Home | Amazing | Today | Tags | Publishers | Years | Account | Search 
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

The phone rings, and the networking guys tell you that you’ve been hacked and that your customers’ sensitive information is being stolen from your network. You begin your investigation by checking your logs to identify the hosts involved. You scan the hosts with antivirus software to find the malicious program, and catch a lucky break when it detects a trojan horse named TROJ.snapAK. You delete the file in an attempt to clean things up, and you use network capture to create an intrusion detection system (IDS) signature to make sure no other machines are infected. Then you patch the hole that you think the attackers used to break in to ensure that it doesn’t happen again.

Then, several days later, the networking guys are back, telling you that sensitive data is being stolen from your network. It seems like the same attack, but you have no idea what to do. Clearly, your IDS signature failed, because more machines are infected, and your antivirus software isn’t providing enough protection to isolate the threat. Now upper management demands an explanation of what happened, and all you can tell them about the malware is that it was TROJ.snapAK. You don’t have the answers to the most important questions, and you’re looking kind of lame. How do you determine exactly what TROJ.snapAK does so you can eliminate the threat? How do you write a more effective network signature? How can you find out if any other machines are infected with this malware? How can you make sure you’ve deleted the entire malware package and not just one part of it? How can you answer management’s questions about what the malicious program does?

All you can do is tell your boss that you need to hire expensive outside consultants because you can’t protect your own network. That’s not really the best way to keep your job secure.

Ah, but fortunately, you were smart enough to pick up a copy of Practical Malware Analysis. The skills you’ll learn in this book will teach you how to answer those hard questions and show you how to protect your network from malware.

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You'll learn how to:

  • Set up a safe virtual environment to analyze malware
  • Quickly extract network signatures and host-based indicators
  • Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
  • Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
  • Use your newfound knowledge of Windows internals for malware analysis
  • Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
  • Analyze special cases of malware with shellcode, C++, and 64-bit code

Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

(HTML tags aren't allowed.)

Lessons in Project Management
Lessons in Project Management

Most of the project management books on the market are basically textbooks. They are dry to begin with, and don't focus on the practical advice that most people need to run their projects. Lessons in Project Management, Second Edition does not assume that you are a project manager building a nuclear reactor or sending a...

SAS Programming in the Pharmaceutical Industry
SAS Programming in the Pharmaceutical Industry

This book was written for the entry- to intermediate-level SAS programmer who helps with the analysis and reporting of clinical trial data in the pharmaceutical industry. The industry may call this individual a “SAS programmer,” “clinical SAS programmer,” “statistical/stats programmer,”...

RESTful Java Web Services Security
RESTful Java Web Services Security

Secure your RESTful applications against common vulnerabilities

About This Book

  • Learn how to use, configure, and set up tools for applications that use RESTful web services to prevent misuse of resources
  • Get to know and fix the most common vulnerabilities of RESTful web services APIs
  • ...

Fedora 8 and Red Hat Enterprise Linux Bible
Fedora 8 and Red Hat Enterprise Linux Bible
With the Fedora Linux operating system and the instructions in this book, you can transform your PC into a safe, powerful, and free computer system. Starting with Fedora, you can simply replace (or coexist with) Microsoft Windows on your everyday desktop computer. You can also configure your computer to share your files, printers, Web pages, or...
Architectures and Mechanisms for Language Processing
Architectures and Mechanisms for Language Processing

The chapters in the present volume constitute a selection from the papers presented at AMLaP-95, the first conference on "Architectures and Mechanisms for Language Processing." AMLaP-95 came about when members of the Human Communication Research Centre at the Universities of Edinburgh and Glasgow decided to have a small workshop in...

sendmail Desktop Reference
sendmail Desktop Reference
The sendmail program is a Mail Transport Agent (MTA). It accepts mail from Mail User Agents
(MUAs), mail users (humans), and other MTAs. It then delivers that mail to Mail Delivery Agents
(MDAs) on the local machine, or transports that mail to another MTA at another machine. The behavior
of sendmail is determined by its command line
©2019 LearnIT (support@pdfchm.net) - Privacy Policy