Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Reviews

1. Section 1: Basic Techniques

2. Chapter 1: Creating and Maintaining your Detonation Environment FREE CHAPTER

• Technical requirements
• Setting up VirtualBox with Windows 10
• Installing the FLARE VM package
• Isolating your environment
• Maintenance and snapshotting
• Summary

3. Chapter 2: Static Analysis – Techniques and Tooling

• Technical requirements
• The basics – hashing
• Avoiding rediscovery of the wheel
• Getting fuzzy
• Picking up the pieces
• Challenges
• Summary
• Further reading

4. Chapter 3: Dynamic Analysis – Techniques and Tooling

• Technical requirements
• Detonating your malware
• Discovering enumeration by the enemy
• Case study – Dharma
• Discovering persistence mechanisms
• Using PowerShell for triage
• Persistence identification
• Checking user logons
• Locating secondary stages
• Examining NTFS (NT File System) alternate data streams
• Challenge
• Summary

5. Chapter 4: A Word on Automated Sandboxing

• Technical requirements
• Using HybridAnalysis
• Using Any.Run
• Installing and using Cuckoo Sandbox
• Shortcomings of automated analysis tools
• Challenge
• Summary

6. Section 2: Debugging and Anti-Analysis – Going Deep

7. Chapter 5: Advanced Static Analysis – Out of the White Noise

• Technical requirements
• Dissecting the PE file format
• Examining packed files and packers
• Utilizing NSA's Ghidra for static analysis
• Challenge
• Summary
• Further reading

8. Chapter 6: Advanced Dynamic Analysis – Looking at Explosions

• Technical requirements
• Monitoring malicious processes
• Network-based deception
• Hiding in plain sight
• Case study – TrickBot
• Challenge
• Summary

9. Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill

• Technical requirements
• Leveraging API calls to understand malicious capabilities
• Identifying anti-analysis techniques
• Tackling packed samples
• Challenge
• Summary

10. Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

• Technical requirements
• Identifying obfuscation techniques
• Deobfuscating malicious VBS scripts
• Deobfuscating malicious PowerShell scripts
• A word on obfuscation and de-obfuscation tools
• Challenges
• Summary

11. Section 3: Reporting and Weaponizing Your Findings

12. Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense

• Technical requirements
• Hashing prevention
• Behavioral prevention
• Network IOCs – blocking at the perimeter
• Common tooling for IOC-based blocking
• Challenge
• Summary

13. Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK

• Technical requirements
• Understanding MITRE's ATT&CK framework
• Case study: Andromeda
• Utilizing MITRE ATT&CK for C-level reporting
• Challenge
• Summary
• Further reading

14. Section 4: Challenge Solutions

15. Chapter 11: Challenge Solutions

• Chapter 3 – Dynamic Analysis – Techniques and Tooling
• Chapter 4 – A Word on Automated Sandboxing
• Chapter 5 – Advanced Static Analysis – Out of the White Noise
• Chapter 6 – Advanced Dynamic Analysis – Looking at Explosions
• Chapter 7 – Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill
• Chapter 8 – De-Obfuscating Malicious Scripts – Putting the Toothpaste Back in the Tube
• Chapter 9 – The Reverse Card – Weaponization of IOCs and OSINT for Defense
• Chapter 10 – Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK
• Summary
• Why subscribe?

16. Other Books You May Enjoy

• Packt is searching for authors like you
• Leave a review - let other readers know what you think