You're reading from Learning Malware Analysis Explore the concepts, tools, and techniques to analyze and investigate Windows malware

Product type Paperback

Published in Jun 2018

Publisher

ISBN-13 9781788392501

Length 510 pages

Edition 1st Edition

Concepts

Malware Analysis

Author (1):

Monnappa K A

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Malware Analysis FREE CHAPTER

2. Static Analysis

3. Dynamic Analysis

4. Assembly Language and Disassembly Primer

5. Disassembly Using IDA

6. Debugging Malicious Binaries

7. Malware Functionalities and Persistence

8. Code Injection and Hooking

9. Malware Obfuscation Techniques

10. Hunting Malware Using Memory Forensics

11. Detecting Advanced Malware Using Memory Forensics

12. Other Books You May Enjoy

Leave a review - let other readers know what you think

Summary

Malware authors use various advanced techniques to install their kernel driver and to bypass Windows security mechanisms. Once the kernel driver is installed, it can modify the system components or third-party drivers to bypass, deflect, and divert your forensic analysis. In this chapter, you looked at some of the most common rootkit techniques and we saw how to detect such techniques using memory forensics. Memory forensics is a powerful technique, and using it as part of your malware analysis efforts will greatly help you understand adversary tactics. Malware authors frequently come up with new ways to hide their malicious component, so it is not enough just to know how to use the tools; it becomes important to understand the underlying concepts to recognize the efforts by the attackers to bypass the forensic tools.

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Monnappa K A

Monnappa K A works for Cisco Systems as an information security investigator focusing on threat intelligence and the investigation of advanced cyber attacks. He is a member of the Black Hat review board, the creator of Limon Linux sandbox, the winner of the Volatility plugin contest 2016, and the co-founder of the Cysinfo cybersecurity research community. He has presented and conducted training sessions at various security conferences including Black Hat, FIRST, OPCDE, and DSCI. He regularly conducts training at the Black Hat Security Conference in USA, Asia, and Europe.

See other products by Monnappa K A