malware circumvents security controls, such as network or endpoint defence bypasses, anti-forensics techniques, and malware that deploys data and code obfuscation. At the end of the book, you'll build your very own anti-evasion analysis lab. You'll learn: Modern evasive malware threats, anti-analysis techniques used in malware, how malware bypasses and circumvents security controls, how malware uses victim targeting and profiling techniques, how malware uses anti-forensics and file-less techniques, how to perform malware analysis and reverse engineering on evasive programs.

Kyle Cucci has over 17 years in cybersecurity and IT, including roles as a malware analyst and detection engineer with Proofpoint’s Threat Research team and leader of the forensic investigations and malware research teams at Deutsche Bank. Cucci regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Cucci enjoys contributing to the community via open source tooling, research, and blogging.

Introduction

Part I: The Fundamentals
Chapter 1: Windows Foundational Concepts
Chapter 2: A Crash Course in Malware Triage and Behavioral Analysis
Chapter 3: A Crash Course in Static and Dynamic Code Analysis

Part II: Context Awareness and Sandbox Evasion
Chapter 4: Enumerating Operating System Artifacts
Chapter 5: User Environment and Interaction Detection
Chapter 6: Enumerating Hardware and Network Configurations
Chapter 7: Runtime Environment and Virtual Processor Anomalies
Chapter 8: Evading Sandboxes and Disrupting Analysis

Part III: Anti-reversing
Chapter 9: Anti-disassembly
Chapter 10: Anti-debugging
Chapter 11: Covert Code Execution and Misdirection

Part IV: Defense Evasion
Chapter 12: Process Injection, Manipulation, and Hooking
Chapter 13: Evading Network and Endpoint Defenses
Chapter 14: An Introduction to Rootkits
Chapter 15: Fileless Malware and Anti-forensics

Part V: Other Topics
Chapter 16: Encoding and Encryption
Chapter 17: Packers and Unpacking Malware
Chapter 18: Tips for Building an Anti-evasion Analysis Lab

Appendix A: Evasion-Related Windows API Functions
Appendix B: Windows LOLbins and Example Usage
Appendix C: Further Reading

Erscheint lt. Verlag 10.9.2024
Verlagsort San Francisco
Sprache englisch
Maße 177 x 234 mm
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 1-7185-0326-1 / 1718503261
ISBN-13 978-1-7185-0326-7 / 9781718503267
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
IT-Sicherheit - Claudia Eckert
IT-Sicherheit
Konzepte – Verfahren – Protokolle

von Claudia Eckert

Buch | Hardcover (2023)
De Gruyter Oldenbourg (Verlag)
84,95
auf Facebook teilen
bei Twitter
Link zu dieser Seite kopieren