Often, adversaries want their malicious program to stay on the compromised computers, even when the Windows restarts. This is achieved using various persistence methods; this persistence allows an attacker to remain on the compromised system without having to re-infect it. There are many ways to run the malicious code each time Windows starts. In this section, you will understand some of the persistence methods used by the adversaries. Some of these persistence techniques covered in this section allow the attackers to execute malicious code with elevated privileges (privilege escalation).
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Introduction to Malware Analysis
- Static Analysis
- Dynamic Analysis
- 1. Lab Environment Overview
- 2. System And Network Monitoring
- 3. Dynamic Analysis (Monitoring) Tools
- 4. Dynamic Analysis Steps
- 5. Putting it All Together: Analyzing a Malware Executable
- 6. Dynamic-Link Library (DLL) Analysis
- Summary
- Assembly Language and Disassembly Primer
- 1. Computer Basics
- 2. CPU Registers
- 3. Data Transfer Instructions
- 4. Arithmetic Operations
- 5. Bitwise Operations
- 6. Branching And Conditionals
- 7. Loops
- 8. Functions
- 9. Arrays And Strings
- 10. Structures
- 11. x64 Architecture
- 12. Additional Resources
- 13. Summary
- Disassembly Using IDA
- Debugging Malicious Binaries
- 1. General Debugging Concepts
- 2. Debugging a Binary Using x64dbg
- 2.1 Launching a New Process in x64dbg
- 2.2 Attaching to an Existing Process Using x64dbg
- 2.3 x64dbg Debugger Interface
- 2.4 Controlling Process Execution Using x64dbg
- 2.5 Setting a Breakpoint in x64dbg
- 2.6 Debugging 32-bit Malware
- 2.7 Debugging 64-bit Malware
- 2.8 Debugging a Malicious DLL Using x64dbg
- 2.9 Tracing Execution in x64dbg
- 2.10 Patching in x64dbg
- 3. Debugging a Binary Using IDA
- 3.1 Launching a New Process in IDA
- 3.2 Attaching to an Existing Process Using IDA
- 3.3 IDA's Debugger Interface
- 3.4 Controlling Process Execution Using IDA
- 3.5 Setting a Breakpoint in IDA
- 3.6 Debugging Malware Executables
- 3.7 Debugging a Malicious DLL Using IDA
- 3.8 Tracing Execution Using IDA
- 3.9 Debugger Scripting Using IDAPython
- 4. Debugging a .NET Application
- Summary
- Malware Functionalities and Persistence
- Code Injection and Hooking
- 1. Virtual Memory
- 2. User Mode And Kernel Mode
- 3. Code Injection Techniques
- 4. Hooking Techniques
- 5. Additional Resources
- Summary
- Malware Obfuscation Techniques
- Hunting Malware Using Memory Forensics
- 1. Memory Forensics Steps
- 2. Memory Acquisition
- 3. Volatility Overview
- 4. Enumerating Processes
- 5. Listing Process Handles
- 6. Listing DLLs
- 7. Dumping an Executable and DLL
- 8. Listing Network Connections and Sockets
- 9. Inspecting Registry
- 10. Investigating Service
- 11. Extracting Command History
- Summary
- Detecting Advanced Malware Using Memory Forensics
- Other Books You May Enjoy
2. Malware Persistence Methods
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.