Электронная библиотека Финансового университета

     
?

Детальная информация
Карточка Таблица RUSMARC

Barker, Dylan. Malware Analysis Techniques: Tricks for the Triage of Adversarial Software. — 1 online resource (282 pages) — <URL:http://elib.fa.ru/ebsco/2937321.pdf>.

Дата создания записи: 19.06.2021

Тематика: Malware (Computer software); Computer security.; Computer Security; Logiciels malveillants.; Sécurité informatique.; Computer security.; Malware (Computer software)

Коллекции: EBSCO

Разрешенные действия:

Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети

Группа: Анонимные пользователи

Сеть: Интернет

Права на использование объекта хранения

Место доступа Группа пользователей Действие
Локальная сеть Финуниверситета Все Прочитать Печать Загрузить
Интернет Читатели Прочитать Печать
-> Интернет Анонимные пользователи

Оглавление

  • Cover
  • Copyright
  • Contributors
  • Table of Contents
  • Preface
  • Section 1: Basic Techniques
  • Chapter 1: Creating and Maintaining your Detonation Environment
    • Technical requirements
    • Setting up VirtualBox with Windows 10
      • Downloading and verifying VirtualBox
      • Installing Windows 10
    • Installing the FLARE VM package
    • Isolating your environment
    • Maintenance and snapshotting
    • Summary
  • Chapter 2: Static Analysis – Techniques and Tooling
    • Technical requirements
    • The basics – hashing
      • Hashing algorithms
      • Obtaining file hashes
    • Avoiding rediscovery of the wheel
      • Leveraging VirusTotal
    • Getting fuzzy
    • Picking up the pieces
      • Malware serotyping
      • Collecting strings
    • Challenges
      • Challenge 1
      • Challenge 2
    • Summary
    • Further reading
  • Chapter 3: Dynamic Analysis – Techniques and Tooling
    • Technical requirements
    • Detonating your malware
      • Monitoring for processes
      • Network IOC collection
    • Discovering enumeration by the enemy
      • Domain checks
      • System enumeration
      • Network enumeration
    • Case study – Dharma
    • Discovering persistence mechanisms
      • Run keys
      • Scheduled tasks
      • Malicious shortcuts and start up folders
      • Service installation
      • Uncovering common techniques
      • Final word on persistence
    • Using PowerShell for triage
    • Persistence identification
      • Registry keys
      • Service installation
      • Scheduled tasks
      • Less common persistence mechanisms
    • Checking user logons
    • Locating secondary stages
    • Examining NTFS (NT File System) alternate data streams
    • Challenge
    • Summary
  • Chapter 4: A Word on Automated Sandboxing
    • Technical requirements
    • Using HybridAnalysis
    • Using Any.Run
    • Installing and using Cuckoo Sandbox
      • Cuckoo installation – prerequisites
      • Installing VirtualBox
      • Cuckoo and VMCloak
      • Defining our VM
      • Configuring Cuckoo
      • Network configuration
      • Cuckoo web UI
      • Running your first analysis in Cuckoo
    • Shortcomings of automated analysis tools
    • Challenge
    • Summary
  • Section 2: Debugging and Anti-Analysis – Going Deep
  • Chapter 5: Advanced Static Analysis – Out of the White Noise
    • Technical requirements
    • Dissecting the PE file format
      • The DOS header
      • PE file header
      • Optional header
      • Section table
      • The Import Address Table
    • Examining packed files and packers
      • Detecting packers
      • Unpacking samples
    • Utilizing NSA's Ghidra for static analysis
      • Setting up a project in Ghidra
    • Challenge
    • Summary
    • Further reading
  • Chapter 6: Advanced Dynamic Analysis – Looking at Explosions
    • Technical requirements
    • Monitoring malicious processes
      • Regshot
      • Process Explorer
      • Process Monitor
      • Getting away with it
    • Network-based deception
      • FakeNet-NG
      • ApateDNS
    • Hiding in plain sight
      • Types of process injection
      • Detecting process injection
    • Case study – TrickBot
    • Challenge
    • Summary
  • Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
    • Technical requirements
    • Leveraging API calls to understand malicious capabilities
      • x86 assembly primer
    • Identifying anti-analysis techniques
      • Examining binaries in Ghidra for anti-analysis techniques
      • Other analysis checks
    • Tackling packed samples
      • Recognizing packed malware
      • Manually unpacking malware
    • Challenge
    • Summary
  • Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube
    • Technical requirements
    • Identifying obfuscation techniques
      • String encoding
      • String concatenation
      • String replacement
      • Other methodologies
    • Deobfuscating malicious VBS scripts
      • Utilizing VbsEdit
      • Using WScript.Echo
    • Deobfuscating malicious PowerShell scripts
      • Compression
      • Other methods within PowerShell
      • Emotet obfuscation
    • A word on obfuscation and de-obfuscation tools
      • Invoke-Obfuscation and PSDecode
      • JavaScript obfuscation and JSDetox
      • Other languages
    • Challenges
    • Summary
  • Section 3: Reporting and Weaponizing Your Findings
  • Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense
    • Technical requirements
    • Hashing prevention
      • Blocking hash execution with Group Policy
      • Other methodologies
    • Behavioral prevention
      • Binary and shell-based blocking
      • Network-based behaviors
    • Network IOCs – blocking at the perimeter
    • Common tooling for IOC-based blocking
    • Challenge
    • Summary
  • Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK
    • Technical requirements
    • Understanding MITRE's ATT&CK framework
      • Tactics – building a kill chain
    • Case study: Andromeda
      • Initial access
      • Execution
      • Persistence
      • Defense evasion
      • Command and Control
    • Utilizing MITRE ATT&CK for C-level reporting
      • Reporting considerations
    • Challenge
    • Summary
    • Further reading
  • Section 4: Challenge Solutions
  • Chapter 11: Challenge Solutions
    • Chapter 2 – Static Analysis – Techniques and Tooling
      • Challenge 1
      • Challenge 2
    • Chapter 3 – Dynamic Analysis – Techniques and Tooling
    • Chapter 4 – A Word on Automated Sandboxing
    • Chapter 5 – Advanced Static Analysis – Out of the White Noise
    • Chapter 6 – Advanced Dynamic Analysis – Looking at Explosions
    • Chapter 7 – Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
    • Chapter 8 – De-Obfuscating Malicious Scripts – Putting the Toothpaste Back in the Tube
    • Chapter 9 – The Reverse Card – Weaponization of IOCs and OSINT for Defense
    • Chapter 10 – Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK
    • Summary
  • Other Books You May Enjoy
  • Index

Статистика использования

stat Количество обращений: 0
За последние 30 дней: 0
Подробная статистика