Malware Analyst's Cookbook and DVD. Tools and Techniques for Fighting Malicious Code



Similar documents
Global Big Data Analytics Market for Test and Measurement

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

World Enterprise, Broadband, Mobile Video Transcoders Market

Analysis of the Global Enterprise Firewall Market

U.S. Call Center Software Markets

World Wireless Protocol Analyzers and Network Monitoring Systems

Next Generation Enterprise Mobility Management Market Insight

U.S. Mobile Device Management (MDM) Market 2012: Solving the Many Challenges in Enterprise Mobility

Brochure More information from

Detecting Malware With Memory Forensics. Hal Pomeranz SANS Institute

IP VPN Market Forecast in India to 2016

U.S. Database Management System Software by Vertical Market

General Dynamics Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Global Physical Security Information Management Market Assessment

Strategic Analysis of the Impact of Big Data on the European and North American Automotive Industry

Global Multiple Sclerosis Epidemiology and Patient Flow Analysis

Excel 2013 Power Programming with VBA. Mr. Spreadsheet's Bookshelf

Global Multiple Myeloma Epidemiology and Patient Flow Analysis

Global Haemophilia Epidemiology and Patient Flow Analysis

Global Big Data Analytics Market

General Cable Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

2015 U.S. Technical and Trade Schools Industry - Industry Report

Global Technology Trends Report: Big Data and Extreme Info Processing

Strategic Global Sourcing Best Practices

The Practical Guide to Project Management Documentation

Analysis of the North American Automotive Wire and Cable Materials Market: Price-performance Index of Materials Will be Key in Driving Growth

Public Cloud Computing Market for SMBs in India - Affordable Connectivity and Virtualization Technologies to Drive Adoption of Public Cloud

Security Audit Program - ISO 28000, 27001, & ISO / HIPAA / SOX PCI-DSS Compliant

Vulnerability Management (VM) - Global Market Analysis

The Value of Physical Memory for Incident Response

Strategic Analysis of Fleet Vehicle Leasing Market in Ireland

Web Design. A Complete Introduction

European Electronic Medical Records (EMR) Markets

Analysis of the Global SSL Certificate Market

Waste Management: Company Profile

Varma Mutual Pension Insurance Company - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Riemser Arzneimittel AG - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

ZOHO Company Profile, focussing on CRM Activities

Insights into Big Data and Analytics in Brazil

Grupo PRISA - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

"Personal Accident and Health Insurance Claims and Expenses in Morocco to 2018: Market Databook"

Global Opioid Dependence Drugs Market Highlights

Forms 1099 & W-9 Update - Current Year IRS Information Reporting Form Guidelines - Recorded Webinar

Android Application Development Cookbook. 93 Recipes for Building Winning Apps

Big Data in Customer Relationship Management (CRM)

Analysis of the Brazilian Data Center Power Supplies Market

Global Change and Configuration Management Software Market

Pacific Biosciences of California, Inc. - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Western European Storage Area Network (SAN) Market

Bayerische Motoren Werke AG - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

'Personal Accident and Health Insurance Premiums and Claims in Australia to 2018: Market Brief' contains

Project Scheduling and Management for Construction. 4th Edition. RSMeans

Personal Accident and Health Insurance Investments in Russia to 2018: Market Databook

Microsoft Dynamics CRM 2011 Administration Bible

Windows Command Line Administration Instant Reference

Deutsche Telekom AG - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Analysis of the Commercial Flight Training and Simulation Market

Personal Accident and Health Insurance Claims and Expenses in Belarus to 2016: Market Databook

Cloud Infrastructure as a Service Market Update 2015

Det Norske Veritas - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

'Personal Accident and Health Insurance Premiums and Claims in Kenya to 2018: Market Brief' contains

Global and Chinese Polypropylene carbonate (PPC) Industry

Global Client Virtualization Software Market

Professional Alfresco. Practical Solutions for Enterprise Content Management

Enterprise Service Bus (ESB) - Global Strategic Business Report

Global Virtual Desktop Infrastructure (VDI) Market

Estonia: Clay Tiles And Roofing - Market Report. Analysis And Forecast To 2020

Search Engine Optimization (SEO) Secrets

Nippon Life Insurance Company - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Predictive Analytics for Human Resources. Wiley and SAS Business Series

Global Security Services Market

Personal Accident and Health Insurance Claims and Expenses in South Africa to 2017: Market Databook

The Laboratory Quality Assurance System. A Manual of Quality Procedures and Forms. 3rd Edition

Non-Life Insurance Premiums and Claims in Georgia to 2017: Market Brief

Non-Life Insurance Premiums and Claims in Brazil to 2018: Market Brief

VoIP. Wireless, P2P and New Enterprise Voice over IP

Enterprise VoIP - Future Potential of the Indian Market for Managed VoIP Solutions

World Security Information and Event Management (SIEM) and Log Management Products Market

Transcription:

Brochure More information from http://www.researchandmarkets.com/reports/2251703/ Malware Analyst's Cookbook and DVD. Tools and Techniques for Fighting Malicious Code Description: A computer forensics "how-to" for fighting malicious code and analyzing incidents With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. - Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions - Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more - Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers. Contents: Introduction. On The Book's DVD. 1 Anonymizing Your Activities. Recipe 1-1: Anonymous Web Browsing with Tor. Recipe 1-2: Wrapping Wget and Network Clients with Torsocks. Recipe 1-3: Multi-platform Tor-enabled Downloader in Python. Recipe 1-4: Forwarding Traffic through Open Proxies. Recipe 1-5: Using SSH Tunnels to Proxy Connections. Recipe 1-6: Privacy-enhanced Web browsing with Privoxy. Recipe 1-7: Anonymous Surfing with Anonymouse.org. Recipe 1-8: Internet Access through Cellular Networks. Recipe 1-9: Using VPNs with Anonymizer Universal. 2 Honeypots. Recipe 2-1: Collecting Malware Samples with Nepenthes. Recipe 2-2: Real-Time Attack Monitoring with IRC Logging. Recipe 2-3: Accepting Nepenthes Submissions over HTTP with Python. Recipe 2-4: Collecting Malware Samples with Dionaea. Recipe 2-5: Accepting Dionaea Submissions over HTTP with Python.

Recipe 2-6: Real-time Event Notification and Binary Sharing with XMPP. Recipe 2-7: Analyzing and Replaying Attacks Logged by Dionea. Recipe 2-8: Passive Identification of Remote Systems with p0f. Recipe 2-9: Graphing Dionaea Attack Patterns with SQLite and Gnuplot. 3 Malware Classification. Recipe 3-1: Examining Existing ClamAV Signatures. Recipe 3-2: Creating a Custom ClamAV Database. Recipe 3-3: Converting ClamAV Signatures to YARA. Recipe 3-4: Identifying Packers with YARA and PEiD. Recipe 3-5: Detecting Malware Capabilities with YARA. Recipe 3-6: File Type Identification and Hashing in Python. Recipe 3-7: Writing a Multiple-AV Scanner in Python. Recipe 3-8: Detecting Malicious PE Files in Python. Recipe 3-9: Finding Similar Malware with ssdeep. Recipe 3-10: Detecting Self-modifying Code with ssdeep. Recipe 3-11: Comparing Binaries with IDA and BinDiff. 4 Sandboxes and Multi-AV Scanners. Recipe 4-1: Scanning Files with VirusTotal. Recipe 4-2: Scanning Files with Jotti. Recipe 4-3: Scanning Files with NoVirusThanks. Recipe 4-4: Database-Enabled Multi-AV Uploader in Python. Recipe 4-5: Analyzing Malware with ThreatExpert. Recipe 4-6: Analyzing Malware with CWSandbox. Recipe 4-7: Analyzing Malware with Anubis. Recipe 4-8: Writing AutoIT Scripts for Joebox. Recipe 4-9: Defeating Path-dependent Malware with Joebox. Recipe 4-10: Defeating Process-dependent DLLs with Joebox. Recipe 4-11: Setting an Active HTTP Proxy with Joebox. Recipe 4-12: Scanning for Artifacts with Sandbox Results. 5 Researching Domains and IP Addresses. Recipe 5-1: Researching Domains with WHOIS. Recipe 5-2: Resolving DNS Hostnames.

Recipe 5-3: Obtaining IP WHOIS Records. Recipe 5-4: Querying Passive DNS with BFK. Recipe 5-5: Checking DNS Records with Robtex. Recipe 5-6: Performing a Reverse IP Search with DomainTools. Recipe 5-7: Initiating Zone Transfers with dig. Recipe 5-8: Brute-forcing Subdomains with dnsmap. Recipe 5-9: Mapping IP Addresses to ASNs via Shadowserver. Recipe 5-10: Checking IP Reputation with RBLs. Recipe 5-11: Detecting Fast Flux with Passive DNS and TTLs. Recipe 5-12: Tracking Fast Flux Domains. Recipe 5-13: Static Maps with Maxmind, matplotlib, and pygeoip. Recipe 5-14: Interactive Maps with Google Charts API. 6 Documents, Shellcode, and URLs. Recipe 6-1: Analyzing JavaScript with Spidermonkey. Recipe 6-2: Automatically Decoding JavaScript with Jsunpack. Recipe 6-3: Optimizing Jsunpack-n Decodings for Speed and Completeness. Recipe 6-4: Triggering exploits by Emulating Browser DOM Elements. Recipe 6-5: Extracting JavaScript from PDF Files with pdf.py. Recipe 6-6: Triggering Exploits by Faking PDF Software Versions. Recipe 6-7: Leveraging Didier Stevens's PDF Tools. Recipe 6-8: Determining which Vulnerabilities a PDF File Exploits. Recipe 6-9: Disassembling Shellcode with DiStorm. Recipe 6-10: Emulating Shellcode with Libemu. Recipe 6-11: Analyzing Microsoft Office Files with OfficeMalScanner. Recipe 6-12: Debugging Office Shellcode with DisView and MalHost-setup. Recipe 6-13: Extracting HTTP Files from Packet Captures with Jsunpack. Recipe 6-14: Graphing URL Relationships with Jsunpack. 7 Malware Labs. Recipe 7-1: Routing TCP/IP Connections in Your Lab. Recipe 7-2: Capturing and Analyzing Network Traffic. Recipe 7-3: Simulating the Internet with INetSim.

Recipe 7-4: Manipulating HTTP/HTTPS with Burp Suite. Recipe 7-5: Using Joe Stewart's Truman. Recipe 7-6: Preserving Physical Systems with Deep Freeze. Recipe 7-7: Cloning and Imaging Disks with FOG. Recipe 7-8: Automating FOG Tasks with the MySQL Database. 8 Automation. Recipe 8-1: Automated Malware Analysis with VirtualBox. Recipe 8-2: Working with VirtualBox Disk and Memory Images. Recipe 8-3: Automated Malware Analysis with VMware. Recipe 8-4: Capturing Packets with TShark via Python. Recipe 8-5: Collecting Network Logs with INetSim via Python. Recipe 8-6: Analyzing Memory Dumps with Volatility. Recipe 8-7: Putting all the Sandbox Pieces Together. Recipe 8-8: Automated Analysis with ZeroWine and QEMU. Recipe 8-9: Automated Analysis with Sandboxie and Buster. 9 Dynamic Analysis. Recipe 9-1: Logging API calls with Process Monitor. Recipe 9-2: Change Detection with Regshot. Recipe 9-3: Receiving File System Change Notifications. Recipe 9-4: Receiving Registry Change Notifications. Recipe 9-5: Handle Table Diffing. Recipe 9-6: Exploring Code Injection with HandleDiff. Recipe 9-7: Watching Bankpatch.C Disable Windows File Protection. Recipe 9-8: Building an API Monitor with Microsoft Detours. Recipe 9-9: Following Child Processes with Your API Monitor. Recipe 9-10: Capturing Process, Thread, and Image Load Events. Recipe 9-11: Preventing Processes from Terminating. Recipe 9-12: Preventing Malware from Deleting Files. Recipe 9-13: Preventing Drivers from Loading. Recipe 9-14: Using the Data Preservation Module. Recipe 9-15: Creating a Custom Command Shell with ReactOS. 10 Malware Forensics.

Recipe 10-1: Discovering Alternate Data Streams with TSK. Recipe 10-2: Detecting Hidden Files and Directories with TSK. Recipe 10-3: Finding Hidden Registry Data with Microsoft's Offline API. Recipe 10-4: Bypassing Poison Ivy's Locked Files. Recipe 10-5: Bypassing Conficker's File System ACL Restrictions. Recipe 10-6: Scanning for Rootkits with GMER. Recipe 10-7: Detecting HTML Injection by Inspecting IE's DOM. Recipe 10-8: Registry Forensics with RegRipper Plug-ins. Recipe 10-9: Detecting Rogue-Installed PKI Certificates. Recipe 10-10: Examining Malware that Leaks Data into the Registry. 11 Debugging Malware. Recipe 11-1: Opening and Attaching to Processes. Recipe 11-2: Configuring a JIT Debugger for Shellcode Analysis. Recipe 11-3: Getting Familiar with the Debugger GUI. Recipe 11-4: Exploring Process Memory and Resources. Recipe 11-5: Controlling Program Execution. Recipe 11-6: Setting and Catching Breakpoints. Recipe 11-7: Using Conditional Log Breakpoints. Recipe 11-8: Debugging with Python Scripts and PyCommands. Recipe 11-9: Detecting Shellcode in Binary Files. Recipe 11-10: Investigating Silentbanker's API Hooks. Recipe 11-11: Manipulating Process Memory with WinAppDbg Tools. Recipe 11-12: Designing a Python API Monitor with WinAppDbg. 12 De-Obfuscation. Recipe 12-1: Reversing XOR Algorithms in Python. Recipe 12-2: Detecting XOR Encoded Data with yaratize. Recipe 12-3: Decoding Base64 with Special Alphabets. Recipe 12-4: Isolating Encrypted Data in Packet Captures. Recipe 12-5: Finding Crypto with SnD Reverser Tool, FindCrypt, and Kanal. Recipe 12-6: Porting OpenSSL Symbols with Zynamics BinDiff. Recipe 12-7: Decrypting Data in Python with PyCrypto.

Recipe 12-8: Finding OEP in Packed Malware. Recipe 12-9: Dumping Process Memory with LordPE. Recipe 12-10: Rebuilding Import Tables with ImpREC. Recipe 12-11: Cracking Domain Generation Algorithms. Recipe 12-12: Decoding Strings with x86emu and Python. 13 Working with DLLs. Recipe 13-1: Enumerating DLL Exports. Recipe 13-2: Executing DLLs with rundll32.exe Recipe 13-3: Bypassing Host Process Restrictions. Recipe 13-4: Calling DLL Exports Remotely with rundll32ex. Recipe 13-5: Debugging DLLs with LOADDLL.EXE. Recipe 13-6: Catching Breakpoints on DLL Entry Points. Recipe 13-7: Executing DLLs as a Windows Service. Recipe 13-8: Converting DLLs to Standalone Executables. 14 Kernel Debugging. Recipe 14-1: Local Debugging with LiveKd. Recipe 14-2: Enabling the Kernel s Debug Boot Switch. Recipe 14-3: Debug a VMware Workstation Guest (on Windows). Recipe 14-4: Debug a Parallels Guest (on Mac OS X). Recipe 14-5: Introduction to WinDbg Commands And Controls. Recipe 14-6: Exploring Processes and Process Contexts. Recipe 14-7: Exploring Kernel Memory. Recipe 14-8: Catching Breakpoints on Driver Load. Recipe 14-9: Unpacking Drivers to OEP. Recipe 14-10: Dumping and Rebuilding Drivers. Recipe 14-11: Detecting Rootkits with WinDbg Scripts. Recipe 14-12: Kernel Debugging with IDA Pro. 15 Memory Forensics with Volatility. Recipe 15-1: Dumping Memory with MoonSols Windows Memory Toolkit. Recipe 15-2: Remote, Read-only Memory Acquisition with F-Response. Recipe 15-3: Accessing Virtual Machine Memory Files. Recipe 15-4: Volatility in a Nutshell.

Recipe 15-5: Investigating processes in Memory Dumps. Recipe 15-6: Detecting DKOM Attacks with psscan. Recipe 15-7: Exploring csrss.exe s Alternate Process Listings. Recipe 15-8: Recognizing Process Context Tricks. 16 Memory Forensics: Code Injection and Extraction. Recipe 16-1: Hunting Suspicious Loaded DLLs. Recipe 16-2: Detecting Unlinked DLLs with ldr_modules. Recipe 16-3: Exploring Virtual Address Descriptors (VAD). Recipe 16-4: Translating Page Protections. Recipe 16-5: Finding Artifacts in Process Memory. Recipe 16-6: Identifying Injected Code with Malfind and YARA. Recipe 16-7: Rebuilding Executable Images from Memory. Recipe 16-8: Scanning for Imported Functions with impscan. Recipe 16-9: Dumping Suspicious Kernel Modules. 17 Memory Forensics: Rootkits. Recipe 17-1: Detecting IAT Hooks. Recipe 17-2: Detecting EAT Hooks. Recipe 17-3: Detecting Inline API Hooks. Recipe 17-4: Detecting Interrupt Descriptor Table (IDT) Hooks. Recipe 17-5: Detecting Driver IRP Hooks. Recipe 17-6: Detecting SSDT Hooks. Recipe 17-7: Automating Damn Near Everything with ssdt_ex. Recipe 17-8: Finding Rootkits with Detached Kernel Threads. Recipe 17-9: Identifying System-Wide Notification Routines. Recipe 17-10: Locating Rogue Service Processes with svcscan. Recipe 17-11: Scanning for Mutex Objects with mutantscan. 18 Memory Forensics: Network and Registry. Recipe 18-1: Exploring Socket and Connection Objects. Recipe 18-2: Analyzing Network Artifacts Left by Zeus. Recipe 18-3: Detecting Attempts to Hide TCP/IP Activity. Recipe 18-4: Detecting Raw Sockets and Promiscuous NICs.

Recipe 18-5: Analyzing Registry Artifacts with Memory Registry Tools. Recipe 18-6: Sorting Keys by Last Written Timestamp. Recipe 18-7: Using Volatility with RegRipper. Index. Ordering: Order Online - http://www.researchandmarkets.com/reports/2251703/ Order by Fax - using the form below Order by Post - print the order form below and send to Research and Markets, Guinness Centre, Taylors Lane, Dublin 8, Ireland.

Page 1 of 2 Fax Order Form To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit http://www.researchandmarkets.com/contact/ Order Information Please verify that the product information is correct. Product Name: Web Address: Office Code: Malware Analyst's Cookbook and DVD. Tools and Techniques for Fighting Malicious Code http://www.researchandmarkets.com/reports/2251703/ SC Product Format Please select the product format and quantity you require: Hard Copy (Paper back): Quantity USD 108 + USD 28 Shipping/Handling * Shipping/Handling is only charged once per order. Contact Information Please enter all the information below in BLOCK CAPITALS Title: Mr Mrs Dr Miss Ms Prof First Name: Last Name: Email Address: * Job Title: Organisation: Address: City: Postal / Zip Code: Country: Phone Number: Fax Number: * Please refrain from using free email accounts when ordering (e.g. Yahoo, Hotmail, AOL)

Page 2 of 2 Payment Information Please indicate the payment method you would like to use by selecting the appropriate box. Pay by credit card: You will receive an email with a link to a secure webpage to enter your credit card details. Pay by check: Please post the check, accompanied by this form, to: Research and Markets, Guinness Center, Taylors Lane, Dublin 8, Ireland. Pay by wire transfer: Please transfer funds to: Account number 833 130 83 Sort code 98-53-30 Swift code IBAN number Bank Address ULSBIE2D IE78ULSB98533083313083 Ulster Bank, 27-35 Main Street, Blackrock, Co. Dublin, Ireland. If you have a Marketing Code please enter it below: Marketing Code: Please note that by ordering from Research and Markets you are agreeing to our Terms and Conditions at http://www.researchandmarkets.com/info/terms.asp Please fax this form to: (646) 607-1907 or (646) 964-6609 - From USA +353-1-481-1716 or +353-1-653-1571 - From Rest of World

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information