Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Downloads:9984
- Type:Epub+TxT+PDF+Mobi
- Create Date:2022-01-11 06:53:18
- Update Date:2025-09-06
- Status:finish
- Author:Michael Sikorski
- ISBN:1593272901
- Environment:PC/Android/iPhone/iPad/Kindle
- Download
Summary
Malware analysis is big business, and attacks can cost a company dearly。 When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring。
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts。 With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way。
You'll learn how to:
Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it。 You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back。
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals。 Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis。
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts。 With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way。
You'll learn how to:
Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it。 You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back。
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals。 Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis。
Reviews
Kyle
,
You will have to be comfortable with C and Assembly to some degree。 If not, you should be willing to learn it。 PMA is the quintessential book for learning how to understand malware at the lowest level。 It is often referred to as the "Malware Bible" by some circles for this reason。If your goal is to understand, experiment with, or direct real malware; then this is the book for you! You will have to be comfortable with C and Assembly to some degree。 If not, you should be willing to learn it。 PMA is the quintessential book for learning how to understand malware at the lowest level。 It is often referred to as the "Malware Bible" by some circles for this reason。If your goal is to understand, experiment with, or direct real malware; then this is the book for you! 。。。more
Sveatoslav Persianov
,
It is a must read for those who want to get into malware analysis。 Some of the samples described in the book are very old, however the principles of reversing/analysis still apply。
Raja R
,
very helpful ! spending some quality time reverse engineering
Trisha Ganesh
,
This book was extremely informative。 I'm yearning to read more books relating to Malware Analysis。 This book was extremely informative。 I'm yearning to read more books relating to Malware Analysis。 。。。more
Scott Holstad
,
Very solid。
Meredith
,
RTFM。 This is canon M。
Jaynie Shorb
,
A lot of the book shows its age, but it is packed with very useful informationThe attack examples were useful。 A lot of information about Windows and the analysis techniques used to examine the malware。
Dudley Grant
,
Excellent and example-driven。
Erik Moore
,
While outdated in terms of the labs and operating system, there is no better text for introducing malware analysis to the uninitiated。 The authors dive in with you, carefully unfolding each layer of investigation, building on knowledge rapidly, and providing enabling outcomes that build confidence。 The span of coverage from entropy analysis and disassembly analysis to Internet simulation and kernel debugging, allow the reader to develop a workable toolset。 The move to RegEx and profile developme While outdated in terms of the labs and operating system, there is no better text for introducing malware analysis to the uninitiated。 The authors dive in with you, carefully unfolding each layer of investigation, building on knowledge rapidly, and providing enabling outcomes that build confidence。 The span of coverage from entropy analysis and disassembly analysis to Internet simulation and kernel debugging, allow the reader to develop a workable toolset。 The move to RegEx and profile development make possible precision responses to custom maleware that can slip through even many of the current generation of automated defenses。Once you've read this book, consider moving to decompiling at least for initial work, and take advantage of newer sandboxing methods for pre-work。 Also, realize that operating systems have evolved and one should be considering recent evolution in OS caching and stack modifications。With this book now a seminal work, Sikorski and Honig leave the community heavily in their debt。 。。。more
Freddie Barr-Smith
,
Very, very good, the standard introductory text for people getting into malware analysis。
Tim
,
amazing
Beby
,
malware
Sasha
,
Took Michael Sikorski's class on malware analysis。 This book perfectly complements the course (surprise!)。 It lays out the material in a very logical and clear way, with a heavy emphasis on practice rather than theory。 That's not to say it skimps on explanations of the inner workings of the malware, it just approaches everything from a very practical standpoint。 (Again, big shocker, given the title。) The book is sectioned in order of how one would actually go about performing malware analysis: - Took Michael Sikorski's class on malware analysis。 This book perfectly complements the course (surprise!)。 It lays out the material in a very logical and clear way, with a heavy emphasis on practice rather than theory。 That's not to say it skimps on explanations of the inner workings of the malware, it just approaches everything from a very practical standpoint。 (Again, big shocker, given the title。) The book is sectioned in order of how one would actually go about performing malware analysis: - Basic Static Analysis (using various tools on the malware to gather info about it without actually examining its internals or running it)- Basic Dynamic Analysis (running the malware, using tools to gather info)- Advanced Static (examining internals in a disassembler, i。e。 using IDA Pro (a。k。a the Greatest Piece of Software On Earth))- Advanced Dynamic (running the malware in a debugger, i。e。 using OllyDbg (a。k。a。 the Second Greatest Piece of Software On Earth))- Malware Functionality (general overview of malware behavior, various types of injection, encryption/obfuscation, network signatures, etc)- Anti-reversing (discussion of what the malware writer can do to prevent the malware from being analyzed, including anti-disassembly, anti-debugging, anti-VM, anti-All The Things, packing, etc)- Special Topics (shellcode, c++, etc)Great class, great book, learned a ton, got a crappy grade because I turned in all the assignments late。 (Don't start the assignments the night before they're due。 Big mistake。)P。S。 The only downside is that this book is only for Windows XP。 Considering I'm a Mac person all the way, I wish there'd been some discussion of the malware written for Macs and how it differs from the Windows XP malware, but alas, it's still a fantastic intro to malware analysis in general。 The theory is probably that once you know how to do it, you'll have the tools to extrapolate to other operating systems。P。P。S。 Sort of loving the cover, with the malware as the cute alien about to get skewered。 。。。more
Hugh Smalley
,
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts。 With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way。 Malware analysis is big business, and attacks can cost a company dearly。 When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring。 For those who w For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts。 With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way。 Malware analysis is big business, and attacks can cost a company dearly。 When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring。 For those who want to stay ahead of the latest malware, *Practical Malware Analysis* will teach you the tools and techniques used by professional analysts。 With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way。 You'll learn how to: Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it。 You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back。 Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals。 Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in *Practical Malware Analysis*。 。。。more
Jon
,
I used this book for a malware analysis class and I really enjoyed it。 The content is presented in a clear manner and is kept interesting throughout。 It even managed to teach me the basics of assembly language。 The "secret sauce" of this book, however, is the lab projects。 You can download from their website files that you then analyze following the guidance in lab section present in most chapters。 At the end of the book there are quick answers as well as a longer and more detailed explanation f I used this book for a malware analysis class and I really enjoyed it。 The content is presented in a clear manner and is kept interesting throughout。 It even managed to teach me the basics of assembly language。 The "secret sauce" of this book, however, is the lab projects。 You can download from their website files that you then analyze following the guidance in lab section present in most chapters。 At the end of the book there are quick answers as well as a longer and more detailed explanation for how to get to the answers。 This hands-on learning method was my favorite part of the book。Note: in order to do the labs you need a virtual machine and should have an image of an older version of Windows (such as XP or Server 2008)。 。。。more
Graziano Misuraca
,
Fanstatic。 Every lab is worth doing。
sine
,
Actually, this book does not only teach you how to stick with malware, but also a lot of reverse engineering stuffs and tricks, required in any RCE projects。 Very clear explanation, after reading the book and finishing all the exams, it was quite easy to dissect real malware with a broad complexity, for example FinFisher。
Bintnoor
,
Best book explains the malware in clear and excellent manner
Takedown
,
Written by Mandiant experts, this is THE BOOK to read if you interested in malware analysis and reverse engineering。 Practical, concise and easy to read, it assumes no prior knowledge and will get you started even if you are a complete beginner。
عَبدُالكَرِيمْ
,
A must read。 You defiantly want to read this book if you want to enter the reverse engineering world。
Wolfgang Barthel
,
One of the best all in one books about malware and reverse engineering in that section!
Dgg32
,
One of the few book about the reverse engineering of malware。 The scarcity alone makes the book worth reading。
Courtney
,