Home > Computing and Information Technology > Computer security > Computer viruses, Trojans and worms > Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
39%
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

4.8       |  6 Reviews 
5
4
3
2
1

International Edition


Premium quality
Premium quality
Bookswagon upholds the quality by delivering untarnished books. Quality, services and satisfaction are everything for us!
Easy Return
Easy return
Not satisfied with this product! Keep it in original condition and packaging to avail easy return policy.
Certified product
Certified product
First impression is the last impression! Address the book’s certification page, ISBN, publisher’s name, copyright page and print quality.
Secure Checkout
Secure checkout
Security at its finest! Login, browse, purchase and pay, every step is safe and secured.
Money back guarantee
Money-back guarantee:
It’s all about customers! For any kind of bad experience with the product, get your actual amount back after returning the product.
On time delivery
On-time delivery
At your doorstep on time! Get this book delivered without any delay.
Quantity:
Add to Wishlist

About the Book

A computer forensics "how-to" for fighting malicious code and analyzing incidents With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers.

Table of Contents:
Introduction xv On The Book’s DVD xxiii 1 Anonymizing Your Activities 1 Recipe 1-1: Anonymous Web Browsing with Tor 3 Recipe 1-2: Wrapping Wget and Network Clients with Torsocks 5 Recipe 1-3: Multi-platform Tor-enabled Downloader in Python 7 Recipe 1-4: Forwarding Traffic through Open Proxies 12 Recipe 1-5: Using SSH Tunnels to Proxy Connections 16 Recipe 1-6: Privacy-enhanced Web browsing with Privoxy 18 Recipe 1-7: Anonymous Surfing with Anonymouse.org 20 Recipe 1-8: Internet Access through Cellular Networks 21 Recipe 1-9: Using VPNs with Anonymizer Universal 23 2 Honeypots 27 Recipe 2-1: Collecting Malware Samples with Nepenthes 29 Recipe 2-2: Real-Time Attack Monitoring with IRC Logging 32 Recipe 2-3: Accepting Nepenthes Submissions over HTTP with Python 34 Recipe 2-4: Collecting Malware Samples with Dionaea 37 Recipe 2-5: Accepting Dionaea Submissions over HTTP with Python 40 Recipe 2-6: Real-time Event Notification and Binary Sharing with XMPP 41 Recipe 2-7: Analyzing and Replaying Attacks Logged by Dionea 43 Recipe 2-8: Passive Identification of Remote Systems with p0f 44 Recipe 2-9: Graphing Dionaea Attack Patterns with SQLite and Gnuplot 46 3 Malware Classification 51 Recipe 3-1: Examining Existing ClamAV Signatures 52 Recipe 3-2: Creating a Custom ClamAV Database 54 Recipe 3-3: Converting ClamAV Signatures to YARA 59 Recipe 3-4: Identifying Packers with YARA and PEiD 61 Recipe 3-5: Detecting Malware Capabilities with YARA 63 Recipe 3-6: File Type Identification and Hashing in Python 68 Recipe 3-7: Writing a Multiple-AV Scanner in Python 70 Recipe 3-8: Detecting Malicious PE Files in Python 75 Recipe 3-9: Finding Similar Malware with ssdeep 79 Recipe 3-10: Detecting Self-modifying Code with ssdeep 82 Recipe 3-11: Comparing Binaries with IDA and BinDiff 83 4 Sandboxes and Multi-AV Scanners 89 Recipe 4-1: Scanning Files with VirusTotal 90 Recipe 4-2: Scanning Files with Jotti 92 Recipe 4-3: Scanning Files with NoVirusThanks 93 Recipe 4-4: Database-Enabled Multi-AV Uploader in Python 96 Recipe 4-5: Analyzing Malware with ThreatExpert 100 Recipe 4-6: Analyzing Malware with CWSandbox 102 Recipe 4-7: Analyzing Malware with Anubis 104 Recipe 4-8: Writing AutoIT Scripts for Joebox 105 Recipe 4-9: Defeating Path-dependent Malware with Joebox 107 Recipe 4-10: Defeating Process-dependent DLLs with Joebox 109 Recipe 4-11: Setting an Active HTTP Proxy with Joebox 111 Recipe 4-12: Scanning for Artifacts with Sandbox Results 112 5 Researching Domains and IP Addresses 119 Recipe 5-1: Researching Domains with WHOIS 120 Recipe 5-2: Resolving DNS Hostnames 125 Recipe 5-3: Obtaining IP WHOIS Records 129 Recipe 5-4: Querying Passive DNS with BFK 132 Recipe 5-5: Checking DNS Records with Robtex 133 Recipe 5-6: Performing a Reverse IP Search with DomainTools 134 Recipe 5-7: Initiating Zone Transfers with dig 135 Recipe 5-8: Brute-forcing Subdomains with dnsmap 137 Recipe 5-9: Mapping IP Addresses to ASNs via Shadowserver 138 Recipe 5-10: Checking IP Reputation with RBLs 140 Recipe 5-11: Detecting Fast Flux with Passive DNS and TTLs 143 Recipe 5-12: Tracking Fast Flux Domains 146 Recipe 5-13: Static Maps with Maxmind, matplotlib, and pygeoip 148 Recipe 5-14: Interactive Maps with Google Charts API 152 6 Documents, Shellcode, and URLs 155 Recipe 6-1: Analyzing JavaScript with Spidermonkey 156 Recipe 6-2: Automatically Decoding JavaScript with Jsunpack 159 Recipe 6-3: Optimizing Jsunpack-n Decodings for Speed and Completeness 162 Recipe 6-4: Triggering exploits by Emulating Browser DOM Elements 163 Recipe 6-5: Extracting JavaScript from PDF Files with pdfpy 168 Recipe 6-6: Triggering Exploits by Faking PDF Software Versions 172 Recipe 6-7: Leveraging Didier Stevens’s PDF Tools 175 Recipe 6-8: Determining which Vulnerabilities a PDF File Exploits 178 Recipe 6-9: Disassembling Shellcode with DiStorm 185 Recipe 6-10: Emulating Shellcode with Libemu 190 Recipe 6-11: Analyzing Microsoft Office Files with OfficeMalScanner 193 Recipe 6-12: Debugging Office Shellcode with DisView and MalHost-setup 200 Recipe 6-13: Extracting HTTP Files from Packet Captures with Jsunpack 204 Recipe 6-14: Graphing URL Relationships with Jsunpack 206 7 Malware Labs 211 Recipe 7-1: Routing TCP/IP Connections in Your Lab 215 Recipe 7-2: Capturing and Analyzing Network Traffic 217 Recipe 7-3: Simulating the Internet with INetSim 221 Recipe 7-4: Manipulating HTTP/HTTPS with Burp Suite 225 Recipe 7-5: Using Joe Stewart’s Truman 228 Recipe 7-6: Preserving Physical Systems with Deep Freeze 229 Recipe 7-7: Cloning and Imaging Disks with FOG 232 Recipe 7-8: Automating FOG Tasks with the MySQL Database 236 8 Automation 239 Recipe 8-1: Automated Malware Analysis with VirtualBox 242 Recipe 8-2: Working with VirtualBox Disk and Memory Images 248 Recipe 8-3: Automated Malware Analysis with VMware 250 Recipe 8-4: Capturing Packets with TShark via Python 254 Recipe 8-5: Collecting Network Logs with INetSim via Python 256 Recipe 8-6: Analyzing Memory Dumps with Volatility 258 Recipe 8-7: Putting all the Sandbox Pieces Together 260 Recipe 8-8: Automated Analysis with ZeroWine and QEMU 271 Recipe 8-9: Automated Analysis with Sandboxie and Buster 276 9 Dynamic Analysis 283 Recipe 9-1: Logging API calls with Process Monitor 286 Recipe 9-2: Change Detection with Regshot 288 Recipe 9-3: Receiving File System Change Notifications 290 Recipe 9-4: Receiving Registry Change Notifications 294 Recipe 9-5: Handle Table Diffing 295 Recipe 9-6: Exploring Code Injection with HandleDiff 300 Recipe 9-7: Watching BankpatchC Disable Windows File Protection 301 Recipe 9-8: Building an API Monitor with Microsoft Detours 304 Recipe 9-9: Following Child Processes with Your API Monitor 311 Recipe 9-10: Capturing Process, Thread, and Image Load Events 314 Recipe 9-11: Preventing Processes from Terminating 321 Recipe 9-12: Preventing Malware from Deleting Files 324 Recipe 9-13: Preventing Drivers from Loading 325 Recipe 9-14: Using the Data Preservation Module 327 Recipe 9-15: Creating a Custom Command Shell with ReactOS 330 10 Malware Forensics 337 Recipe 10-1: Discovering Alternate Data Streams with TSK 337 Recipe 10-2: Detecting Hidden Files and Directories with TSK 341 Recipe 10-3: Finding Hidden Registry Data with Microsoft’s Offline API 349 Recipe 10-4: Bypassing Poison Ivy’s Locked Files 355 Recipe 10-5: Bypassing Conficker’s File System ACL Restrictions 359 Recipe 10-6: Scanning for Rootkits with GMER 363 Recipe 10-7: Detecting HTML Injection by Inspecting IE’s DOM 367 Recipe 10-8: Registry Forensics with RegRipper Plug-ins 377 Recipe 10-9: Detecting Rogue-Installed PKI Certificates 384 Recipe 10-10: Examining Malware that Leaks Data into the Registry 388 11 Debugging Malware 395 Recipe 11-1: Opening and Attaching to Processes 396 Recipe 11-2: Configuring a JIT Debugger for Shellcode Analysis 398 Recipe 11-3: Getting Familiar with the Debugger GUI 400 Recipe 11-4: Exploring Process Memory and Resources 407 Recipe 11-5: Controlling Program Execution 410 Recipe 11-6: Setting and Catching Breakpoints 412 Recipe 11-7: Using Conditional Log Breakpoints 415 Recipe 11-8: Debugging with Python Scripts and PyCommands 418 Recipe 11-9: Detecting Shellcode in Binary Files 421 Recipe 11-10: Investigating Silentbanker’s API Hooks 426 Recipe 11-11: Manipulating Process Memory with WinAppDbg Tools 431 Recipe 11-12: Designing a Python API Monitor with WinAppDbg 433 12 De-Obfuscation 441 Recipe 12-1: Reversing XOR Algorithms in Python 441 Recipe 12-2: Detecting XOR Encoded Data with yaratize 446 Recipe 12-3: Decoding Base64 with Special Alphabets 448 Recipe 12-4: Isolating Encrypted Data in Packet Captures 452 Recipe 12-5: Finding Crypto with SnD Reverser Tool, FindCrypt, and Kanal 454 Recipe 12-6: Porting OpenSSL Symbols with Zynamics BinDiff 456 Recipe 12-7: Decrypting Data in Python with PyCrypto 458 Recipe 12-8: Finding OEP in Packed Malware 461 Recipe 12-9: Dumping Process Memory with LordPE 465 Recipe 12-10: Rebuilding Import Tables with ImpREC 467 Recipe 12-11: Cracking Domain Generation Algorithms 476 Recipe 12-12: Decoding Strings with x86emu and Python 481 13 Working with DLLs 487 Recipe 13-1: Enumerating DLL Exports 488 Recipe 13-2: Executing DLLs with rundll32exe 491 Recipe 13-3: Bypassing Host Process Restrictions 493 Recipe 13-4: Calling DLL Exports Remotely with rundll32ex 495 Recipe 13-5: Debugging DLLs with LOADDLLEXE 499 Recipe 13-6: Catching Breakpoints on DLL Entry Points 501 Recipe 13-7: Executing DLLs as a Windows Service 502 Recipe 13-8: Converting DLLs to Standalone Executables 507 14 Kernel Debugging 511 Recipe 14-1: Local Debugging with LiveKd 513 Recipe 14-2: Enabling the Kernel’s Debug Boot Switch 514 Recipe 14-3: Debug a VMware Workstation Guest (on Windows) 517 Recipe 14-4: Debug a Parallels Guest (on Mac OS X) 519 Recipe 14-5: Introduction to WinDbg Commands And Controls 521 Recipe 14-6: Exploring Processes and Process Contexts 528 Recipe 14-7: Exploring Kernel Memory 534 Recipe 14-8: Catching Breakpoints on Driver Load 540 Recipe 14-9: Unpacking Drivers to OEP 548 Recipe 14-10: Dumping and Rebuilding Drivers 555 Recipe 14-11: Detecting Rootkits with WinDbg Scripts 561 Recipe 14-12: Kernel Debugging with IDA Pro 566 15 Memory Forensics with Volatility 571 Recipe 15-1: Dumping Memory with MoonSols Windows Memory Toolkit 572 Recipe 15-2: Remote, Read-only Memory Acquisition with F-Response 575 Recipe 15-3: Accessing Virtual Machine Memory Files 576 Recipe 15-4: Volatility in a Nutshell 578 Recipe 15-5: Investigating processes in Memory Dumps 581 Recipe 15-6: Detecting DKOM Attacks with psscan 588 Recipe 15-7: Exploring csrssexe’s Alternate Process Listings 591 Recipe 15-8: Recognizing Process Context Tricks 593 16 Memory Forensics: Code Injection and Extraction 601 Recipe 16-1: Hunting Suspicious Loaded DLLs 603 Recipe 16-2: Detecting Unlinked DLLs with ldr_modules 605 Recipe 16-3: Exploring Virtual Address Descriptors (VAD) 610 Recipe 16-4: Translating Page Protections 614 Recipe 16-5: Finding Artifacts in Process Memory 617 Recipe 16-6: Identifying Injected Code with Malfind and YARA 619 Recipe 16-7: Rebuilding Executable Images from Memory 627 Recipe 16-8: Scanning for Imported Functions with impscan 629 Recipe 16-9: Dumping Suspicious Kernel Modules 633 17 Memory Forensics: Rootkits 637 Recipe 17-1: Detecting IAT Hooks 637 Recipe 17-2: Detecting EAT Hooks 639 Recipe 17-3: Detecting Inline API Hooks 641 Recipe 17-4: Detecting Interrupt Descriptor Table (IDT) Hooks 644 Recipe 17-5: Detecting Driver IRP Hooks 646 Recipe 17-6: Detecting SSDT Hooks 650 Recipe 17-7: Automating Damn Near Everything with ssdt_ex 654 Recipe 17-8: Finding Rootkits with Detached Kernel Threads 655 Recipe 17-9: Identifying System-Wide Notification Routines 658 Recipe 17-10: Locating Rogue Service Processes with svcscan 661 Recipe 17-11: Scanning for Mutex Objects with mutantscan 669 18 Memory Forensics: Network and Registry 673 Recipe 18-1: Exploring Socket and Connection Objects 673 Recipe 18-2: Analyzing Network Artifacts Left by Zeus 678 Recipe 18-3: Detecting Attempts to Hide TCP/IP Activity 680 Recipe 18-4: Detecting Raw Sockets and Promiscuous NICs 682 Recipe 18-5: Analyzing Registry Artifacts with Memory Registry Tools 685 Recipe 18-6: Sorting Keys by Last Written Timestamp 689 Recipe 18-7: Using Volatility with RegRipper 692 Index 695


Best Sellers


Product Details
  • ISBN-13: 9780470613030
  • Publisher: John Wiley & Sons Inc
  • Publisher Imprint: John Wiley & Sons Inc
  • Depth: 44
  • Height: 234 mm
  • No of Pages: 752
  • Series Title: English
  • Sub Title: Tools and Techniques for Fighting Malicious Code
  • Width: 185 mm
  • ISBN-10: 0470613033
  • Publisher Date: 27 Oct 2010
  • Binding: SF
  • Edition: PAP/DVDR
  • Language: English
  • Returnable: N
  • Spine Width: 38 mm
  • Weight: 1225 gr


Similar Products

How would you rate your experience shopping for books on Bookswagon?

Add Photo
Add Photo

Customer Reviews

4.8       |  6 Reviews 
out of (%) reviewers recommend this product
Top Reviews
Rating Snapshot
Select a row below to filter reviews.
5
4
3
2
1
Average Customer Ratings
4.8       |  6 Reviews 
00 of 0 Reviews
Sort by :
Active Filters

00 of 0 Reviews
SEARCH RESULTS
1–2 of 2 Reviews
    BoxerLover2 - 5 Days ago
    A Thrilling But Totally Believable Murder Mystery

    Read this in one evening. I had planned to do other things with my day, but it was impossible to put down. Every time I tried, I was drawn back to it in less than 5 minutes. I sobbed my eyes out the entire last 100 pages. Highly recommend!

    BoxerLover2 - 5 Days ago
    A Thrilling But Totally Believable Murder Mystery

    Read this in one evening. I had planned to do other things with my day, but it was impossible to put down. Every time I tried, I was drawn back to it in less than 5 minutes. I sobbed my eyes out the entire last 100 pages. Highly recommend!


Sample text
Photo of
    Media Viewer

    Sample text
    Reviews
    Reader Type:
    BoxerLover2
    00 of 0 review

    Your review was submitted!
    Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
    John Wiley & Sons Inc -
    Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
    Writing guidlines
    We want to publish your review, so please:
    • keep your review on the product. Review's that defame author's character will be rejected.
    • Keep your review focused on the product.
    • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
    • Refrain from mentioning competitors or the specific price you paid for the product.
    • Do not include any personally identifiable information, such as full names.

    Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

    Required fields are marked with *

    Review Title*
    Review
      Add Photo Add up to 6 photos
      Would you recommend this product to a friend?
      Tag this Book
      Read more
      Does your review contain spoilers?
      What type of reader best describes you?
      I agree to the terms & conditions
      You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

      CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

      These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


      By submitting any content to Bookswagon, you guarantee that:
      • You are the sole author and owner of the intellectual property rights in the content;
      • All "moral rights" that you may have in such content have been voluntarily waived by you;
      • All content that you post is accurate;
      • You are at least 13 years old;
      • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
      You further agree that you may not submit any content:
      • That is known by you to be false, inaccurate or misleading;
      • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
      • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
      • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
      • For which you were compensated or granted any consideration by any unapproved third party;
      • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
      • That contains any computer viruses, worms or other potentially damaging computer programs or files.
      You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


      For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


      All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

      Accept

      New Arrivals


      Inspired by your browsing history


      Your review has been submitted!

      You've already reviewed this product!
      ASK VIDYA