book

Malware Development for Ethical Hackers

Name: Malware Development for Ethical Hackers
Author: Zhassulan Zhussupov
ISBN: 9781801810173

by Zhassulan Zhussupov

June 2024

Beginner

402 pages

8h 34m

English

Packt Publishing

Read now

Unlock full access

Malware Development for Ethical Hackers
ContributorsAbout the authorAbout the reviewersDisclaimer
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your Thoughts
Part 1: Malware Behavior: Injection, Persistence, and Privilege Escalation Techniques
Chapter 1: A Quick Introduction to Malware Development
Getting the most out of this book – get to know your free benefits Interactive AI assistant (beta)DRM-free PDF or ePub version Technical requirementsWhat is malware development?A simple exampleUnpacking malware functionality and behaviorTypes of malwareReverse shellsPractical example: reverse shellPractical example: reverse shell for WindowsDemoLeveraging Windows internals for malware developmentPractical exampleExploring PE-file (EXE and DLL)Practical exampleThe art of deceiving a victim’s systemsSummary
Chapter 2: Exploring Various Malware Injection Attacks
Technical requirementsTraditional injection approaches – code and DLLA simple exampleCode injection exampleDLL injectionDLL injection exampleExploring hijacking techniquesDLL hijackingPractical exampleUnderstanding APC injectionA practical example of APC injectionA practical example of APC injection via NtTestAlertMastering API hooking techniquesWhat is API hooking?Practical exampleSummary
Chapter 3: Mastering Malware Persistence Mechanisms
Technical requirementsClassic path: registry Run KeysA simple exampleLeveraging registry keys utilized by Winlogon processA practical exampleImplementing DLL search order hijacking for persistenceExploiting Windows services for persistenceA practical exampleHunting for persistence: exploring non-trivial loopholesA practical exampleHow to find new persistence tricksSummary
Chapter 4: Mastering Privilege Escalation on Compromised Systems
Technical requirementsManipulating access tokensWindows tokensLocal administratorSeDebugPrivilegeA simple exampleImpersonatePassword stealingPractical exampleLeveraging DLL search order hijacking and supply chain attacksPractical exampleCircumventing UACfodhelper.exePractical exampleSummary
Part 2: Evasion Techniques
Chapter 5: Anti-Debugging Tricks
Technical requirementsDetecting debugger presencePractical example 1Practical example 2Spotting breakpointsPractical exampleIdentifying flags and artifactsPractical exampleProcessDebugFlagsPractical exampleSummary
Chapter 6: Navigating Anti-Virtual Machine Strategies
Technical requirementsFilesystem detection techniquesVirtualBox machine detectionA practical exampleDemoApproaches to hardware detectionChecking the HDDDemoTime-based sandbox evasion techniquesA simple exampleIdentifying VMs through the registryA practical exampleDemoSummary

Chapter 7: Strategies for Anti-Disassembly
Popular anti-disassembly techniquesPractical exampleExploring the function control problem and its benefitsPractical exampleObfuscation of the API and assembly codePractical exampleCrashing malware analysis toolsPractical exampleSummary
Chapter 8: Navigating the Antivirus Labyrinth – a Game of Cat and Mouse
Technical requirementsUnderstanding the mechanics of antivirus enginesStatic detectionHeuristic detectionDynamic heuristic analysisBehavior analysisEvasion static detectionPractical exampleEvasion dynamic analysisPractical exampleCircumventing the Antimalware Scan Interface (AMSI)Practical exampleAdvanced evasion techniquesSyscallsSyscall IDPractical exampleUserland hookingDirect syscallsPractical exampleBypassing EDRPractical exampleSummary
Part 3: Math and Cryptography in Malware
Chapter 9: Exploring Hash Algorithms
Technical requirementsUnderstanding the role of hash algorithms in malwareCryptographic hash functionsApplying hashing in malware analysisA deep dive into common hash algorithmsMD5SHA-1BcryptPractical use of hash algorithms in malwareHashing WINAPI callsMurmurHashSummary
Chapter 10: Simple Ciphers
Technical requirementsIntroduction to simple ciphersCaesar cipherROT13 cipherROT47 cipherDecrypting malware – a practical implementation of simple ciphersCaesar cipherROT13ROT47The power of the Base64 algorithmBase64 in practiceSummary
Chapter 11: Unveiling Common Cryptography in Malware
Technical requirementsOverview of common cryptographic techniques in malwareEncryption resources such as configuration filesPractical exampleCryptography for secure communicationPractical examplePayload protection – cryptography for obfuscationPractical exampleSummary
Chapter 12: Advanced Math Algorithms and Custom Encoding
Technical requirementsExploring advanced math algorithms in malwareTiny encryption algorithm (TEA)A5/1Madryga algorithmPractical exampleThe use of prime numbers and modular arithmetic in malwarePractical exampleImplementing custom encoding techniquesPractical exampleElliptic curve cryptography (ECC) and malwarePractical exampleSummary
Part 4: Real-World Malware Examples
Chapter 13: Classic Malware Examples
Historical overview of classic malwareEarly malwareThe 1980s-2000s – the era of worms and mass propagationMalware of the 21st centuryModern banking TrojansThe evolution of ransomwareAnalysis of the techniques used by classic malwareEvolution and impact of classic malwareLessons learned from classic malwarePractical exampleSummary
Chapter 14: APT and Cybercrime
Introduction to APTsThe birth of APTs – early 2000sOperation Aurora (2009)Stuxnet and the dawn of cyber-physical attacks (2010)The rise of nation-state APTs – mid-2010s onwardWhat about the current landscape and future challenges?Characteristics of APTsInfamous examples of APTsAPT28 (Fancy Bear) – the Russian cyber espionageAPT29 (Cozy Bear) – the persistent intruderLazarus Group – the multifaceted threatEquation Group – the cyber-espionage arm of the NSATailored Access Operations – the cyber arsenal of the NSATTPs used by APTsPersistence via AppInit_DLLsPersistence by accessibility featuresPersistence by alternate data streamsSummary
Chapter 15: Malware Source Code Leaks
Understanding malware source code leaksThe Zeus banking TrojanCarberpCarbanakOther famous malware source code leaksThe impact of source code leaks on the malware development landscapeZeusCarberpCarbanakPractical exampleSignificant examples of malware source code leaksSummary
Chapter 16: Ransomware and Modern Threats
Introduction to ransomware and modern threatsAnalysis of ransomware techniquesContiHello KittyCase studies of notorious ransomware and modern threatsCase study one: WannaCry ransomware attackCase study two: NotPetya ransomware attackCase study three: GandCrab ransomwareCase study four: Ryuk ransomwareModern threatsPractical exampleMitigation and recovery strategiesSummary
Chapter 17: Unlock Your Book’s Exclusive Benefits
How to unlock these benefits in three easy stepsStep 1
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Overview

Embark on a deep dive into the fascinating and complex world of malware development through the lens of ethical hacking with this book. You'll explore hands-on exercises and real-world examples to uncover both common and advanced malware techniques, while learning how to use this knowledge to improve cybersecurity measures effectively.

What this Book will help me do

Understand the logic and programming of malware to simulate real-world cybersecurity situations.
Learn methods to analyze and reverse-engineer various types of malware for security assessments.
Master techniques for bypassing security mechanisms in a controlled and ethical manner for penetration tests.
Gain insight into advanced evasion tactics and persistence mechanisms used by real-world adversaries.
Develop comprehensive knowledge on the interplay between mathematics and cryptography in modern malware development.

Author(s)

Zhassulan Zhussupov is a seasoned cybersecurity expert specializing in penetration testing and ethical hacking. With years of experience in the industry, he has developed a deep understanding of malware mechanisms and adversarial tactics. Zhassulan's approachable and in-depth teaching style makes complex topics accessible to learners of various skill levels.

Who is it for?

This book is ideal for penetration testers, ethical hackers, and red team professionals aiming to expand their understanding of malware. If you possess basic knowledge of cybersecurity concepts and are motivated to enhance your practical skills in malware analysis and development, this book is tailored for you.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781801810173

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills