Text
Practical malware analysis
Anak judul: the hands-on guide to dissecting malicious software.
Malware Analysis Primer
Basic Static Techniques
< >Antivirus Scanning: A Useful First Step
< >Hashing: A Fingerprint for Malware
< >Finding Strings
< >Packed and Obfuscated Malware
< >Portable Executable File Format
< >Linked Libraries and Functions
< >Static Analysis in Practice
< >The PE File Headers and Sections
Malware Analysis in Virtual Machines
< >The Structure of a Virtual Machine
< >Creating Your Malware Analysis Machine
< >Using Your Malware Analysis Machine
< >The Risks of Using VMware for Malware Analysis
< >Record/Replay: Running Your Computer in Reverse
Basic Dynamic Analysis
< >Sandboxes: The Quick-and-Dirty Approach
< >Running Malware
< >Monitoring with Process Monitor
< >Viewing Processes with Process Explorer
< >Comparing Registry Snapshots with Regshot
< >Faking a Network
< >Packet Sniffing with Wireshark
< >Using INetSim
< >Basic Dynamic Tools in Practice
A Crash Course in x86 Disassembly
< >Levels of Abstraction
< >Reverse-Engineering
< >The x86 Architecture
IDA Pro
< >Loading an Executable
< >The IDA Pro Interface
< >Using Cross-References
< >Analyzing Functions
< >Using Graphing Options
< >Enhancing Disassembly
< >Extending IDA with Plug-ins
Recognizing C Code Constructs in Assembly
< >Global vs. Local Variables
< >Disassembling Arithmetic Operations
< >Recognizing if Statements
< >Recognizing Loops
< >Understanding Function Call Conventions
< >Analyzing switch Statements
< >Disassembling Arrays
< >Identifying Structs
< >Analyzing Linked List Traversal
Analyzing Malicious Windows Programs
< >The Windows API
< >The Windows Registry
< >Networking APIs
< >Following Running Malware
< >Kernel vs. User Mode
< >The Native API
Debugging
< >Source-Level vs. Assembly-Level Debuggers
< >Kernel vs. User-Mode Debugging
< >Using a Debugger
< >Exceptions
< >Modifying Execution with a Debugger
< >Modifying Program Execution in Practice
OllyDbg
< >Loading Malware
< >The OllyDbg Interface
< >Memory Map
< >Viewing Threads and Stacks
< >Executing Code
< >Breakpoints
< >Loading DLLs
< >Tracing
< >Exception Handling
< >Patching
< >Analyzing Shellcode
< >Assistance Features
< >Plug-ins
< >Scriptable Debugging
Kernel Debugging with WinDbg
< >Drivers and Kernel Code
< >Setting Up Kernel Debugging
< >Using WinDbg
< >Microsoft Symbols
< >Kernel Debugging in Practice
< >Rootkits
< >Loading Drivers
< >Kernel Issues for Windows Vista, Windows 7, and x64 Versions
Malware Behavior
< >Downloaders and Launchers
< >Backdoors
< >Credential Stealers
< >Persistence Mechanisms
< >Privilege Escalation
< >Covering Its Tracks-User-Mode Rootkits
Covert Malware Launching
< >Launchers
< >Process Injection
< >Process Replacement
< >Hook Injection
< >Detours
< >APC Injection
Data Encoding
< >The Goal of Analyzing Encoding Algorithms
< >Simple Ciphers
< >Common Cryptographic Algorithms
< >Custom Encoding
< >Decoding
Malware-Focused Network Signatures
< >Network Countermeasures
< >Safely Investigate an Attacker Online
< >Content-Based Network Countermeasures
< >Combining Dynamic and Static Analysis Techniques
< >Understanding the Attacker
Availability
No copy data
Detail Information
- Series Title
-
null
- Call Number
-
005.84 SIK p
- Publisher
- san francisco : No Starch Press., 2012
- Collation
-
xxxi, 766 hlm.; ilus.; 23 cm.
- Language
-
English
- ISBN/ISSN
-
9781593272906
- Classification
-
005.84
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
null
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
Michael Sikorski dan Andrew Honig
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography