Chapter 11. Malware Analysis
Detecting the presence of malicious code is one of the most fundamental and challenging activities in cybersecurity operations. You have two main options when analyzing a piece of code: static and dynamic. During static analysis you analyze the code itself to determine whether indicators of malicious activity exist. During dynamic analysis, you execute the code and then look at its behavior and impact on a system to determine its functionality. In this chapter, we focus on static analysis techniques.
Warning
When dealing with potentially malicious files, be sure to perform any analysis on a system that is not connected to a network and does not contain any sensitive information. Afterward, assume that the system has been infected, and completely wipe and reimage the system before introducing it back into your network.
Commands in Use
In this chapter, we introduce curl to interact with websites, vi to edit files, and xxd to perform base conversions and file analysis.
curl
The curl command can be used to transfer data over a network between a client and a server. It supports multiple protocols, including HTTP, HTTPS, FTP, SFTP, and Telnet. curl is extremely versatile. The command options presented next represent only a small fraction of the capabilities available. For more information, be sure to check out the Linux man page for curl.
Common command options
- -A
-
Specify the HTTP user agent string to send to the server
- -d
-
Data to send with an HTTP ...
Get Cybersecurity Ops with bash now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
