Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Checkout

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag Great Britain
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Singapore
Country selected
country flag Hungary
Country selected
country flag Ukraine
Country selected
country flag Luxembourg
Country selected
country flag Estonia
Country selected
country flag Lithuania
Country selected
country flag South Korea
Country selected
country flag Turkey
Country selected
country flag Switzerland
Country selected
country flag Colombia
Country selected
country flag Taiwan
Country selected
country flag Chile
Country selected
country flag Norway
Country selected
country flag Ecuador
Country selected
country flag Indonesia
Country selected
country flag New Zealand
Country selected
country flag Cyprus
Country selected
country flag Denmark
Country selected
country flag Finland
Country selected
country flag Poland
Country selected
country flag Malta
Country selected
country flag Czechia
Country selected
country flag Austria
Country selected
country flag Sweden
Country selected
country flag Italy
Country selected
country flag Egypt
Country selected
country flag Belgium
Country selected
country flag Portugal
Country selected
country flag Slovenia
Country selected
country flag Ireland
Country selected
country flag Romania
Country selected
country flag Greece
Country selected
country flag Argentina
Country selected
country flag Netherlands
Country selected
country flag Bulgaria
Country selected
country flag Latvia
Country selected
country flag South Africa
Country selected
country flag Malaysia
Country selected
country flag Japan
Country selected
country flag Slovakia
Country selected
country flag Philippines
Country selected
country flag Mexico
Country selected
country flag Thailand
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Home > Security > Malware Analysis > Mastering Malware Analysis
Mastering Malware Analysis
Mastering Malware Analysis

Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks

Arrow left icon
Profile Icon Alexey Kleymenov Profile Icon Amr Thabet
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (10 Ratings)
Paperback Jun 2019 562 pages 1st Edition
eBook
€8.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Alexey Kleymenov Profile Icon Amr Thabet
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (10 Ratings)
Paperback Jun 2019 562 pages 1st Edition
eBook
€8.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€8.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Mastering Malware Analysis

Section 1: Fundamental Theory

In this section, you will be introduced to the core concepts required to successfully perform the static analysis of samples for various platforms, including the basics of architectures and assembly. While you may already have some prior knowledge of the x86 family, less common architectures, such as PowerPC or SH-4, are also extensively targeted by malware nowadays, so they shouldn't be underestimated. The following chapter is included in this section:

  • Chapter 1, A Crash Course in CISC/RISC and Programming Basics
Left arrow icon

Page 1 of 1

Right arrow icon
Download code icon Download Code

Key benefits

  • Set up and model solutions, investigate malware, and prevent it from occurring in future
  • Learn core concepts of dynamic malware analysis, memory forensics, decryption, and much more
  • A practical guide to developing innovative solutions to numerous malware incidents

Description

With the ever-growing proliferation of technology, the risk of encountering malicious code or malware has also increased. Malware analysis has become one of the most trending topics in businesses in recent years due to multiple prominent ransomware attacks. Mastering Malware Analysis explains the universal patterns behind different malicious software types and how to analyze them using a variety of approaches. You will learn how to examine malware code and determine the damage it can possibly cause to your systems to ensure that it won't propagate any further. Moving forward, you will cover all aspects of malware analysis for the Windows platform in detail. Next, you will get to grips with obfuscation and anti-disassembly, anti-debugging, as well as anti-virtual machine techniques. This book will help you deal with modern cross-platform malware. Throughout the course of this book, you will explore real-world examples of static and dynamic malware analysis, unpacking and decrypting, and rootkit detection. Finally, this book will help you strengthen your defenses and prevent malware breaches for IoT devices and mobile platforms. By the end of this book, you will have learned to effectively analyze, investigate, and build innovative solutions to handle any malware incidents.

Who is this book for?

If you are an IT security administrator, forensic analyst, or malware researcher looking to secure against malicious software or investigate malicious code, this book is for you. Prior programming experience and a fair understanding of malware attacks and investigation is expected.

What you will learn

  • Explore widely used assembly languages to strengthen your reverse-engineering skills
  • Master different executable file formats, programming languages, and relevant APIs used by attackers
  • Perform static and dynamic analysis for multiple platforms and file types
  • Get to grips with handling sophisticated malware cases
  • Understand real advanced attacks, covering all stages from infiltration to hacking the system
  • Learn to bypass anti-reverse engineering techniques

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 06, 2019
Length: 562 pages
Edition : 1st
Language : English
ISBN-13 : 9781789610789
Category :
Security
Languages :
Python
Concepts :
Malware Analysis

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 06, 2019
Length: 562 pages
Edition : 1st
Language : English
ISBN-13 : 9781789610789
Category :
Security
Languages :
Python
Concepts :
Malware Analysis

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
START FREE TRIAL
BUY NOW
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW

Frequently bought together

Mastering Reverse Engineering
Mastering Reverse Engineering
Read more
Oct 2018 436 pages
Full star icon 3 (5)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €36.99
€8.99 €29.99
€36.99
Learning Malware Analysis
Learning Malware Analysis
Read more
Jun 2018 510 pages
Full star icon 4.7 (31)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
Mastering Malware Analysis
Mastering Malware Analysis
Read more
Jun 2019 562 pages
Full star icon 4.5 (10)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
Stars icon
Total 120.97
Mastering Reverse Engineering
€36.99
Learning Malware Analysis
€41.99
Mastering Malware Analysis
€41.99
Total 120.97 Stars icon
Banner background image

Table of Contents

17 Chapters
Section 1: Fundamental Theory Chevron down icon Chevron up icon
Section 1: Fundamental Theory
A Crash Course in CISC/RISC and Programming Basics Chevron down icon Chevron up icon
A Crash Course in CISC/RISC and Programming Basics
Basic concepts
Registers
Memory
Virtual memory
Stack
Branches, loops, and conditions
Exceptions, interrupts, and communicating with other devices
Assembly languages
CISC versus RISC
Types of instructions
Becoming familiar with x86 (IA-32 and x64)
Registers
Special registers
The instruction structure
opcode
dest
src
The instruction set
Data manipulation instructions
Data transfer instructions
Flow control instructions
Arguments, local variables, and calling conventions (in x86 and x64)
stdcall
Arguments
Local variables
cdecl
fastcall
thiscall
The x64 calling convention
Exploring ARM assembly
Basics
Instruction sets
Basics of MIPS
Basics
The instruction set
Diving deep into PowerPC
Basics
The instruction set
Covering the SuperH assembly
Basics
The instruction set
Working with SPARC
Basics
The instruction set
Moving from assembly to high-level programming languages
Arithmetic statements
If conditions
While loop conditions
Summary
Section 2: Diving Deep into Windows Malware Chevron down icon Chevron up icon
Section 2: Diving Deep into Windows Malware
Basic Static and Dynamic Analysis for x86/x64 Chevron down icon Chevron up icon
Basic Static and Dynamic Analysis for x86/x64
Working with the PE header structure
Why PE?
Exploring PE structure
MZ header
PE header
File header
Optional header
Data directory
Section table
PE+ (x64 PE)
PE header analysis tools
Static and dynamic linking
Static linking
Dynamic linking
Dynamic link libraries
Application programming interface
Dynamic API loading
Using PE header information for static analysis
How to use PE header for incident handling
How to use a PE header for threat intelligence
PE loading and process creation
Basic terminology
What's process?
Virtual memory to physical memory mapping
Threads
Important data structures: TIB, TEB, and PEB
Process loading step by step
PE file loading step by step
WOW64 processes
Dynamic analysis with OllyDbg/Immunity Debugger
Debugging tools
How to analyze a sample with OllyDbg
Types of breakpoints
Step into/step over breakpoint
INT3 breakpoint
Memory breakpoints
Hardware breakpoints
Modifying the program execution
Patching—modifying the program's assembly instructions
Change EFlags
Modifying the instruction pointer value
Changing the program data
Debugging malicious services
What is service?
Attaching to the service
Summary
Unpacking, Decryption, and Deobfuscation Chevron down icon Chevron up icon
Unpacking, Decryption, and Deobfuscation
Exploring packers
Exploring packing and encrypting tools
Identifying a packed sample
Technique 1 – checking PE tool static signatures
Technique 2 – evaluating PE section names
Technique 3 – using stub execution signs
Technique 4 – detecting a small import table
Automatically unpacking packed samples
Technique 1 – the official unpacking process
Technique 2 – using OllyScript with OllyDbg
Technique 3 – using generic unpackers
Technique 4 – emulation
Technique 5 – memory dumps
Manual unpacking using OllyDbg
Technique 6 – memory breakpoint on execution
Step 1 – setting the breakpoints
Step 2 – turning on Data Execution Prevention
Step 3 – preventing any further attempts to change memory permissions
Step 4 – executing and getting the OEP
Technique 7 – call stack backtracing
Step 1 – setting the breakpoints
Step 2 – following the call stack
Step 3 – reaching the OEP
Technique 8 – monitoring memory allocated spaces for unpacked code
Technique 9 – in-place unpacking
Technique 10 – stack restoration-based
Dumping the unpacked sample and fixing the import table
Dumping the process
Fixing the import table
Identifying different encryption algorithms and functions
Types of encryption algorithms
Basic encryption algorithms
How to identify encryption functions
String search detection techniques for simple algorithms
The basics of X-RAYING
Simple static encryption
Other encryption algorithms
X-RAYING tools for malware analysis and detection
Identifying the RC4 encryption algorithm
The RC4 encryption algorithm
Key-scheduling algorithm
Pseudo-random generation algorithm
Identifying RC4 algorithms in a malware sample
Standard symmetric and asymmetric encryption algorithms
Extracting information from Windows cryptography APIs
Step 1 – initializing and connecting to the cryptographic service provider (CSP)
Step 2 – preparing the key
Step 3 – encrypting or decrypting the data
Step 4 – freeing the memory
Cryptography API next generation (CNG)
Applications of encryption in modern malware – Vawtrak banking Trojan
String and API name encryption
Network communication encryption
Using IDA for decryption and unpacking
IDA tips and tricks
Static analysis
Dynamic analysis
Classic and new syntax of IDA scripts
Dynamic string decryption
Dynamic WinAPIs resolution
Summary
Inspecting Process Injection and API Hooking Chevron down icon Chevron up icon
Inspecting Process Injection and API Hooking
Understanding process injection
What's process injection?
Why process injection?
DLL injection
Windows-supported DLL injection
A simple DLL injection technique
Working with process injection
Getting the list of running processes
Code injection
Advanced code injection-reflective DLL injection
Stuxnet secret technique-process hollowing
Dynamic analysis of code injection
Technique 1—debug it where it is
Technique 2—attach to the targeted process
Technique 3—dealing with process hollowing
Memory forensics techniques for process injection
Technique 1—detecting code injection and reflective DLL injection
Technique 2—detecting process hollowing
Technique 3—detecting process hollowing using the HollowFind plugin
Understanding API hooking
Why API hooking?
Working with API hooking
Inline API hooking
Inline API hooking with trampoline
Inline API hooking with a length disassembler
Detecting API hooking using memory forensics
Exploring IAT hooking
Summary
Bypassing Anti-Reverse Engineering Techniques Chevron down icon Chevron up icon
Bypassing Anti-Reverse Engineering Techniques
Exploring debugger detection
Direct check for debugger presence
Detecting a debugger through an environment change
Detecting a debugger using parent processes
Handling debugger breakpoints evasion
Detecting software breakpoints (INT3)
Detecting single-stepping breakpoints (trap flag)
Detecting a trap flag using the SS register
Detecting single-stepping using timing techniques
Evading hardware breakpoints
What is structured exception handling?
Detecting and removing hardware breakpoints
Memory breakpoints
Escaping the debugger
Process injection
TLS callbacks
Windows events callbacks
Obfuscation and anti-disassemblers
Encryption
Junk code insertion
Code transportation
Dynamic API calling with checksum
Proxy functions and proxy argument stacking
Detecting and evading behavioral analysis tools
Finding the tool process
Searching for the tool window
Detecting sandboxes and virtual machines
Different output between virtual machines and real machines
Detecting virtualization processes and services
Detecting virtualization through registry keys
Detecting virtual machines using PowerShell
Detecting sandboxes by using default settings
Other techniques
Summary
Understanding Kernel-Mode Rootkits Chevron down icon Chevron up icon
Understanding Kernel-Mode Rootkits
Kernel mode versus user mode
Protection rings
Windows internals
The infrastructure of Windows
The execution path from user mode to kernel mode
Rootkits and device drivers
What is a rootkit?
Types of rootkits
What is a device driver?
Hooking mechanisms
SSDT hooking
Hooking the SYSENTER entry function
Modifying SSDT in an x86 environment
Modifying SSDT in an x64 environment
Hooking SSDT functions
IRP hooking
Devices and major functions
Attaching to a device
Modifying the IRP response and setting a completion routine
DKOM
The kernel objects—EPROCESS and ETHREAD
How do rootkits perform an object manipulation attack?
Process injection in kernel mode
Executing the inject code using APC queuing
KPP in x64 systems (PatchGuard)
Bypassing driver signature enforcement
Bypassing PatchGuard—the Turla example
Bypassing PatchGuard—GhostHook
Disabling PatchGuard using the Command Prompt
Static and dynamic analysis in kernel mode
Static analysis
Tools
Tips and tricks
Dynamic and behavioral analysis
Tools
Monitors
Rootkit detectors
Setting up a testing environment
Setting up the debugger
Stopping at the driver's entry point
Loading the driver
Restoring the debugging state
Summary
Section 3: Examining Cross-Platform Malware Chevron down icon Chevron up icon
Section 3: Examining Cross-Platform Malware
Handling Exploits and Shellcode Chevron down icon Chevron up icon
Handling Exploits and Shellcode
Getting familiar with vulnerabilities and exploits
Types of vulnerabilities
Stack overflow vulnerability
Heap overflow vulnerabilities
The use-after-free vulnerability
Logical vulnerabilities
Types of exploits
Cracking the shellcode
What's shellcode?
Linux shellcode in x86-64
Getting the absolute address
Null-free shellcode
Local shell shellcode
Reverse shell shellcode
Linux shellcode for ARM
Null-free shellcode
Windows shellcode
Getting the Kernel32.dll's ImageBase
Getting the required APIs from Kernel32.dll
The download and execute shellcode
Static and dynamic analysis of exploits
Analysis workflow
Shellcode analysis
Exploring bypasses for exploit mitigation technologies
Data execution prevention (DEP/NX)
Return-oriented programming
Address space layout randomization
DEP and partial ASLR
DEP and full ASLR – partial ROP and chaining multiple vulnerabilities
DEP and full ASLR – heap spray technique
Other mitigation technologies
Analyzing Microsoft Office exploits
File structures
Compound file binary format
Rich text format
Office open XML format
Static and dynamic analysis of MS Office exploits
Static analysis
Dynamic analysis
Studying malicious PDFs
File structure
Static and dynamic analysis of PDF files
Static analysis
Dynamic analysis
Summary
Reversing Bytecode Languages: .NET, Java, and More Chevron down icon Chevron up icon
Reversing Bytecode Languages: .NET, Java, and More
The basic theory of bytecode languages
Object-oriented programming
Inheritance
Polymorphism
.NET explained
.NET file structure
.NET COR20 header
Metadata streams
How to identify a .NET application from PE characteristics
The CIL language instruction set
Pushing into stack instructions
Pulling out a value from the stack
Mathematical and logical operations
Branching instructions
CIL language to higher-level languages
Local variable assignments
Local variable assignment with a method return value
Basic branching statements
Loops statements
.NET malware analysis
.NET analysis tools
Static and dynamic analysis (with Dnspy)
.NET static analysis
.NET dynamic analysis
Patching a .NET sample
Dealing with obfuscation
Obfuscated names for classes, methods, and others
Encrypted strings inside the binary
The sample is obfuscated using an obfuscator
The essentials of Visual Basic
File structure
P-code versus native code
Common p-code instructions
Dissecting Visual Basic samples
Static analysis
P-code
Native code
Dynamic analysis
P-code
Native code
The internals of Java samples
File structure
JVM instructions
Static analysis
Dynamic analysis
Dealing with anti-reverse engineering solutions
Python—script language internals
File structure
Bytecode instructions
Analyzing compiled Python
Static analysis
Dynamic analysis
Summary
Scripts and Macros: Reversing, Deobfuscation, and Debugging Chevron down icon Chevron up icon
Scripts and Macros: Reversing, Deobfuscation, and Debugging
Classic shell script languages
Windows batch scripting
Bash
VBScript explained
Basic syntax
Static and dynamic analysis
Deobfuscation
Those evil macros inside documents
Basic syntax
Static and dynamic analysis
Besides macros
The power of PowerShell
Basic syntax
Static and dynamic analysis
Handling JavaScript
Basic syntax
Static and dynamic analysis
Anti-reverse engineering tricks
Behind C and C—even malware has its own backend
Things to focus on
Static and dynamic analysis
Other script languages
Where to start from
Questions to answer
Summary
Section 4: Looking into IoT and Other Platforms Chevron down icon Chevron up icon
Section 4: Looking into IoT and Other Platforms
Dissecting Linux and IoT Malware Chevron down icon Chevron up icon
Dissecting Linux and IoT Malware
Explaining ELF files
ELF structure
System calls
Filesystem
Network
Process management
Other
Syscalls in assembly
Common anti-reverse engineering tricks
Exploring common behavioral patterns
Initial delivery and lateral movement
Persistence
Privilege escalation
Interaction with the command and control server
Attacking stage
Static and dynamic analysis of x86 (32- and 64-bit) samples
Static analysis
File type detectors
Data carving
Disassemblers
Actual tools
Engines
How to choose
Dynamic analysis
Tracers
Network monitors
Debuggers
Binary emulators
Radare2 cheat sheet
Anti-reverse engineering techniques
Learning Mirai, its clones, and more
High-level functionality
Propagation
Weaponry
Self-defense
Later derivatives
Other widespread families
Static and dynamic analysis of RISC samples
ARM
MIPS
PowerPC
SuperH
SPARC
Handling other architectures
What to start from
Summary
Introduction to macOS and iOS Threats Chevron down icon Chevron up icon
Introduction to macOS and iOS Threats
Understanding the role of the security model
macOS
Security policies
Filesystem hierarchy and encryption
Directory structure
Encryption
Apps protection
Gatekeeper
App sandbox
Other technologies
iOS
System security
Data encryption and password management
Apps' security
File formats and APIs
Mach-O
Thin
Fat
Application bundles (.app)
Info.plist
macOS
iOS
Installer packages (.pkg)
Apple disk images (.dmg)
iOS app store packages (.ipa)
APIs
Static and dynamic analyses of macOS and iOS samples
Static analysis
Retrieving samples
Disassemblers and decompilers
Auxiliary tools and libraries
Dynamic and behavioral analysis
macOS
Debuggers
Monitoring and dynamic instrumentation
Network analysis
iOS
Installers and loaders
Debuggers
Dumping and decryption
Monitors and in-memory patching
Network analysis
Attack stages
Jailbreaks on demand
Penetration
Deployment and persistence
macOS
iOS
Action phase
macOS
iOS
Other attack techniques
macOS
iOS
Advanced techniques
Anti-reverse-engineering (RE) tricks
Misusing dynamic data exchange (DDE)
User hiding
Use of AppleScript
API hijacking
Rootkits for Mac—do they exist?
Analysis workflow
Summary
Analyzing Android Malware Samples Chevron down icon Chevron up icon
Analyzing Android Malware Samples
(Ab)using Android internals
File hierarchy
Android security model
Process management
Filesystem
App permissions
Security services
Console
To root or not to root?
Understanding Dalvik and ART
Dalvik VM (DVM)
Android runtime (ART)
APIs
File formats
DEX
ODEX
OAT
VDEX
ART
ELF
APK
Bytecode set
Malware behavior patterns
Attack stages
Penetration
Deployment
Action phase
Advanced techniques—investment pays off
Patching system libraries
Keylogging
Self-defense
Rootkits—get it covered
Static and dynamic analysis of threats
Static analysis
Disassembling and data extraction
Decompiling
Dynamic analysis
Android debug bridge
Emulators
Behavioral analysis and tracing
Debuggers
Analysis workflow
Summary
Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Leave a review - let other readers know what you think

Recommendations for you

Left arrow icon
Microsoft Intune Cookbook
Microsoft Intune Cookbook
Read more
Jan 2024 574 pages
Full star icon 5 (15)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €33.99
€8.99 €26.99
€33.99
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
Jun 2024 390 pages
Full star icon 4.3 (9)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
Mastering Linux Security and Hardening
Mastering Linux Security and Hardening
Read more
Feb 2023 618 pages
Full star icon 4.6 (34)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €37.99
€8.99 €29.99
€37.99
The Ultimate Linux Shell Scripting Guide
The Ultimate Linux Shell Scripting Guide
Read more
Oct 2024 696 pages
Full star icon 5 (1)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
Microsoft 365 Administration Cookbook
Microsoft 365 Administration Cookbook
Read more
Nov 2024 516 pages
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €33.99
€8.99 €26.99
€33.99
Mastering Microsoft Intune
Mastering Microsoft Intune
Read more
Mar 2024 822 pages
Full star icon 4.6 (26)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Read more
Apr 2024 828 pages
Full star icon 4.8 (27)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
CISA – Certified Information Systems Auditor Study Guide
CISA – Certified Information Systems Auditor Study Guide
Read more
Oct 2024 356 pages
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €37.99
€8.99 €29.99
€37.99
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Read more
Jan 2024 634 pages
Full star icon 4.9 (226)
Paperback
Paperback
  • Paperback Paperback €33.99
€33.99
The Software Developer's Guide to Linux
The Software Developer's Guide to Linux
Read more
Jan 2024 300 pages
Full star icon 4.8 (24)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €29.99
€8.99 €23.99
€29.99
Right arrow icon

Customer reviews

Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(10 Ratings)
5 star 70%
4 star 20%
3 star 0%
2 star 10%
1 star 0%
Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent

Filter reviews by

Amazon Customer Sep 29, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The best book available for mastering Malware Analysis. It helped me a lot for strengthening my skills. A little bit complex but really helpful and recommend to all.
Amazon Verified review Amazon
Anthony Richardson Aug 02, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Currently going through book while taking the Malware Analyst’s Mindset course by Amr Thabet. Both the book and course have been informative thus far. Fills a lot of the holes left after reading books like Practical Malware Analysis and Malware analysts cookbook.
Amazon Verified review Amazon
Kindle Customer Apr 08, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is excellent. Clear and concise and the topics are given in an order that really is great for following along with.
Amazon Verified review Amazon
Bogart Jan 16, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Beginners will find it very useful as it easy to follow. Very good reference for advanced analysts.
Amazon Verified review Amazon
Kindle Customer May 05, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Although I have not yet finished reading the book, I have found it to be a good balance between intermediate and advanced ideas.I would not recommend this for people with no assembly language understanding. The introductory sections covering AL are better considered as refreshers rather than primers. As someone who learned assembly on 6502 in the 80's and last touched AL on 8080's in the 90's, it was a good refresher and explained various processor architectures and approaches in just enough detail. Should a reader need more information on a specific platform, there are more than enough other reference works to provide that.Some readers and commenters have pointed out that the book has a number of typographic and grammatical errors. The version I have has some errors, but not so many as to affect the readability, and I've learned from tutors at institutes whose spelling and grammar are worse than the minimal errors I've found so far.To those inclined to complain about the errors, I would offer this advice - approach the authors with details of the errors you've found, they will welcome your input. Be part of the solution, not part of the problem.Buy this book, help support the authors, learn some good concepts and ideas.
Amazon Verified review Amazon

People who bought this also bought

Left arrow icon
Learn Computer Forensics – 2nd edition
Learn Computer Forensics – 2nd edition
Read more
Jul 2022 434 pages
Full star icon 4.8 (63)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €37.99
  • Audiobook Audiobook €8.99
€8.99 €29.99
€37.99
€8.99 €35.99
Digital Forensics and Incident Response
Digital Forensics and Incident Response
Read more
Dec 2022 532 pages
Full star icon 4.9 (15)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
  • Audiobook Audiobook €8.99
€8.99 €32.99
€41.99
€8.99 €43.99
Mastering Windows Security and Hardening
Mastering Windows Security and Hardening
Read more
Aug 2022 816 pages
Full star icon 4.8 (20)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €41.99
€8.99 €32.99
€41.99
Cybersecurity – Attack and Defense Strategies, 3rd edition
Cybersecurity – Attack and Defense Strategies, 3rd edition
Read more
Sep 2022 570 pages
Full star icon 4.9 (42)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €31.99
€8.99 €25.99
€31.99
Mastering Linux Security and Hardening
Mastering Linux Security and Hardening
Read more
Feb 2023 618 pages
Full star icon 4.6 (34)
eBook
eBook
  • eBook eBook €8.99
  • Paperback Paperback €37.99
€8.99 €29.99
€37.99
Right arrow icon

About the authors

Left arrow icon
Profile icon Alexey Kleymenov
Alexey Kleymenov
Alexey Kleymenov started working in the information security industry in his second year at university and now has more than 14 years of practical experience at several international cybersecurity companies. He is a malware analyst and software developer who is passionate about reverse engineering, automation, and research. Alexey has taken part in numerous investigations analyzing all types of malicious samples, has developed various systems to perform threat intelligence activities in the IT, OT, and IoT sectors, and has authored several patents. Alexey is a member of the (ISC)² organization and holds the CISSP certification. Finally, he is a founder of the RE and More project, teaching people all over the world how to perform malware analysis in the most efficient way.
Read more
See other products by Alexey Kleymenov
Profile icon Amr Thabet
Amr Thabet
LinkedIn icon Github icon
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience. He has worked in several Fortune 500 companies, including Symantec and Tenable. Currently, he is the founder of MalTrak, providing real-world in-depth training in malware analysis, incident response, threat hunting, and red teaming to help the next generation of cybersecurity enthusiasts to build their careers in cybersecurity. Amr is also a speaker and trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
Read more
See other products by Amr Thabet
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.