Malware analyst cookbook

[gigiRoman]

Download pdf:https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Malware Analyst's Cookbook.pdf

Source code examples:https://github.com/mgoffin/malwarecookbook/blob/master/README.md

With our ever-increasing reliance on computers comes anever-growing risk of malware. Security professionals will findplenty of solutions in this book to the problems posed by viruses,Trojan horses, worms, spyware, rootkits, adware, and other invasivesoftware. Written by well-known malware experts, this guide revealssolutions to numerous problems and includes a DVD of customprograms and tools that illustrate the concepts, enhancing yourskills.

    Security professionals face a constant battle against malicioussoftware; this practical manual will improve your analyticalcapabilities and provide dozens of valuable and innovativesolutions
    Covers classifying malware, packing and unpacking, dynamicmalware analysis, decoding and decrypting, rootkit detection,memory forensics, open source malware research, and much more
    Includes generous amounts of source code in C, Python, and Perlto extend your favorite tools or build new ones, and customprograms on the DVD to demonstrate the solutions

Malware Analyst's Cookbook is indispensible to ITsecurity administrators, incident responders, forensic analysts,and malware researchers.

From the Back Cover

Powerful, step-by-step solutions to dozens of common threats

We called this a cookbook because each "recipe" presents boththe ingredients and the steps you take to resolve a specificproblem or research a given threat. On the DVD, you'll findsupporting files and original programs that provide additionalresources. You'll learn how to analyze malware using tools writtenby the authors as well as hundreds of other publicly availabletools. If your job involves incident response, computer forensics,systems security, or antivirus research, this book will becomeinvaluable to you.

    Learn to conduct online investigations without revealing youridentity

    Use honeypots to collect malware being distributed by bots andworms

    Analyze JavaScript, PDFs, and Office documents for suspiciouscontent

    Build a low-budget malware lab with virtualization or bare boneshardware

    Reverse engineer common encoding and encryption algorithms

    Set up an advanced memory forensics platform for malwareanalysis

    Investigate prevalent threats such as Zeus, Silent Banker,CoreFlood, Conficker, Virut, Clampi, Bankpatch, BlackEnergy, andmany more!

On the DVD

Use the files on the DVD to follow along with the recipes or toconduct your own investigations and analyses. You will find:

    Evidence files

    Annotated videos

    Source code

    Windows and Linux tools

    Over 50 original programs in Python, C/C++, and Perl

"The most useful technical security book I've read this year. Amust-have for all who protect systems from malicioussoftware."
—Lenny Zeltser, Security Practice Director at Savvisand Senior Faculty Member at SANS Institute

"The ultimate guide for anyone interested in malwareanalysis."
—Ryan Olson, Director, VeriSign iDefense RapidResponse Team

"Every page is filled with practical malware knowledge,innovative ideas, and useful tools. Worth its weight ingold!"
—AAron Walters, Lead Developer of Volatility and VP ofSecurity R&D at Terremark

About the Author

Michael Hale Ligh is a malicious code analyst at VerisigniDefense and Chief of Special Projects at MNIN Security.

Steven Adair is a member of the Shadowserver Foundationand frequently analyzes malware and tracks botnets. He alsoinvestigates cyber attacks of all kinds with an emphasis on thoselinked to cyber espionage.

Blake Hartstein is the author of multiple security toolsand a Rapid Response Engineer at Verisign iDefense, where heresponds to malware incidents.

Matthew Richard has authored numerous security tools andalso ran a managed security service for banks and creditunions.

[Guest]

Pe langa toate uneltele pe care le foloseste toata lumea, partea cea mai grea este codul assembly (intelegerea lui), dar si cea mai rewarding. Daca planuiti sa fiti buni la asa ceva ati face bine sa intelegeti cod assembly. In videoclipul de mai jos se vorbeste despre asa ceva, e destul de greu, dar in asta consta.

 

 

[gigiRoman]

Ai dreptate:

AMD and Intel use the same instruction set.

When you install windows on an AMD processor or an Intel processor, it doesn't "compile" code on the machine.

I remember many people being confused on this subject back during college. They believe that a "setup" means that it is compiling code on your machine. It isn't. Most if not all Windows application outside of the free realms, are given to you by binary.

As for portability, that isn't neccessarily 100% true. While C is highly portable, in many cases writing for a specific OS or system will result in the code only being able to compile/executed on that box. For example, certain Unix machines handle files and directories differently so it might not be 100% portable.

 

Pana acum credeam ca se executa alte instructiuni.

Stiu ca c are o directiva in interiorul careia poti scrie cod assembly.

Mai multe nu prea stiu, dar o sa aprofundez.

Alte artifacte interesante ar mai fi registrii si clasele windows (unele sunt prin cartea totul de c/c++ de chris jamsa.) Functiile ascunde de sistem de operare, threaduri, activex-uri, comuri.

[KLK214]

faina cartea, multam

aici e si dvdu

https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Malware Analyst's Cookbook - DVD.iso

 

[gigiRoman]

O sa trec aici ce gasesc interesant:

Example 3: IAT and Version Information

RECIPE  3-9: FINDINg SIMILAR  MALWARE  WITH  SSDEEP

RECIPE  3-10: DETECTINg SELF-MoDIFYINg CoDE  WITH  SSDEEP

 

Revin pe parcurs ce mai gasesc cate ceva.

succes!