This is the code repository for Mastering Malware Analysis, published by Packt.
The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks
With the ever-growing proliferation of technology, the risk of encountering malicious code or malware has also increased. Malware analysis has become one of the most trending topics in businesses in recent years due to multiple prominent ransomware attacks. Mastering Malware Analysis explains the universal patterns behind different malicious software types and how to analyze them using a variety of approaches. You will learn how to examine malware code and determine the damage it can possibly cause to your systems to ensure that it won't propagate any further. Moving forward, you will cover all aspects of malware analysis for the Windows platform in detail. Next, you will get to grips with obfuscation and anti-disassembly, anti-debugging, as well as anti-virtual machine techniques. This book will help you deal with modern cross-platform malware. Throughout the course of this book, you will explore real-world examples of static and dynamic malware analysis, unpacking and decrypting, and rootkit detection. Finally, this book will help you strengthen your defenses and prevent malware breaches for IoT devices and mobile platforms. By the end of this book, you will have learned to effectively analyze, investigate, and build innovative solutions to handle any malware incidents.
This book covers the following exciting features:
- Explore widely used assembly languages to strengthen your reverse-engineering skills
- Master different executable file formats, programming languages, and relevant APIs used by attackers
- Perform static and dynamic analysis for multiple platforms and file types
- Get to grips with handling sophisticated malware cases
- Understand real advanced attacks, covering all stages from infiltration to hacking the system
- Learn to bypass anti-reverse engineering techniques
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
mov qword ptr [rsp+8],rcx
mov qword ptr [rsp+10h],rdx
mov qword ptr [rsp+18h],r8
mov qword ptr [rsp+20h],r9
pushfq
sub rsp,30h
cli
mov rcx,qword ptr gs:[20h]
add rcx,120h
call nt!RtlCaptureContext
Following is what you need for this book: If you are an IT security administrator, forensic analyst, or malware researcher looking to secure against malicious software or investigate malicious code, this book is for you. Prior programming experience and a fair understanding of malware attacks and investigation is expected.
With the following software and hardware list you can run all code files present in the book (Chapter 1-12).
| Chapter | Software required | OS required |
|---|---|---|
| 1-12 | OllyDbg 2.01, IDA 7.0, radare2 3.4.1, Ghidra 9.0.2, x64dbg snapshot_2019-04-22_11-53 , WinDbg 6.12.0002.633, dnSpy 6.0.4, PEiD 0.95, PETools 1.5.400, CFF Explorer VIII (part of Explorer Suite III), Immunity Debugger 1.85, XORSearch 1.11.2, Yara 3.9.0, Wireshark 3.0.1, Autoruns 13.94, Volatility 2.6.1, shellcode2exe, oletools 0.54, pdf-parser 0.7.1, PDFStreamDumper 0.9.624, VB Decompiler Lite 11.1, P32Dasm 2.8, Krakatau latest, Procyon 0.5.34, uncompyle6 3.3.1, Visual Studio 2019, Microsoft Office 365, Google Chrome 73.0, Mozilla Firefox 60.6.1, Malzilla 1.2.0, QEMU 3.1.0, GDB 8.2.1, 7-Zip 19.00, Cydia Impactor 0.9.51, Terminal Emulator 1.0.70, baksmali 2.2.7, apktool 2.4.0, JADX 0.9.0, adb (part of Android Studio 3.4) | Windows XP+, 32-bit, Cross-platform, Windows 7+ 64-bit |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Alexey Kleymenov started working in the information security industry in his second year at university, and now has more than 10 years of practical experience at three international antivirus companies. He is an IT engineer with a strong security background and is passionate about reverse engineering, prototyping, process automation, and research. Alexey has taken part in numerous e-crime and targeted attack-related investigations, has worked on several projects that involved building machine learning classifiers to detect various types of attacks, and has developed several applications that extend the visibility of modern threats in the IoT domain. Alexey is also a member of the (ISC)² organization and holds the CISSP certification.
Amr Thabet is a former malware researcher at Symantec and the founder of MalTrak (maltrak.com). Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
Prior to that, he struggled to get into the field as he was a mechanical engineer graduate. he didn't have the budget to afford expensive certificates to prove his skills. And because of that, after his successes, he decided to be the inspiring voice to all enthusiasts starting in malware analysis. he helps students all around the world to build their expertise and most importantly, their irresistible resume to land their next malware analysis job.
Click here if you have any feedback or suggestions.
If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.