Introduction
This book is a labor of love. I hope that it adds value to your endeavor of becoming the best malware researcher that you can be.
Why This Book
This book was written to be an essential resource when it comes to malware analysis. It is presented in an easy-to-read and easy-to-understand format to allow novice malware analysts to ease into each topic without overwhelming them and to give more seasoned malware analysts a chance to review the concepts before getting into the nitty-gritty details of malware analysis. The book is also rich in practical and easy-to-follow tutorials so each topic learned can be applied immediately in a real-world scenario.
Who Should Read This Book
This book was written for self-guided IT professionals who are responsible for securing enterprise networks and systems and those who tackle malware on a regular basis; security professionals, malware analysts, and researchers who want to advance their skills in malware analysis; students who are taking technology courses and want to learn how to analyze malware; and anyone who has the patience and perseverance to educate themselves about malware analysis.
What This Book Covers
This book covers different malware concepts and the technologies these malicious software use to achieve their directive. The book then discusses how to hunt down and collect malware samples from different sources. Once malware samples are on hand, the book then shows how to set up your malware analysis lab, which ultimately leads to malware analysis by using the right set of tools the right way.
How to Use This Book
This book can be read from cover to cover. This will give you the most benefit because the book is written in such a way that the succeeding chapters build on top of the previous chapters. But this does not mean that this is the only way to read this book. Although the chapters are interrelated, they can be read separately without reading the previous or next one and still have the chapter’s main idea and concept understood. Each chapter can stand on its own independently but also enjoys interdependency with the other chapters. Therefore, if you are already familiar with a specific chapter’s subject matter, you can skip that chapter without sacrificing the book’s continuity. And since the chapters are independent of each other, this book can be used as an excellent reference for malware analysis.
How This Book Is Organized
This book consists of 13 chapters and three appendixes divided into four parts.
Part I: Malware Blueprint
Part II: Malware Research Lab
Part III: Malware Inspection
Part IV: Appendixes
Part I: Malware Blueprint
Part I discusses the different malware concepts and the technologies malware uses to achieve its goal. It consists of five chapters.
Chapter 1: Malware Analysis 101
Chapter 2: Malware Taxonomy
Chapter 3: Malware Deployment
Chapter 4: Protective Mechanisms
Chapter 5: Malware Dependencies
Chapter 1 is an introduction to malware analysis. It discusses what malware analysis is and how important it is to have as a skill in the fight against malware proliferation.
Chapter 2 discusses the different types of malware and how they are categorized. It shows the different ways malware can be clustered together and how each clustering method can be advantageous to researchers.
Chapter 3 shows how attackers deploy malware. It presents the different technologies that are used or abused by attackers to have their malware reach their target entity.
Chapter 4 discusses how malware protects itself from security products and the prying eyes of malware analysts and researchers. Different malware protective mechanisms are discussed to give you an understanding of how each one works and how to beat them.
Chapter 5 discusses the different things that malware depends on to operate or function properly. You will learn that malware, like any other software, has dependencies that are vital for their operation. This chapter gives you an idea of how to stop malware by simply removing or messing around with one of their dependencies.
Part II: Malware Research Lab
Part II is all about setting up the lab for malware analysis. It consists of three chapters.
Chapter 6: Malware Collection
Chapter 7: Static Analysis Lab
Chapter 8: Dynamic Analysis Lab
Chapter 6 discusses how to collect malware from different sources and how to set up an automated system for malware collection.
Chapter 7 teaches you how to set up a fully functioning and effective static analysis lab.
Chapter 8 teaches you how to set up a fully functioning and effective dynamic analysis lab.
Part III: Malware Inspection
Part III delves into the nitty-gritty details of the malware. It consists of five chapters.
Chapter 9: The Portable Executable File
Chapter 10: The Proper Way to Handle Files
Chapter 11: Inspecting Static Malware
Chapter 12: Inspecting Dynamic Malware
Chapter 13: Tools of the Trade
Chapter 9 introduces you to the Portable Executable (PE) file. It discusses the format of the PE file and goes into detail about what makes the PE file what it is.
Chapter 10 educates you on how to properly and correctly handle files, especially those that are deemed malicious and suspicious. In this chapter, techniques are introduced to make sure that no unwanted infections will happen during the course of malware analysis.
Chapter 11 discusses the different techniques and tools used to analyze malware while it is at rest.
Chapter 12 discusses the different techniques and tools used to analyze malware while it is running on a target system.
Chapter 13 discusses the different tools that malware analysts and researchers use to effectively analyze malware. In this chapter, different tool combinations are used to solve the most common use cases that analysts and researchers face on a regular basis.
Part IV: Appendixes
Appendix A: Tools List
Appendix B: List of Laboratories
Appendix C: Volatility Framework Basic Plug-ins
Appendix A contains a list of all the tools that are used in this book.
Appendix B contains a list of all the laboratories in this book.
Appendix C contains a list of Volatility Framework basic plug-ins.