book

Malware Development for Ethical Hackers

by Zhassulan Zhussupov

June 2024

Beginner

402 pages

8h 34m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewersDisclaimer
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your Thoughts
Getting the most out of this book – get to know your free benefits Interactive AI assistant (beta)DRM-free PDF or ePub version Technical requirementsWhat is malware development?A simple exampleUnpacking malware functionality and behaviorTypes of malwareReverse shellsPractical example: reverse shellPractical example: reverse shell for WindowsDemoLeveraging Windows internals for malware developmentPractical exampleExploring PE-file (EXE and DLL)Practical exampleThe art of deceiving a victim’s systemsSummary
Technical requirementsTraditional injection approaches – code and DLLA simple exampleCode injection exampleDLL injectionDLL injection exampleExploring hijacking techniquesDLL hijackingPractical exampleUnderstanding APC injectionA practical example of APC injectionA practical example of APC injection via NtTestAlertMastering API hooking techniquesWhat is API hooking?Practical exampleSummary
Technical requirementsClassic path: registry Run KeysA simple exampleLeveraging registry keys utilized by Winlogon processA practical exampleImplementing DLL search order hijacking for persistenceExploiting Windows services for persistenceA practical exampleHunting for persistence: exploring non-trivial loopholesA practical exampleHow to find new persistence tricksSummary
Technical requirementsManipulating access tokensWindows tokensLocal administratorSeDebugPrivilegeA simple exampleImpersonatePassword stealingPractical exampleLeveraging DLL search order hijacking and supply chain attacksPractical exampleCircumventing UACfodhelper.exePractical exampleSummary
Technical requirementsDetecting debugger presencePractical example 1Practical example 2Spotting breakpointsPractical exampleIdentifying flags and artifactsPractical exampleProcessDebugFlagsPractical exampleSummary
Technical requirementsFilesystem detection techniquesVirtualBox machine detectionA practical exampleDemoApproaches to hardware detectionChecking the HDDDemoTime-based sandbox evasion techniquesA simple exampleIdentifying VMs through the registryA practical exampleDemoSummary

Popular anti-disassembly techniquesPractical exampleExploring the function control problem and its benefitsPractical exampleObfuscation of the API and assembly codePractical exampleCrashing malware analysis toolsPractical exampleSummary
Technical requirementsUnderstanding the mechanics of antivirus enginesStatic detectionHeuristic detectionDynamic heuristic analysisBehavior analysisEvasion static detectionPractical exampleEvasion dynamic analysisPractical exampleCircumventing the Antimalware Scan Interface (AMSI)Practical exampleAdvanced evasion techniquesSyscallsSyscall IDPractical exampleUserland hookingDirect syscallsPractical exampleBypassing EDRPractical exampleSummary
Technical requirementsUnderstanding the role of hash algorithms in malwareCryptographic hash functionsApplying hashing in malware analysisA deep dive into common hash algorithmsMD5SHA-1BcryptPractical use of hash algorithms in malwareHashing WINAPI callsMurmurHashSummary
Technical requirementsIntroduction to simple ciphersCaesar cipherROT13 cipherROT47 cipherDecrypting malware – a practical implementation of simple ciphersCaesar cipherROT13ROT47The power of the Base64 algorithmBase64 in practiceSummary
Technical requirementsOverview of common cryptographic techniques in malwareEncryption resources such as configuration filesPractical exampleCryptography for secure communicationPractical examplePayload protection – cryptography for obfuscationPractical exampleSummary
Technical requirementsExploring advanced math algorithms in malwareTiny encryption algorithm (TEA)A5/1Madryga algorithmPractical exampleThe use of prime numbers and modular arithmetic in malwarePractical exampleImplementing custom encoding techniquesPractical exampleElliptic curve cryptography (ECC) and malwarePractical exampleSummary
Historical overview of classic malwareEarly malwareThe 1980s-2000s – the era of worms and mass propagationMalware of the 21st centuryModern banking TrojansThe evolution of ransomwareAnalysis of the techniques used by classic malwareEvolution and impact of classic malwareLessons learned from classic malwarePractical exampleSummary
Introduction to APTsThe birth of APTs – early 2000sOperation Aurora (2009)Stuxnet and the dawn of cyber-physical attacks (2010)The rise of nation-state APTs – mid-2010s onwardWhat about the current landscape and future challenges?Characteristics of APTsInfamous examples of APTsAPT28 (Fancy Bear) – the Russian cyber espionageAPT29 (Cozy Bear) – the persistent intruderLazarus Group – the multifaceted threatEquation Group – the cyber-espionage arm of the NSATailored Access Operations – the cyber arsenal of the NSATTPs used by APTsPersistence via AppInit_DLLsPersistence by accessibility featuresPersistence by alternate data streamsSummary
Understanding malware source code leaksThe Zeus banking TrojanCarberpCarbanakOther famous malware source code leaksThe impact of source code leaks on the malware development landscapeZeusCarberpCarbanakPractical exampleSignificant examples of malware source code leaksSummary
Introduction to ransomware and modern threatsAnalysis of ransomware techniquesContiHello KittyCase studies of notorious ransomware and modern threatsCase study one: WannaCry ransomware attackCase study two: NotPetya ransomware attackCase study three: GandCrab ransomwareCase study four: Ryuk ransomwareModern threatsPractical exampleMitigation and recovery strategiesSummary
How to unlock these benefits in three easy stepsStep 1
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Embark on a deep dive into the fascinating and complex world of malware development through the lens of ethical hacking with this book. You'll explore hands-on exercises and real-world examples to uncover both common and advanced malware techniques, while learning how to use this knowledge to improve cybersecurity measures effectively.

What this Book will help me do

Understand the logic and programming of malware to simulate real-world cybersecurity situations.
Learn methods to analyze and reverse-engineer various types of malware for security assessments.
Master techniques for bypassing security mechanisms in a controlled and ethical manner for penetration tests.
Gain insight into advanced evasion tactics and persistence mechanisms used by real-world adversaries.
Develop comprehensive knowledge on the interplay between mathematics and cryptography in modern malware development.

Author(s)

Zhassulan Zhussupov is a seasoned cybersecurity expert specializing in penetration testing and ethical hacking. With years of experience in the industry, he has developed a deep understanding of malware mechanisms and adversarial tactics. Zhassulan's approachable and in-depth teaching style makes complex topics accessible to learners of various skill levels.

Who is it for?

This book is ideal for penetration testers, ethical hackers, and red team professionals aiming to expand their understanding of malware. If you possess basic knowledge of cybersecurity concepts and are motivated to enhance your practical skills in malware analysis and development, this book is tailored for you.