Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

by Zhassulan Zhussupov
Released June 2024
Publisher(s): Packt Publishing
ISBN: 9781801810173

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Packed with real-world examples, this book simplifies cybersecurity, delves into malware development, and serves as a must-read for advanced ethical hackers

Key Features

  • Learn how to develop and program Windows malware applications using hands-on examples
  • Explore methods to bypass security mechanisms and make malware undetectable on compromised systems
  • Understand the tactics and tricks of real adversaries and APTs and apply their experience in your operations
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Malware Development for Ethical Hackers is a comprehensive guide to the dark side of cybersecurity within an ethical context.

This book takes you on a journey through the intricate world of malware development, shedding light on the techniques and strategies employed by cybercriminals. As you progress, you’ll focus on the ethical considerations that ethical hackers must uphold. You’ll also gain practical experience in creating and implementing popular techniques encountered in real-world malicious applications, such as Carbanak, Carberp, Stuxnet, Conti, Babuk, and BlackCat ransomware. This book will also equip you with the knowledge and skills you need to understand and effectively combat malicious software.

By the end of this book, you'll know the secrets behind malware development, having explored the intricate details of programming, evasion techniques, persistence mechanisms, and more.

What you will learn

  • Familiarize yourself with the logic of real malware developers for cybersecurity
  • Get to grips with the development of malware over the years using examples
  • Understand the process of reconstructing APT attacks and their techniques
  • Design methods to bypass security mechanisms for your red team scenarios
  • Explore over 80 working examples of malware
  • Get to grips with the close relationship between mathematics and modern malware

Who this book is for

This book is for penetration testers, exploit developers, ethical hackers, red teamers, and offensive security researchers. Anyone interested in cybersecurity and ethical hacking will also find this book helpful. Familiarity with core ethical hacking and cybersecurity concepts will help you understand the topics discussed in this book more easily.

Table of contents

  1. Malware Development for Ethical Hackers
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Disclaimer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
    8. Download a free PDF copy of this book
  7. Part 1: Malware Behavior: Injection, Persistence, and Privilege Escalation Techniques
  8. Chapter 1: A Quick Introduction to Malware Development
    1. Technical requirements
    2. What is malware development?
      1. A simple example
    3. Unpacking malware functionality and behavior
      1. Types of malware
      2. Reverse shells
      3. Practical example: reverse shell
      4. Practical example: reverse shell for Windows
      5. Demo
    4. Leveraging Windows internals for malware development
      1. Practical example
    5. Exploring PE-file (EXE and DLL)
      1. Practical example
    6. The art of deceiving a victim’s systems
    7. Summary
  9. Chapter 2: Exploring Various Malware Injection Attacks
    1. Technical requirements
    2. Traditional injection approaches – code and DLL
      1. A simple example
      2. Code injection example
      3. DLL injection
      4. DLL injection example
    3. Exploring hijacking techniques
      1. DLL hijacking
      2. Practical example
    4. Understanding APC injection
      1. A practical example of APC injection
      2. A practical example of APC injection via NtTestAlert
    5. Mastering API hooking techniques
      1. What is API hooking?
      2. Practical example
    6. Summary
  10. Chapter 3: Mastering Malware Persistence Mechanisms
    1. Technical requirements
    2. Classic path: registry Run Keys
      1. A simple example
    3. Leveraging registry keys utilized by Winlogon process
      1. A practical example
    4. Implementing DLL search order hijacking for persistence
    5. Exploiting Windows services for persistence
      1. A practical example
    6. Hunting for persistence: exploring non-trivial loopholes
      1. A practical example
    7. How to find new persistence tricks
    8. Summary
  11. Chapter 4: Mastering Privilege Escalation on Compromised Systems
    1. Technical requirements
    2. Manipulating access tokens
      1. Windows tokens
      2. Local administrator
      3. SeDebugPrivilege
      4. A simple example
      5. Impersonate
    3. Password stealing
      1. Practical example
    4. Leveraging DLL search order hijacking and supply chain attacks
      1. Practical example
    5. Circumventing UAC
      1. fodhelper.exe
      2. Practical example
    6. Summary
  12. Part 2: Evasion Techniques
  13. Chapter 5: Anti-Debugging Tricks
    1. Technical requirements
    2. Detecting debugger presence
      1. Practical example 1
      2. Practical example 2
    3. Spotting breakpoints
      1. Practical example
    4. Identifying flags and artifacts
      1. Practical example
      2. ProcessDebugFlags
      3. Practical example
    5. Summary
  14. Chapter 6: Navigating Anti-Virtual Machine Strategies
    1. Technical requirements
    2. Filesystem detection techniques
      1. VirtualBox machine detection
      2. A practical example
      3. Demo
    3. Approaches to hardware detection
      1. Checking the HDD
      2. Demo
    4. Time-based sandbox evasion techniques
      1. A simple example
    5. Identifying VMs through the registry
      1. A practical example
      2. Demo
    6. Summary
  15. Chapter 7: Strategies for Anti-Disassembly
    1. Popular anti-disassembly techniques
      1. Practical example
    2. Exploring the function control problem and its benefits
      1. Practical example
    3. Obfuscation of the API and assembly code
      1. Practical example
    4. Crashing malware analysis tools
      1. Practical example
    5. Summary
  16. Chapter 8: Navigating the Antivirus Labyrinth – a Game of Cat and Mouse
    1. Technical requirements
    2. Understanding the mechanics of antivirus engines
      1. Static detection
      2. Heuristic detection
      3. Dynamic heuristic analysis
      4. Behavior analysis
    3. Evasion static detection
      1. Practical example
    4. Evasion dynamic analysis
      1. Practical example
    5. Circumventing the Antimalware Scan Interface (AMSI)
      1. Practical example
    6. Advanced evasion techniques
      1. Syscalls
      2. Syscall ID
      3. Practical example
      4. Userland hooking
      5. Direct syscalls
      6. Practical example
      7. Bypassing EDR
      8. Practical example
    7. Summary
  17. Part 3: Math and Cryptography in Malware
  18. Chapter 9: Exploring Hash Algorithms
    1. Technical requirements
    2. Understanding the role of hash algorithms in malware
      1. Cryptographic hash functions
      2. Applying hashing in malware analysis
    3. A deep dive into common hash algorithms
      1. MD5
      2. SHA-1
      3. Bcrypt
    4. Practical use of hash algorithms in malware
      1. Hashing WINAPI calls
      2. MurmurHash
    5. Summary
  19. Chapter 10: Simple Ciphers
    1. Technical requirements
    2. Introduction to simple ciphers
      1. Caesar cipher
      2. ROT13 cipher
      3. ROT47 cipher
    3. Decrypting malware – a practical implementation of simple ciphers
      1. Caesar cipher
      2. ROT13
      3. ROT47
    4. The power of the Base64 algorithm
      1. Base64 in practice
    5. Summary
  20. Chapter 11: Unveiling Common Cryptography in Malware
    1. Technical requirements
    2. Overview of common cryptographic techniques in malware
      1. Encryption resources such as configuration files
      2. Practical example
    3. Cryptography for secure communication
      1. Practical example
    4. Payload protection – cryptography for obfuscation
      1. Practical example
    5. Summary
  21. Chapter 12: Advanced Math Algorithms and Custom Encoding
    1. Technical requirements
    2. Exploring advanced math algorithms in malware
      1. Tiny encryption algorithm (TEA)
      2. A5/1
      3. Madryga algorithm
      4. Practical example
    3. The use of prime numbers and modular arithmetic in malware
      1. Practical example
    4. Implementing custom encoding techniques
      1. Practical example
    5. Elliptic curve cryptography (ECC) and malware
      1. Practical example
    6. Summary
  22. Part 4: Real-World Malware Examples
  23. Chapter 13: Classic Malware Examples
    1. Historical overview of classic malware
      1. Early malware
      2. The 1980s-2000s – the era of worms and mass propagation
      3. Malware of the 21st century
      4. Modern banking Trojans
      5. The evolution of ransomware
    2. Analysis of the techniques used by classic malware
    3. Evolution and impact of classic malware
    4. Lessons learned from classic malware
      1. Practical example
    5. Summary
  24. Chapter 14: APT and Cybercrime
    1. Introduction to APTs
      1. The birth of APTs – early 2000s
      2. Operation Aurora (2009)
      3. Stuxnet and the dawn of cyber-physical attacks (2010)
      4. The rise of nation-state APTs – mid-2010s onward
      5. What about the current landscape and future challenges?
    2. Characteristics of APTs
    3. Infamous examples of APTs
      1. APT28 (Fancy Bear) – the Russian cyber espionage
      2. APT29 (Cozy Bear) – the persistent intruder
      3. Lazarus Group – the multifaceted threat
      4. Equation Group – the cyber-espionage arm of the NSA
      5. Tailored Access Operations – the cyber arsenal of the NSA
    4. TTPs used by APTs
      1. Persistence via AppInit_DLLs
      2. Persistence by accessibility features
      3. Persistence by alternate data streams
    5. Summary
  25. Chapter 15: Malware Source Code Leaks
    1. Understanding malware source code leaks
      1. The Zeus banking Trojan
      2. Carberp
      3. Carbanak
      4. Other famous malware source code leaks
    2. The impact of source code leaks on the malware development landscape
      1. Zeus
      2. Carberp
      3. Carbanak
      4. Practical example
    3. Significant examples of malware source code leaks
    4. Summary
  26. Chapter 16: Ransomware and Modern Threats
    1. Introduction to ransomware and modern threats
    2. Analysis of ransomware techniques
      1. Conti
      2. Hello Kitty
    3. Case studies of notorious ransomware and modern threats
      1. Case study one: WannaCry ransomware attack
      2. Case study two: NotPetya ransomware attack
      3. Case study three: GandCrab ransomware
      4. Case study four: Ryuk ransomware
      5. Modern threats
      6. Practical example
    4. Mitigation and recovery strategies
    5. Summary
  27. Index
    1. Why subscribe?
  28. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Malware Development for Ethical Hackers
  • Author(s): Zhassulan Zhussupov
  • Release date: June 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781801810173