0%

Book Description

Explore open-source Linux tools and advanced binary analysis techniques to analyze malware, identify vulnerabilities in code, and mitigate information security risks

Key Features

  • Adopt a methodological approach to binary ELF analysis on Linux
  • Learn how to disassemble binaries and understand disassembled code
  • Discover how and when to patch a malicious binary during analysis

Book Description

Binary analysis is the process of examining a binary program to determine information security actions. It is a complex, constantly evolving, and challenging topic that crosses over into several domains of information technology and security.

This binary analysis book is designed to help you get started with the basics, before gradually advancing to challenging topics. Using a recipe-based approach, this book guides you through building a lab of virtual machines and installing tools to analyze binaries effectively. You'll begin by learning about the IA32 and ELF32 as well as IA64 and ELF64 specifications. The book will then guide you in developing a methodology and exploring a variety of tools for Linux binary analysis. As you advance, you'll learn how to analyze malicious 32-bit and 64-bit binaries and identify vulnerabilities. You'll even examine obfuscation and anti-analysis techniques, analyze polymorphed malicious binaries, and get a high-level overview of dynamic taint analysis and binary instrumentation concepts.

By the end of the book, you'll have gained comprehensive insights into binary analysis concepts and have developed the foundational skills to confidently delve into the realm of binary analysis.

What you will learn

  • Traverse the IA32, IA64, and ELF specifications
  • Explore Linux tools to disassemble ELF binaries
  • Identify vulnerabilities in 32-bit and 64-bit binaries
  • Discover actionable solutions to overcome the limitations in analyzing ELF binaries
  • Interpret the output of Linux tools to identify security risks in binaries
  • Understand how dynamic taint analysis works

Who this book is for

This book is for anyone looking to learn how to dissect ELF binaries using open-source tools available in Linux. If you're a Linux system administrator or information security professional, you'll find this guide useful. Basic knowledge of Linux, familiarity with virtualization technologies and the working of network sockets, and experience in basic Python or Bash scripting will assist you with understanding the concepts in this book

Downloading the example code for this ebook: You can download the example code files for this ebook on GitHub at the following link: https://github.com/PacktPublishing/Binary-Analysis-Cookbook. If you require support please email: [email protected]

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Binary Analysis Cookbook
  3. Dedication
  4. About Packt
    1. Why subscribe?
  5. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Get in touch
      1. Reviews
  7. Setting Up the Lab
    1. Installing VirtualBox on Windows
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    2. Installing VirtualBox on Mac
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Installing VirtualBox on Ubuntu
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Installing a 32-bit Ubuntu 16.04 LTS Desktop virtual machine
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Installing a 64-bit Ubuntu 16.04 LTS Desktop virtual machine
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Installing the dependencies and the tools
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Installing the code examples
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    8. Installing the EDB Debugger
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    9. Taking a snapshot of the virtual machines
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  8. 32-bit Assembly on Linux and the ELF Specification
    1. Technical requirements
    2. Differences between Intel and AT&T syntax
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Introduction to the IA-32 registers
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Introducing common IA-32 instructions
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Making IA-32 system calls on Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Introducing the ELF 32-bit specification
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  9. 64-bit Assembly on Linux and the ELF Specification
    1. Technical requirements
    2. Introducing the IA64 registers
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Introducing common IA64 instructions
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Making IA64 system calls on Linux
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Introducing the ELF 64-bit specification
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  10. Creating a Binary Analysis Methodology
    1. Technical requirements
    2. Performing binary discovery
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Information gathering
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Static analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Iterating each step
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Automating methodology tasks
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    8. Adapting the methodology steps
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  11. Linux Tools for Binary Analysis
    1. Technical requirements
    2. Using file
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Using strings
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Using readelf
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Using nm
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Using objcopy
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Using objdump
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    8. Using ltrace and strace
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    9. Using data duplicator (dd)
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    10. Using the GNU Debugger (GDB)
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    11. Using Evan's Debugger (EDB)
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  12. Analyzing a Simple Bind Shell
    1. Technical requirements
    2. Performing discovery
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Gathering information
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Performing static analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Using ltrace and strace
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Using GDB for dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Finishing dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  13. Analyzing a Simple Reverse Shell
    1. Technical requirements
    2. Automating the initial phases
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Static analysis with objdump
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Editing the binary
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Using GDB TUI mode
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Continuing with dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Analyzing the execve system call
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  14. Identifying Vulnerabilities
    1. Technical requirements
    2. Automating the initial phases
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Extended static analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Identifying hard coded credentials with ltrace
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Identifying hard coded credentials with a debugger
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Validating a stack-based buffer overflow
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  15. Understanding Anti-Analysis Techniques
    1. Technical requirements
    2. Understanding signature detection
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Changing a binary's signature
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Confusing static analysis tools
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Encoding and decoding
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  16. A Simple Reverse Shell With Polymorphism
    1. Technical requirements
    2. Automating the initial phases
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Performing static analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Using EDB for dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Analyzing deobfuscation loops
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Wrapping up dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  17. Another Book You May Enjoy
    1. Leave a review - let other readers know what you think
3.215.186.30