book

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

Name: Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
ISBN: 9780470613030

by Michael Hale Ligh, Steven Adair, Blake Hartstein, Matthew Richard

November 2010

Intermediate to advanced

744 pages

17h 18m

English

Wiley

Read now

Unlock full access

Copyright
Credits
About the Authors
Acknowledgments
Introduction
Who Should Read This BookHow This Book Is OrganizedSetting Up Your EnvironmentConventions
On The Book's DVD
1. Anonymizing Your Activities
1.1. The Onion Router (Tor)1.2. Malware Research with Tor1.3. Tor Pitfalls1.3.1. Speed1.3.2. Untrustworthy Tor Operators1.3.3. Tor Block Lists1.4. Proxy Servers and Protocols1.4.1. HTTP1.4.2. SOCKS41.4.3. SOCKS51.5. Web-Based Anonymizers1.6. Alternate Ways to Stay Anonymous1.7. Cellular Internet Connections1.8. Virtual Private Networks1.9. Being Unique and Not Getting Busted
2. Honeypots
2.1. Nepenthes Honeypots2.2. Working with Dionaea Honeypots
3. Malware Classification
3.1. Classification with ClamAV3.2. Classification with YARA3.3. Putting It All Together
4. Sandboxes and Multi-AV Scanners
4.1. Public Antivirus Scanners4.2. Multi-Antivirus Scanner Comparison4.3. Public Sandbox Analysis

5. Researching Domains and IP Addresses
5.1. Researching Suspicious Domains5.1.1. WHOIS on Linux and Mac OS X5.1.2. Cygwin on Windows5.1.3. WHOIS with Sysinternals on Windows5.1.4. Additional Tools for Windows5.1.5. Web Tools5.1.6. The Host Command (Unix only)5.1.7. The Dig Command (Unix only)5.1.8. The nslookup command5.1.9. The Ping Command5.1.10. Web-Based Tools5.2. Researching IP Addresses5.3. Researching with Passive DNS and Other Tools5.3.1. Querying ASNs with Shadowserver5.3.2. Querying ASNs with Netcat5.3.3. The Anti-Abuse Project5.4. Fast Flux Domains5.4.1. Detecting Fast Flux with TTLs5.4.2. Using Passive DNS for Detecting Fast Flux5.5. Geo-Mapping IP Addresses
6. Documents, Shellcode, and URLs
6.1. Analyzing JavaScript6.2. Analyzing PDF Documents6.3. Analyzing Malicious Office Documents6.4. Analyzing Network Traffic
7. Malware Labs
7.1. Networking7.2. Physical Targets
8. Automation
8.1. The Analysis Cycle8.2. Automation with Python8.3. Adding Analysis Modules8.4. Miscellaneous Systems
9. Dynamic Analysis
9.1. API Monitoring/Hooking9.2. Data Preservation
10. Malware Forensics
10.1. The Sleuth Kit (TSK)10.2. Forensic/Incident Response Grab Bag10.3. Registry Analysis
11. Debugging Malware
11.1. Working with Debuggers11.2. Immunity Debugger's Python API11.3. WinAppDbg Python Debugger
12. De-obfuscation
12.1. Decoding Common Algorithms12.2. Decryption12.3. Unpacking Malware12.4. Unpacking Resources12.5. Debugger Scripting
13. Working with DLLs
14. Kernel Debugging
14.1. Remote Kernel Debugging14.2. Local Kernel Debugging14.3. Software Requirements
15. Memory Forensics with Volatility
15.1. Memory Acquisition15.2. Preparing a Volatility Install15.2.1. Visualizations with psscan
16. Memory Forensics: Code Injection and Extraction
16.1. Investigating DLLs16.1.1. Code Injection and the VAD16.1.2. Adding YARA to malfind16.2. Reconstructing Binaries
17. Memory Forensics: Rootkits
18. Memory Forensics: Network and Registry
18.1. Registry Analysis

Content preview from Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

On The Book's DVD

The book's DVD contains evidence files, videos, source code, and programs that you can use to follow along with recipes or to conduct your own investigations and analysis. It also contains the full-size, original images and figures that you can view, since they appear in black and white in the book. The files are organized on the DVD in folders named according to the chapter and recipe number. Most of the tools on the DVD are written in C, Python, or Perl and carry a GPLv2 or GPLv3 license. You can use a majority of them as-is, but a few may require small modifications depending on your system's configuration. Thus, even if you're not a programmer, you should take a look at the top of the source file to see if there are any notes regarding dependencies, the platforms on which we tested the tools, and any variables that you may need to change according to your environment.

We do not guarantee that all programs are bug free (who does?), thus, we welcome feature requests and bug reports addressed to malwarecookbook@gmail.com. If we do provide updates for the code in the future, you can always find the most recent versions at http://www.malwarecookbook.com.

The following table shows a summary of the tools that you can find on the DVD, including the corresponding recipe number, programming language, and intended platform.

Table I.1. Maximum IOPS Performed by SCSI Controller

Recipe	Tool	Description	Language	Platform
1-3	torwget.py	Multi-platform TOR-enabled URL fetcher	Python	All ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470613030Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

by Michael Hale Ligh, Steven Adair, Blake Hartstein, Matthew Richard

On The Book's DVD

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.