What this book covers
Chapter 1, Cybercrime, APT Attacks, and Research Strategies, dives into various types of attacks and associated malware, giving you an idea about attack stages and the logic behind them. In addition, we will learn different approaches and technologies that are universal to all platforms and help malware analysts do their jobs.
Chapter 2, A Crash Course in Assembly and Programming Basics, covers the basics of the most widely used architectures, from the well-known x86 and x64 Instruction Set Architectures (ISAs) to solutions powering multiple mobile and Internet of Things (IoT) devices that are often misused by malware families.
Chapter 3, Basic Static and Dynamic Analysis for x86/x64, covers the core fundamentals that you need to know in order to reverse engineer 32-bit and 64-bit malware on the Windows platform, focusing on file formats and basic concepts of static and dynamic analysis.
Chapter 4, Unpacking, Decryption, and Deobfuscation, teaches you how to identify packed samples, how to unpack them, how to deal with different encryption algorithms—from simple ones, such as sliding key encryption, to more complex algorithms, such as 3DES, AES, and RSA—and how to deal with API encryption, string encryption, and network traffic encryption.
Chapter 5, Inspecting Process Injection and API Hooking, explores various process injection techniques, including DLL injection and process hollowing (an advanced technique that was introduced by Stuxnet), and explains how to deal with them. Later, we will look at API hooking, IAT hooking, and other hooking techniques that are used by malware authors and how to handle them.
Chapter 6, Bypassing Anti-Reverse Engineering Techniques, covers various anti-reverse engineering techniques that malware authors use to protect their code against analysis. We will familiarize ourselves with various approaches, from detecting the debugger and other analysis tools to VM detection, even covering attacking anti-malware tools and products.
Chapter 7, Understanding Kernel-Mode Rootkits, digs deeper into the Windows kernel and its internal structure and mechanisms. We will cover different techniques used by malware authors to hide the presence of their malware from users and antivirus products.
Chapter 8, Handling Exploits and Shellcode, looks at the common types of vulnerabilities, the functions of shellcode and the various ways it can be implemented, exploit mitigation techniques and how attackers try to bypass them, and how to analyze MS Office and PDF malware.
Chapter 9, Reversing Bytecode Languages – .NET, Java, and More, looks at how the beauty of cross-platform compiled programs is in their flexibility, as you don’t need to port each program to different systems. In this chapter, we will take a look at how malware authors leverage these advantages for evil purposes and learn how to perform quick and efficient analyses of such samples.
Chapter 10, Scripts and Macros – Reversing, Deobfuscation, and Debugging, focuses on analyzing all types of malicious scripts, including but not limited to Batch and Bash, PowerShell, VBS, JavaScript, and different types of MS Office macros.
Chapter 11, Dissecting Linux and IoT Malware, focuses on malware for Linux and Unix-like systems. We will cover file formats that are used on these systems, go through various static and dynamic analysis techniques, and explain malware’s behavior using real-world examples.
Chapter 12, Introduction to macOS and iOS Threats, looks at various threats that target the users of macOS and iOS and explores how to analyze them.
Chapter 13, Analyzing Android Malware Samples, dives into the internals of the most popular mobile operating system in the world, explores existing and potential attack vectors, and provides detailed guidelines on how to analyze malware targeting Android users.
