Book description
Analyze malware using Cuckoo Sandbox
- Learn how to analyze malware in a straightforward way with minimum technical skills
- Understand the risk of the rise of document-based malware
- Enhance your malware analysis concepts through illustrations, tips and tricks, step-by-step instructions, and practical real-world scenarios
In Detail
Cuckoo Sandbox is a leading open source automated malware analysis system. This means that you can throw any suspicious file at it and, in a matter of seconds, Cuckoo will provide you with some detailed results outlining what said file did when executed inside an isolated environment.
Cuckoo Malware Analysis is a hands-on guide that will provide you with everything you need to know to use Cuckoo Sandbox with added tools like Volatility, Yara, Cuckooforcanari, Cuckoomx, Radare, and Bokken, which will help you to learn malware analysis in an easier and more efficient way.
Cuckoo Malware Analysis will cover basic theories in sandboxing, automating malware analysis, and how to prepare a safe environment lab for malware analysis. You will get acquainted with Cuckoo Sandbox architecture and learn how to install Cuckoo Sandbox, troubleshoot the problems after installation, submit malware samples, and also analyze PDF files, URLs, and binary files. This book also covers memory forensics – using the memory dump feature, additional memory forensics using Volatility, viewing result analyses using the Cuckoo analysis package, and analyzing APT attacks using Cuckoo Sandbox, Volatility, and Yara.
Finally, you will also learn how to screen Cuckoo Sandbox against VM detection and how to automate the scanning of e-mail attachments with Cuckoo.
Table of contents
-
Cuckoo Malware Analysis
- Table of Contents
- Cuckoo Malware Analysis
- Credits
- About the Authors
- Acknowledgement
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Getting Started with Automated Malware Analysis using Cuckoo Sandbox
- Malware analysis methodologies
- Basic theory in Sandboxing
- Malware analysis lab
- Cuckoo Sandbox
- Installing Cuckoo Sandbox
- Summary
-
2. Using Cuckoo Sandbox to Analyze a Sample Malware
- Starting Cuckoo
- Submitting malware samples to Cuckoo Sandbox
- Submitting a malware Word document
- Submitting a malware PDF document – aleppo_plan_cercs.pdf
- Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
- Submitting a malicious URL – http://youtibe.com
- Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
- Submitting a binary file – Sality.G.exe
- Memory forensic using Cuckoo Sandbox – using memory dump features
- Additional memory forensic using Volatility
- Summary
- 3. Analyzing the Output of Cuckoo Sandbox
- 4. Reporting with Cuckoo Sandbox
- 5. Tips and Tricks for Cuckoo Sandbox
- Index
Product information
- Title: Cuckoo Malware Analysis
- Author(s):
- Release date: October 2013
- Publisher(s): Packt Publishing
- ISBN: 9781782169239
You might also like
book
Dynamic Vulnerability Assessment and Intelligent Control
Identifying, assessing, and mitigating electric power grid vulnerabilities is a growing focus in short-term operational planning …
book
Modernizing Cybersecurity Operations with Machine Intelligence
Adversaries and hackers have gained significant and distinct advantages in cyber warfare today. Creative, fast, and …
video
GenAI Essentials for Everyone - Overview
Our team of experts has hand-selected and organized the most crucial concepts and practical applications of …
article
Use GitHub Copilot: Additional Tips
Using GitHub Copilot can feel like magic. The tool automatically fills out entire blocks of code--but …