November 2023
Beginner to intermediate
352 pages
5h 8m
Japanese
Content preview from 実践 メモリフォレンジック ―揮発性メモリの効果的なフォレンジック分析
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
9章Linuxでのマルウェアの検知と解析
ほとんどの状況下では、メモリフォレンジックの目標は悪意のある挙動の発見です。TrendMicro(https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-at-linux-threats-risks-and-recommendations)とGroup-IB(https://www.group-ib.com/media-center/press-releases/ransomware-2021、https://blog.group-ib.com/blackmatter)の研究によると、Linuxシステムに対する攻撃は増加しており、攻撃者はLinuxシステムを標的とする特別なソフトウェアを攻撃に活用しています。例えば、BlackMatter、RansomExx、Hiveのようなランサムウェアの管理者は、Linuxに対応したバージョンを用意しています。さらに、ポストエクスプロイトフレームワークや様々なスクリプトも、Linuxシステムの攻撃に用いられています。同時に、脆弱性に対する攻撃や設定不備の悪用は、特にWebアプリケーションに関して言えば、最も一般的な初期アクセスの手法です。
主な挙動はWindowsと大差ありません。ネットワーク接続、プロセスインジェクション、特殊なリソースへのアクセスなどを中心に調査します。この章では、具体的な例を挙げながら、様々な解析手法を分解して解説を進めます。
この章の内容:
- ネットワーク的な挙動の調査
- 悪意のある挙動の解析
- カーネルオブジェクトの調査
9.1 ネットワーク的な挙動の調査 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.