Malware Analysis Techniques covers several topics relating to the static and behavioral analysis of malware in the quest to understand the behavior, abilities, and goals of adversarial software. It provides technical walk-throughs and leverages several different tools to this end.
The book seeks to make you more effective and faster at triaging and to help you gain an understanding of the adversarial software you may come across – and how to better defend an enterprise against it.
Malware Analysis Techniques is for everyone – that is to say, the book covers things in such a way that they should be easy to pick up for even a beginner analyst. The book is for those who wish to break into malware analysis, those who wish to become more effective at understanding malware, and those who wish to harden and defend their network against adversarial software by understanding it.
A minimum technical knowledge of utilizing virtual machines and general computing knowledge and the ability to use the command line are all that are required to get started.
Chapter 1, Creating and Maintaining Your Detonation Environment, provides a guide to building your malware analysis lab.
Chapter 2, Static Analysis – Techniques and Tooling, provides an introduction to basic analysis without execution.
Chapter 3, Dynamic Analysis – Techniques and Tooling, provides an introduction to basic behavioral analysis.
Chapter 4, A Word on Automated Sandboxing, covers how to automate basic analysis of malware.
Chapter 5, Advanced Static Analysis – Out of the White Noise, dives into more advanced static analysis utilizing Ghidra and other tooling.
Chapter 6, Advanced Dynamic Analysis – Looking at Explosions, provides a closer look at advanced behavioral analysis techniques.
Chapter 7, Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill, provides a look at how malware may attempt to misdirect analysis efforts.
Chapter 8, De-Obfuscation – Putting the Toothpaste Back in the Tube, covers analysis, de-obfuscation, and the triage of malicious droppers and scripts.
Chapter 9, The Reverse Card – Weaponization of IOCs and OSINT for Defense, covers how intelligence gained during analysis may be leveraged to defend the network.
Chapter 10, Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK, covers leveraging the ATT&CK framework to communicate malicious capability and write concise, efficacious reports.
Chapter 11, Challenge Solutions, covers the challenges that have been posed throughout the book in several of the chapters.
Generally speaking, little knowledge is required before beginning with this book, as step-by-step guides are provided in order to best illustrate the techniques covered. It's assumed that you'll have utilized a computer – and, by extension, a Windows OS – and virtual machines to some degree prior.
The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Malware-Analysis-Techniques. In case there's an update to the code, it will be updated on the existing GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781839212277_ColorImages.pdf.
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We can view the usage of the cmdlet by typing Get-Help Get-FileHash."
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "We can take a SHA256 of the binary by right-clicking and utilizing the HashMyFiles menu option."
Tips or important notes
Appear like this.
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.