September 2018
Beginner to intermediate
237 pages
4h 17m
Chinese
Content preview from 情报驱动应急响应
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
定位
|
97
部功能,甚至包括那些在动态分析过程中不会被触发的功能。
全面逆向工程的缺点在于其工作量。对样本的了解程度,视其大小、复杂程度和对抗分
析手段不同,可能需要数小时甚至数天。因此,对于那些信标尚不充分的新样本,或者
数量较大的样本,通常暂不考虑采用全面逆向工程。不过,掌握某个样本全部能力的需
求总是存在的。因为这可以揭示出攻击者在达成目标阶段的作业能力,比如远程控制能
力或窃取数据的方法。
情报在恶意软件分析中的运用
别人的情报和分析结果往往可以为逆向工程师指引调查途径。比如前面的分析透露出 C2
通信使用了加密的 HTTP 协议,那么逆向工程的重点可能就是寻找加密密钥。如果有迹
象表明信息遭到窃取,但这些信息从未在本机存储,而是只存储于邻近的计算机,那么
合理的做法就是重点分析非主流的信息窃取功能,比如通过麦克风或摄像头。
从恶意软件分析采集数据
恶意软件分析可以让团队获得最为丰富的分析数据,但同时这也是最困难的一种分析
方法。恶意软件分析报告可以提供各种形式的可用数据(包括信标、攻击策略和作业能
力),可以揭示出攻击者在达成目标阶段可能采取的行动,有时甚至可以溯源到攻击者身
份。恶意软件分析可以为网络和主机的检测告警提供有价值信息。
深入了解恶意软件分析
恶意软件分析是一种很难于学习的信息安全技能。它需要深入理解通用计算机编程理
论、操作系统原理,以及常见的恶意软件行为。Michael Ligh 等人编写的《恶意软件分
析人员手册和 DVD:用于打击恶意代码的工具和技术》(
The Malware Analyst ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.