Jump to content
Nytro

[Ebook] Practical Malware Analysis

By Nytro, in Reverse engineering & exploit development

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Practical Malware Analysis[/h][h=3]The Hands-On Guide to Dissecting Malicious Software[/h]

practical_malware_analysis.jpg

[h=4]Book Description[/h] Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

B R I E F C O N T E N T S
About the Authors .........................................................................................................xix
Foreword by Richard Bejtlich ..........................................................................................xxi
Acknowledgments ........................................................................................................xxv
Introduction ............................................................................................................... xxvii
Chapter 0: Malware Analysis Primer .................................................................................1
PART 1: BASIC ANALYSIS
Chapter 1: Basic Static Techniques....................................................................................9
Chapter 2: Malware Analysis in Virtual Machines.............................................................29
Chapter 3: Basic Dynamic Analysis .................................................................................39
PART 2: ADVANCED STATIC ANALYSIS
Chapter 4: A Crash Course in x86 Disassembly ...............................................................65
Chapter 5: IDA Pro .......................................................................................................87
Chapter 6: Recognizing C Code Constructs in Assembly..................................................109
Chapter 7: Analyzing Malicious Windows Programs.......................................................135
PART 3: ADVANCED DYNAMIC ANALYSIS
Chapter 8: Debugging.................................................................................................167
www.it-ebooks.info
vi Brief Contents
Chapter 9: OllyDbg ....................................................................................................179
Chapter 10: Kernel Debugging with WinDbg.................................................................205
PART 4: MALWARE FUNCTIONALITY
Chapter 11: Malware Behavior ....................................................................................231
Chapter 12: Covert Malware Launching ........................................................................253
Chapter 13: Data Encoding .........................................................................................269
Chapter 14: Malware-Focused Network Signatures.........................................................297
PART 5: ANTI-REVERSE-ENGINEERING
Chapter 15: Anti-Disassembly.......................................................................................327
Chapter 16: Anti-Debugging ........................................................................................351
Chapter 17: Anti-Virtual Machine Techniques .................................................................369
Chapter 18: Packers and Unpacking .............................................................................383
PART 6: SPECIAL TOPICS
Chapter 19: Shellcode Analysis ....................................................................................407
Chapter 20: C++ Analysis ...........................................................................................427
Chapter 21: 64-Bit Malware.........................................................................................441
Appendix A: Important Windows Functions ....................................................................453
Appendix B: Tools for Malware Analysis........................................................................465
Appendix C: Solutions to Labs ......................................................................................477
Index .........................................................................................................................733

[TABLE=width: 100%]

[TR]

[TD=colspan: 2][h=4]Book Details[/h][/TD]

[/TR]

[TR]

[TD=width: 150]Publisher:[/TD]

[TD]No Starch Press[/TD]

[/TR]

[TR]

[TD]By:[/TD]

[TD]Michael Sikorski, Andrew Honig[/TD]

[/TR]

[TR]

[TD]ISBN:[/TD]

[TD]978-1-59327-290-6[/TD]

[/TR]

[TR]

[TD]Year:[/TD]

[TD]2012[/TD]

[/TR]

[TR]

[TD]Pages:[/TD]

[TD]800[/TD]

[/TR]

[TR]

[TD]Language:[/TD]

[TD]English[/TD]

[/TR]

[TR]

[TD]File size:[/TD]

[TD]10.6 MB[/TD]

[/TR]

[TR]

[TD]File format:

[/TD]

[TD]PDF[/TD]

[/TR]

[TR]

[TD=colspan: 2][h=4]eBook[/h][/TD]

[/TR]

[TR]

[TD]Download:[/TD]

[TD] Practical Malware Analysis

[/TD]

[/TR]

[/TABLE]

[TABLE=width: 100%]

[TR]

[TD=colspan: 2][h=4]Paper Book[/h][/TD]

[/TR]

[TR]

[TD]Buy:

[/TD]

[TD]Practical Malware Analysis[/TD]

[/TR]

[TR]

[TD=colspan: 2][h=4]Online Book[/h][/TD]

[/TR]

[TR]

[TD]Read:[/TD]

[TD]Practical Malware Analysis[/TD]

[/TR]

[TR]

[TD=colspan: 2][/TD]

[/TR]

[/TABLE]

Mirror:

http://www.speedyshare.com/9a5q7/practical-malware-analysis.pdf
http://www.girlshare.ro/32812315.8
http://fisierulmeu.ro/520LCPTF5B05/practical-malware-analysis-pdf.html

Sursa: Practical Malware Analysis - Free Download eBook - pdf

  • Upvote 1
gigiRoman Proficient

gigiRoman

Posted
Posted

Practical Malware Analysis Starter Kit

Package last updated: 2016-05-14

This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought. I’ve done what I can to compile it all in one place for my own convenience and I figured I’d share it. It contains:

MD5DEEP 4.4 and related tools (sha1deep, hashdeep, whirlpooldeep, etc) and 64-bit equivalents.

WinMD5Free v1.20

PEiD v0.95 with KANAL plugin

Strings v2.52

upx 3.91

PEview v0.9.9

Resource Hacker v4.2.5

PEBrowse Professional v10.1.4

PEBrowse64 Professional v6.3.1

PE Explorer 1.99 R6 (Trial)

Process Monitor (procmon) v3.2

Process Explorer (procexp) v16.10

Regshot v1.9.0

ApateDNS v1.0

Netcat (nc) 1.11 and 64-bit build

Wireshark v2.0.3

FakeNet 1.0c (INetSim alternative for Windows)

Combined Volume Set of Intel® 64 and IA-32 Architectures Software Developer’s Manuals

IDA Pro Free v5.0 with FindCrypt plugin, IDA Entropy Plugin

Autoruns v13.51 and autorunsc

OllyDbg v1.10 and v2.01d

OllyDump Plugin

WinDbg x86 and x64 v6.11.1.404

Immunity Debugger (ImmDbg) v1.85

SoftICE 4.05 for w98 and NT/XP (SEE FOOTER)

SoftIceNT 4.2.7 (from 2.7 Driver Studio build) for XP (SEE FOOTER)

OSR Driver Loader v3.0

Poison Ivy RAT 2.3.2 (Password is “malware” with no quotes, if the exe is eaten by your AV)

pwdump6 (as PwDump.exe)

pwdump7

Pass-The-Hash Toolkit v1.4

Metasploit Framework v4.11.7

PyCrypto (Requires Python 2.7)

Snort 2.9.8.2

ScoopyNG v1.0

Mandiant Red Curtain 1.0

ASPack 2.39 (Trial)

PETite v2.4

WinUPack v0.39 Final

Themida 2.4.1.0 (Trial)

shellcode_launcher.exe (Gone from practicalmalwareanalysis.com)

Bochs 2.6.8

Burp Suite 1.7.03

CaptureBAT 2.0.0-5574

Cuckoo 2.0-RC1 (Requires Python)

CFF Explorer (As Explorer Suite 4)

WinHex 18.8.0.0

Import REConstructor (ImpREC) 1.7e

LordPE 1.41 Deluxe

Malcode Analyst Pack

Memoryze 3.0

OfficeMalScanner 0.5

Zynamics BinDiff 4.20 (Key provided by Zynamics)

pdfid.py and pdf-parser.py (Requires Python, obviously)

Sandboxie v5.10

Buster Sandbox Analyzer v1.88 Update 4

TCPView v3.05

The Sleuth Kit 4.2.0 for Windows

VERA v0.3

Volatility 2.5

Yara v1.7.1 x86 and x64

Docs and Licenses when given are in their own folders. I recommend you add the “Portable Binaries” folder to your Windows PATH.

WARNING: This is not a toy. There are malicious code samples provided in the labs. Poison Ivy is real C2 malware. Use extreme caution with this software.

COPYRIGHT: I do not claim copyright to any of the software packaged. All software provided was freely available online, and included in one place for your convenience.

PASSWORD: The password to open the zip is “malware” with no quotes. You will likely need to make exceptions in your AV for the folder you place and extract this package.

REGARDING SOFTICE: The provided build of SoftICE is a pirated scene release from 2000. I would consider it abandonware, as it has changed hands from NuMega to Compuware and again to Micro Focus, who has not released or updated the software. It has not received an update nor been available for purchase in ten years. If you are uncomfortable having this software, simply delete SoftICE427installnt.exe, SI405w9x.exe, and the SoftICE 4.05 NT and XP folder from Setup Binaries. It was exceedingly difficult to find the Windows XP version so I have included it for posterity.

REGARDING LORDPE: LordPE looks like a pirated scene release but was actually created as a scene tool.

Download: zip or torrent.

Sursa: https://bluesoul.me/practical-malware-analysis-starter-kit/

  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...