This is the code repository for Mastering Malware Analysis - Second Edition, published by Packt.
A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks
New and developing technologies inevitably bring new types of malware with them, creating a huge demand for IT professionals that can keep malware at bay. With the help of this updated second edition of Mastering Malware Analysis, you’ll be able to add valuable reverse-engineering skills to your CV and learn how to protect organizations in the most efficient way.
This book covers the following exciting features:
- Explore assembly languages to strengthen your reverse-engineering skills
- Master various file formats and relevant APIs used by attackers
- Discover attack vectors and start handling IT, OT, and IoT malware
- Understand how to analyze samples for x86 and various RISC architectures
- Perform static and dynamic analysis of files of various types
- Get to grips with handling sophisticated malware cases
- Understand real advanced attacks, covering all their stages
- Focus on how to bypass anti-reverse-engineering techniques
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter04.
The code will look like the following:
push Arg02
push Arg01
call Func01
Following is what you need for this book: If you are a malware researcher, forensic analyst, IT security administrator, or anyone looking to secure against malicious software or investigate malicious code, this book is for you. This new edition is suited to all levels of knowledge, including complete beginners. Any prior exposure to programming or cybersecurity will further help to speed up your learning process.
With the following software and hardware list you can run all code files present in the book (Chapter04).
| Chapter | Software required | OS required |
|---|---|---|
| 1-13 | OllyDbg | Windows |
| 1-13 | x64dbg | Windows |
| 1-13 | IDA | Windows, Mac OS X, and Linux (Any) |
| 1-13 | Ghidra | Windows, Mac OS X, and Linux (Any) |
| 1-13 | PEid | Windows |
| 1-13 | Detect It Easy | Windows, Mac OS X, and Linux (Any) |
| 1-13 | dnSpy | Windows |
| 1-13 | Volatility | Windows, Mac OS X, and Linux (Any) |
| 1-13 | WinDbg | Windows |
| 1-13 | Malzilla | Windows |
| 1-13 | oletools | Windows, Mac OS X, and Linux (Any) |
| 1-13 | PDFStreamDumper | Windows, Mac OS X, and Linux (Any) |
| 1-13 | VB Decompiler | Windows, Mac OS X, and Linux (Any) |
| 1-13 | Krakatau | Windows, Mac OS X, and Linux (Any) |
| 1-13 | Procyon | Windows, Mac OS X, and Linux (Any) |
| 1-13 | uncompyle6 | Windows, Mac OS X, and Linux (Any) |
| 1-13 | radare2 | Windows, Mac OS X, and Linux (Any) |
| 1-13 | QEMU | Windows, Mac OS X, and Linux (Any) |
| 1-13 | adb | Windows, Mac OS X, and Linux (Any) |
| 1-13 | apktool | Windows, Mac OS X, and Linux (Any) |
| 1-13 | JADX | Windows, Mac OS X, and Linux (Any) |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
- Page 11 (Paragraph 1, line 8): "A combination of TTPs related to a particular industry secto" should be "A combination of TTPs related to a particular industry sector"
Alexey Kleymenov started working in the information security industry in his second year at university and now has more than 14 years of practical experience at several international cybersecurity companies. He is a malware analyst and software developer who is passionate about reverse engineering, automation, and research. Alexey has taken part in numerous investigations analyzing all types of malicious samples, has developed various systems to perform threat intelligence activities in the IT, OT, and IoT sectors, and has authored several patents. Alexey is a member of the (ISC)² organization and holds the CISSP certification. Finally, he is a founder of the RE and More project, teaching people all over the world how to perform malware analysis in the most efficient way.
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience. He has worked in several Fortune 500 companies, including Symantec and Tenable. Currently, he is the founder of MalTrak, providing real-world in-depth training in malware analysis, incident response, threat hunting, and red teaming to help the next generation of cybersecurity enthusiasts to build their careers in cybersecurity. Amr is also a speaker and trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.