精通Windows平台恶意软件分析

5星 · 超过95%的资源需积分: 9 115 浏览量更新于2024-07-21 收藏 9.04MB PDF 举报

"Windows.Malware.Analysis.Essentials.1785281518" 本书《Windows Malware Analysis Essentials》是针对Windows平台恶意软件分析的基础指南，旨在提升读者的反恶意软件技能。书中通过实际操作的步骤，由业内专家揭示恶意软件分析的过程，适合已经具备逆向工程Windows可执行文件经验的读者。书中采用“展示与讲述”的方法，通过实例让分析员更自信地独立处理恶意软件分析任务。通过阅读本书，你将学习到： 1. 了解位数系统和布尔代数，这对恶意软件研究至关重要。 2. 掌握静态和动态分析方法，并构建自己的恶意软件实验室。 3. 分析真实世界中的破坏性恶意软件样本，包括指纹识别、静态/动态分析直至最终报告。 4. 理解不同的链接模式，并学习如何从汇编代码编译自己的库，将代码整合到最终程序中。 5. 熟悉各种模拟器、调试器及其功能，以及沙箱的设置，以便在不同场景下有效应对。 6. 应对PDF、MS-Office基础的恶意软件以及脚本和shellcode等其他恶意软件载体。书中从计算基础知识如数字系统和布尔代数开始，然后深入x86汇编编程，将其与C++等高级语言结合。你将学会如何解析从编译源代码得到的反汇编代码并映射回其原始设计目标。通过分析真实恶意软件样本，增强你处理破坏性恶意软件二进制文件和传播机制的技术。同时，书中还会强调分析实验室的安全措施，防止分析过程中受到感染。此外，你将全面了解各种模拟、沙箱和调试选项，以便在需要特定工具对抗恶意软件时能做出正确的选择。本书采用易于跟随的实践指导方式，配有描述和截图，帮助你有效地进行恶意软件调查，并创造性、自信地提出解决方案。书中的章节标题包括“下到兔子洞”、“与死者共舞”、“进行通灵会话”、“穿越平行维度”和“善与恶的较量——Ogre Wars”，这些象征性的标题旨在以生动的方式引导你深入理解恶意软件分析的不同阶段。《Windows Malware Analysis Essentials》是一本全面而深入的教程，无论你是想进一步提升反恶意软件技能的专业人士，还是对恶意软件分析感兴趣的初学者，都能从中受益匪浅。

Preface

[ vii ]

Chapter 5, Good versus Evil – Ogre Wars, rounds off the earlier excursions with a

general set of devices—from the conguration of the Linux virtual machine guest

for wiretapping the network activity of malware, to exploring XOR deobfuscations

programmatically. Thereafter, you will revisit malware analysis with a different

target—malicious web scripts, and you will learn how the innards are picked one

by one, gathering information about the exploits used, the various infection vectors,

dealing with obfuscated JavaScript and working with a rather familiar set of new

tools. You will also be introduced to Mandiant Redline for malware forensics, and

nally end the tour with a discussion of bytecode decompilation utilities and open

source tools for malware intelligence gathering.

What you need for this book

Apart from a working brain (which is not optional), you will need:

• Any x86/x64 PC/Laptop (recent Mac hardware too) which is any system

you have purchased in the past 5 years minimum with a version of Windows

XP/7/ 8 or above. You can additionally use virtualization software like

VMWare Fusion/Parallels if you are on MacOS to run the examples in

Windows OS versions. Please refer to the respective software manuals

for the installation procedures.

• Some commercial tools that also have free versions from the vendor website

(for instance IDA Pro).

• Visual C++ 2008, which is the minimum version you will need in order to

work with the programming examples and exercises in this book.

• VMWare and VirtualBox, which are two software solutions to virtualization

that will be instrumental in keeping your system safe and completing the

malware analysis-specic workows discussed in this book.

Most of the analysis tools are available as free downloads from the links included as

they are mentioned in the chapters ahead.

[ 1 ]

Down the Rabbit Hole

Before we get started with analyzing malware, you need to start at the baseline,

which will involve reviewing some fundamental tenets of computer science. Malware

analysis essentially deals with an in-depth investigation of a malicious software

program, usually in some binary form procured through collection channels/

repositories/infected systems or even your own Frankenstein creations in a lab. In this

book, we focus on Windows OS malware and the myriad methods and the inventory

required for their analyses. Much like a time and space tradeoff for computer

algorithms (and the innite monkeys with typewriters paradigm), the analyst must

be aware that given enough time, any sample can be analyzed thoroughly, but due to

practical constraints, they must be selective in their approach so that they can leverage

the existing solutions to the fullest without compromising on the required details.

If churning out anti-virus signatures for immediate dispersal to client systems is the

priority, then nding the most distinguishing characteristic or feature in the sample is

a top priority. If network forensics is the order of the day, then in-depth packet traces

and packet analyses must be carried out. If it's a memory-resident malware, then

malware memory forensics has to be dealt with. Likewise, in unpacking an armored

sample, xing the imports/exports table to get a running executable might not be the

best use of your time, as if the imports are functional in memory and the details are

available, investigation of the Modus Operandi (MO) must be the primary focus and

not memory carving, particularly if time is a factor. Perfectionism in any process has

its benets and liabilities. Malware analysis is both a science and an art. I believe it is

more like a craft wherein the tools get the work done if you know how to use them

creatively, like a sculptor who has a set of mundane chisels to remove stone chips

and etch a gure of fantasy out of it. As any artist worth his salt would say, he is

still learning his craft.

剩余329页未读，继续阅读

ramissue

粉丝: 354
资源: 1487

精通Windows平台恶意软件分析

PRACTICAL MALWARE ANALYSIS

Windows Malware Analysis Essentials 无水印pdf

PracticalMalwareAnalysisAndLabs (病毒分析入门，包含实验环境)

获取pcap包的网站有没有

Windows fatal exception: access violation why？

GnuTLS recv error (-110): The TLS connection was non-properly terminat

DirectShowPlayerService::doRender: Unresolved error code 0x80040266 ()

初级软考信息处理技术员英语词汇

reason worker failed to boot

Write a 5,000-word thesis on "Application of Sandbox Technology in Cybersecurity Engineering."

最新资源