APPENDIX
B
List of Laboratories
Throughout the book, there are labs that are designed to help you in your quest to analyze malware. This appendix lists all the laboratories contained in the book.
LAB 7-1: Extracting and Copying Drivers to the Windows 7 Installation Media
LAB 7-2: Creating a Bootable USB Stick Windows 7 Installer
LAB 7-3: Creating a Bootable USB Stick Windows 7 Installer Using the Windows 7 USB/DVD Download Tool
LAB 7-4: Protecting Firefox Using Built-in Options
LAB 7-5: Protecting Firefox Using Add-ons and Plug-ins
LAB 7-6: Creating a Virtualized Ubuntu Desktop Using VMware Player
LAB 7-7: Creating a Virtualized Ubuntu Desktop Using VirtualBox
LAB 8-1: Installing VMware Player in Ubuntu
LAB 8-2: Uninstalling VMware Player in Ubuntu
LAB 8-3: Installing VirtualBox in Ubuntu
LAB 8-4: Uninstalling VirtualBox in Ubuntu
LAB 8-5: Disabling Automatic Updates in Windows 7
LAB 8-6: Disabling User Account Control in Windows 7
LAB 8-7: Making Internet Explorer Malware Friendly
LAB 8-8: Making Mozilla Firefox Malware Friendly
LAB 8-9: Making Google Chrome Malware Friendly
LAB 8-10: Making Microsoft Office Malware Friendly
LAB 8-11: Making Adobe Reader Malware Friendly
LAB 8-12: Setting a Non-persistent Image in VirtualBox
LAB 8-13: Setting a Non-persistent Image in VirtualBox Using the Command Line
LAB 8-14: Creating a Non-persistent Bare-Metal System Using Deep Freeze Standard
LAB 8-15: Creating a Clonezilla Live in USB Flash Drive
LAB 8-16: Backing Up a Partition Using Clonezilla Live
LAB 8-17: Restoring a Partition Using Clonezilla Live
LAB 9-1: Using Dependency Walker to Determine a PE File’s Dependencies
LAB 9-2: Installing pefile in Ubuntu
LAB 9-3: Using a Python Script to Display PE Header Information
LAB 9-4: Installing and Utilizing pedump
LAB 9-5: Using a Python Script to Display PE Section Information
LAB 9-6: Using a Python Script to Display PE Import Information
LAB 9-7: Using a Python Script to Display PE Export Information
LAB 9-8: Using a Python Script to Display All PE Information
LAB 10-1: Installing and Using p7zip
LAB 10-2: Creating a Private and Public Key Pair
LAB 10-3: Setting the Key as the Default
LAB 10-4: Uploading Your Key to Ubuntu Keyserver
LAB 10-5: Backing Up and Restoring Your Key Pair
LAB 10-7: Unrevoking a Key Pair
LAB 10-8: Changing the Expiration Date of a Key Pair
LAB 10-9: Encrypting and Decrypting a File Using GnuPG
LAB 10-10: Encrypting a File with the Public Key of the Intended Recipient
LAB 11-1: Using a Python Script to Compute MD5 and SHA-1
LAB 11-3: Using a Python Script That Identifies File Type
LAB 11-4: Getting Started with the VirusTotal Public API
LAB 11-5: Using ClamAV for File Scanning
LAB 11-6: Using ClamTK for File Scanning
LAB 11-7: Writing a Signature for ClamAV
LAB 11-8: Packing a File Using UPX
LAB 11-9: Using a Python Script to Identify Packed Binaries
LAB 11-10: Extracting Strings from Files (Ubuntu)
LAB 11-11: Extracting Strings from Files (Windows)
LAB 12-1: Detecting System Changes Using InstallRite
LAB 12-2: Detecting System Changes Using Uninstall Tool
LAB 12-3: Analyzing Running Processes in Memory Using Process Explorer
LAB 12-4: Quickly Inspecting Whether a Process Is Persistent
LAB 12-5: Analyzing Network Behavior Using TCPView
LAB 12-6: Analyzing Network Behavior Using Wireshark
LAB 13-2: Creating a Yara Rule
LAB 13-3: Installing Yara Support for Python
LAB 13-4: Using a Python Script That Utilizes Yara Rules
LAB 13-6: Manually Unpacking a Packed Malware
LAB 13-7: Analyzing a User Mode Rootkit