Kyle Cucci

Evasive Malware

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats. Sprache: Englisch.
epub eBook , 488 Seiten
ISBN 171850327X
EAN 9781718503274
Veröffentlicht September 2024
Verlag/Hersteller No Starch Press
Familienlizenz Family Sharing

Auch erhältlich als:

Taschenbuch
85,50
58,99 inkl. MwSt.
Sofort Lieferbar (Download)
Teilen
Beschreibung

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.
We're all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today's malicious software and show you how to defeat them.
Following a crash course on using static and dynamic code analysis to uncover malware's true intentions, you'll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You'll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You'll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you'll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.
You'll learn how malware:
- Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected - Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis- Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering- Detects debuggers and circumvents dynamic and static code analysis
You'll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you're a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today's cyber adversaries.

Portrait

Kyle Cucci has over 17 years in cybersecurity and IT, including roles as a malware analyst and detection engineer with Proofpoint's Threat Research team and leader of the forensic investigations and malware research teams at Deutsche Bank. Cucci regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Cucci enjoys contributing to the community via open source tooling, research, and blogging.

Technik
Sie können dieses eBook zum Beispiel mit den folgenden Geräten lesen:
• tolino Reader 
Laden Sie das eBook direkt über den Reader-Shop auf dem tolino herunter oder übertragen Sie das eBook auf Ihren tolino mit einer kostenlosen Software wie beispielsweise Adobe Digital Editions. 
• Sony Reader & andere eBook Reader 
Laden Sie das eBook direkt über den Reader-Shop herunter oder übertragen Sie das eBook mit der kostenlosen Software Sony READER FOR PC/Mac oder Adobe Digital Editions auf ein Standard-Lesegeräte. 
• Tablets & Smartphones 
Möchten Sie dieses eBook auf Ihrem Smartphone oder Tablet lesen, finden Sie hier unsere kostenlose Lese-App für iPhone/iPad und Android Smartphone/Tablets. 
• PC & Mac 
Lesen Sie das eBook direkt nach dem Herunterladen mit einer kostenlosen Lesesoftware, beispielsweise Adobe Digital Editions, Sony READER FOR PC/Mac oder direkt über Ihre eBook-Bibliothek in Ihrem Konto unter „Meine eBooks“ -  „online lesen“.
 
Bitte beachten Sie, dass die Kindle-Geräte das Format nicht unterstützen und dieses eBook somit nicht auf Kindle-Geräten lesbar ist.