You're reading from Malware Analysis Techniques Tricks for the triage of adversarial software

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781839212277

Length 282 pages

Edition 1st Edition

Languages

Python

Tools

VMware Server

Concepts

Malware Analysis

Author (1):

Dylan Barker

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Basic Techniques

2. Chapter 1: Creating and Maintaining your Detonation Environment FREE CHAPTER

3. Chapter 2: Static Analysis – Techniques and Tooling

4. Chapter 3: Dynamic Analysis – Techniques and Tooling

5. Chapter 4: A Word on Automated Sandboxing

6. Section 2: Debugging and Anti-Analysis – Going Deep

7. Chapter 5: Advanced Static Analysis – Out of the White Noise

8. Chapter 6: Advanced Dynamic Analysis – Looking at Explosions

9. Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill

10. Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

11. Section 3: Reporting and Weaponizing Your Findings

12. Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense

13. Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK

14. Section 4: Challenge Solutions

15. Chapter 11: Challenge Solutions

16. Other Books You May Enjoy

Understanding MITRE's ATT&CK framework

The ATT&CK framework built by MITRE attempts to achieve a consistent way to describe adversarial behaviors on a network or system by breaking down and naming each stage of an attack by the goal that the attacker is trying to achieve – these are called tactics. In a moment, we'll define each of these.

Additionally, within each ATT&CK tactic, there are techniques that can be utilized to achieve this end. For instance, tactic execution – or executing a piece of malicious code – may be achieved using Windows Management Instrumentation. This would be the technique for the tactic. In this example, the full MITRE description would be Execution via Windows Management Instrumentation.

Tactics – building a kill chain

As previously described, within the ATT&CK framework, there are 10 tactics – or stages – to an attack. We'll utilize the next space to go through each of these...