Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag United Kingdom
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Argentina
Country selected
country flag Austria
Country selected
country flag Belgium
Country selected
country flag Bulgaria
Country selected
country flag Chile
Country selected
country flag Colombia
Country selected
country flag Cyprus
Country selected
country flag Czechia
Country selected
country flag Denmark
Country selected
country flag Ecuador
Country selected
country flag Egypt
Country selected
country flag Estonia
Country selected
country flag Finland
Country selected
country flag Greece
Country selected
country flag Hungary
Country selected
country flag Indonesia
Country selected
country flag Ireland
Country selected
country flag Italy
Country selected
country flag Japan
Country selected
country flag Latvia
Country selected
country flag Lithuania
Country selected
country flag Luxembourg
Country selected
country flag Malaysia
Country selected
country flag Malta
Country selected
country flag Mexico
Country selected
country flag Netherlands
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Portugal
Country selected
country flag Romania
Country selected
country flag Singapore
Country selected
country flag Slovakia
Country selected
country flag Slovenia
Country selected
country flag South Africa
Country selected
country flag South Korea
Country selected
country flag Sweden
Country selected
country flag Switzerland
Country selected
country flag Taiwan
Country selected
country flag Thailand
Country selected
country flag Turkey
Country selected
country flag Ukraine
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Home > Security > Malware Analysis > Mastering Malware Analysis
Mastering Malware Analysis
Mastering Malware Analysis

Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks

Arrow left icon
Profile Icon Alexey Kleymenov Profile Icon Amr Thabet
Arrow right icon
€22.99 €32.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (10 Ratings)
eBook Jun 2019 562 pages 1st Edition
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Alexey Kleymenov Profile Icon Amr Thabet
Arrow right icon
€22.99 €32.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (10 Ratings)
eBook Jun 2019 562 pages 1st Edition
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Mastering Malware Analysis

Section 1: Fundamental Theory

In this section, you will be introduced to the core concepts required to successfully perform the static analysis of samples for various platforms, including the basics of architectures and assembly. While you may already have some prior knowledge of the x86 family, less common architectures, such as PowerPC or SH-4, are also extensively targeted by malware nowadays, so they shouldn't be underestimated. The following chapter is included in this section:

  • Chapter 1, A Crash Course in CISC/RISC and Programming Basics
Left arrow icon

Page 1 of 1

Right arrow icon
Download code icon Download Code

Key benefits

  • Set up and model solutions, investigate malware, and prevent it from occurring in future
  • Learn core concepts of dynamic malware analysis, memory forensics, decryption, and much more
  • A practical guide to developing innovative solutions to numerous malware incidents

Description

With the ever-growing proliferation of technology, the risk of encountering malicious code or malware has also increased. Malware analysis has become one of the most trending topics in businesses in recent years due to multiple prominent ransomware attacks. Mastering Malware Analysis explains the universal patterns behind different malicious software types and how to analyze them using a variety of approaches. You will learn how to examine malware code and determine the damage it can possibly cause to your systems to ensure that it won't propagate any further. Moving forward, you will cover all aspects of malware analysis for the Windows platform in detail. Next, you will get to grips with obfuscation and anti-disassembly, anti-debugging, as well as anti-virtual machine techniques. This book will help you deal with modern cross-platform malware. Throughout the course of this book, you will explore real-world examples of static and dynamic malware analysis, unpacking and decrypting, and rootkit detection. Finally, this book will help you strengthen your defenses and prevent malware breaches for IoT devices and mobile platforms. By the end of this book, you will have learned to effectively analyze, investigate, and build innovative solutions to handle any malware incidents.

Who is this book for?

If you are an IT security administrator, forensic analyst, or malware researcher looking to secure against malicious software or investigate malicious code, this book is for you. Prior programming experience and a fair understanding of malware attacks and investigation is expected.

What you will learn

  • Explore widely used assembly languages to strengthen your reverse-engineering skills
  • Master different executable file formats, programming languages, and relevant APIs used by attackers
  • Perform static and dynamic analysis for multiple platforms and file types
  • Get to grips with handling sophisticated malware cases
  • Understand real advanced attacks, covering all stages from infiltration to hacking the system
  • Learn to bypass anti-reverse engineering techniques

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 06, 2019
Length: 562 pages
Edition : 1st
Language : English
ISBN-13 : 9781789614879
Category :
Security
Languages :
Python
Concepts :
Malware Analysis

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning

Product Details

Publication date : Jun 06, 2019
Length: 562 pages
Edition : 1st
Language : English
ISBN-13 : 9781789614879
Category :
Security
Languages :
Python
Concepts :
Malware Analysis

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
START FREE TRIAL
BUY NOW
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW

Frequently bought together

Mastering Reverse Engineering
Mastering Reverse Engineering
Read more
Oct 2018 436 pages
Full star icon 3 (5)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €36.99
€20.98 €29.99
€36.99
Learning Malware Analysis
Learning Malware Analysis
Read more
Jun 2018 510 pages
Full star icon 4.7 (31)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Mastering Malware Analysis
Mastering Malware Analysis
Read more
Jun 2019 562 pages
Full star icon 4.5 (10)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Stars icon
Total 120.97
Mastering Reverse Engineering
€36.99
Learning Malware Analysis
€41.99
Mastering Malware Analysis
€41.99
Total 120.97 Stars icon

Table of Contents

17 Chapters
Section 1: Fundamental Theory Chevron down icon Chevron up icon
Section 1: Fundamental Theory
A Crash Course in CISC/RISC and Programming Basics Chevron down icon Chevron up icon
A Crash Course in CISC/RISC and Programming Basics
Basic concepts
Registers
Memory
Virtual memory
Stack
Branches, loops, and conditions
Exceptions, interrupts, and communicating with other devices
Assembly languages
CISC versus RISC
Types of instructions
Becoming familiar with x86 (IA-32 and x64)
Registers
Special registers
The instruction structure
opcode
dest
src
The instruction set
Data manipulation instructions
Data transfer instructions
Flow control instructions
Arguments, local variables, and calling conventions (in x86 and x64)
stdcall
Arguments
Local variables
cdecl
fastcall
thiscall
The x64 calling convention
Exploring ARM assembly
Basics
Instruction sets
Basics of MIPS
Basics
The instruction set
Diving deep into PowerPC
Basics
The instruction set
Covering the SuperH assembly
Basics
The instruction set
Working with SPARC
Basics
The instruction set
Moving from assembly to high-level programming languages
Arithmetic statements
If conditions
While loop conditions
Summary
Section 2: Diving Deep into Windows Malware Chevron down icon Chevron up icon
Section 2: Diving Deep into Windows Malware
Basic Static and Dynamic Analysis for x86/x64 Chevron down icon Chevron up icon
Basic Static and Dynamic Analysis for x86/x64
Working with the PE header structure
Why PE?
Exploring PE structure
MZ header
PE header
File header
Optional header
Data directory
Section table
PE+ (x64 PE)
PE header analysis tools
Static and dynamic linking
Static linking
Dynamic linking
Dynamic link libraries
Application programming interface
Dynamic API loading
Using PE header information for static analysis
How to use PE header for incident handling
How to use a PE header for threat intelligence
PE loading and process creation
Basic terminology
What's process?
Virtual memory to physical memory mapping
Threads
Important data structures: TIB, TEB, and PEB
Process loading step by step
PE file loading step by step
WOW64 processes
Dynamic analysis with OllyDbg/Immunity Debugger
Debugging tools
How to analyze a sample with OllyDbg
Types of breakpoints
Step into/step over breakpoint
INT3 breakpoint
Memory breakpoints
Hardware breakpoints
Modifying the program execution
Patching—modifying the program's assembly instructions
Change EFlags
Modifying the instruction pointer value
Changing the program data
Debugging malicious services
What is service?
Attaching to the service
Summary
Unpacking, Decryption, and Deobfuscation Chevron down icon Chevron up icon
Unpacking, Decryption, and Deobfuscation
Exploring packers
Exploring packing and encrypting tools
Identifying a packed sample
Technique 1 – checking PE tool static signatures
Technique 2 – evaluating PE section names
Technique 3 – using stub execution signs
Technique 4 – detecting a small import table
Automatically unpacking packed samples
Technique 1 – the official unpacking process
Technique 2 – using OllyScript with OllyDbg
Technique 3 – using generic unpackers
Technique 4 – emulation
Technique 5 – memory dumps
Manual unpacking using OllyDbg
Technique 6 – memory breakpoint on execution
Step 1 – setting the breakpoints
Step 2 – turning on Data Execution Prevention
Step 3 – preventing any further attempts to change memory permissions
Step 4 – executing and getting the OEP
Technique 7 – call stack backtracing
Step 1 – setting the breakpoints
Step 2 – following the call stack
Step 3 – reaching the OEP
Technique 8 – monitoring memory allocated spaces for unpacked code
Technique 9 – in-place unpacking
Technique 10 – stack restoration-based
Dumping the unpacked sample and fixing the import table
Dumping the process
Fixing the import table
Identifying different encryption algorithms and functions
Types of encryption algorithms
Basic encryption algorithms
How to identify encryption functions
String search detection techniques for simple algorithms
The basics of X-RAYING
Simple static encryption
Other encryption algorithms
X-RAYING tools for malware analysis and detection
Identifying the RC4 encryption algorithm
The RC4 encryption algorithm
Key-scheduling algorithm
Pseudo-random generation algorithm
Identifying RC4 algorithms in a malware sample
Standard symmetric and asymmetric encryption algorithms
Extracting information from Windows cryptography APIs
Step 1 – initializing and connecting to the cryptographic service provider (CSP)
Step 2 – preparing the key
Step 3 – encrypting or decrypting the data
Step 4 – freeing the memory
Cryptography API next generation (CNG)
Applications of encryption in modern malware – Vawtrak banking Trojan
String and API name encryption
Network communication encryption
Using IDA for decryption and unpacking
IDA tips and tricks
Static analysis
Dynamic analysis
Classic and new syntax of IDA scripts
Dynamic string decryption
Dynamic WinAPIs resolution
Summary
Inspecting Process Injection and API Hooking Chevron down icon Chevron up icon
Inspecting Process Injection and API Hooking
Understanding process injection
What's process injection?
Why process injection?
DLL injection
Windows-supported DLL injection
A simple DLL injection technique
Working with process injection
Getting the list of running processes
Code injection
Advanced code injection-reflective DLL injection
Stuxnet secret technique-process hollowing
Dynamic analysis of code injection
Technique 1—debug it where it is
Technique 2—attach to the targeted process
Technique 3—dealing with process hollowing
Memory forensics techniques for process injection
Technique 1—detecting code injection and reflective DLL injection
Technique 2—detecting process hollowing
Technique 3—detecting process hollowing using the HollowFind plugin
Understanding API hooking
Why API hooking?
Working with API hooking
Inline API hooking
Inline API hooking with trampoline
Inline API hooking with a length disassembler
Detecting API hooking using memory forensics
Exploring IAT hooking
Summary
Bypassing Anti-Reverse Engineering Techniques Chevron down icon Chevron up icon
Bypassing Anti-Reverse Engineering Techniques
Exploring debugger detection
Direct check for debugger presence
Detecting a debugger through an environment change
Detecting a debugger using parent processes
Handling debugger breakpoints evasion
Detecting software breakpoints (INT3)
Detecting single-stepping breakpoints (trap flag)
Detecting a trap flag using the SS register
Detecting single-stepping using timing techniques
Evading hardware breakpoints
What is structured exception handling?
Detecting and removing hardware breakpoints
Memory breakpoints
Escaping the debugger
Process injection
TLS callbacks
Windows events callbacks
Obfuscation and anti-disassemblers
Encryption
Junk code insertion
Code transportation
Dynamic API calling with checksum
Proxy functions and proxy argument stacking
Detecting and evading behavioral analysis tools
Finding the tool process
Searching for the tool window
Detecting sandboxes and virtual machines
Different output between virtual machines and real machines
Detecting virtualization processes and services
Detecting virtualization through registry keys
Detecting virtual machines using PowerShell
Detecting sandboxes by using default settings
Other techniques
Summary
Understanding Kernel-Mode Rootkits Chevron down icon Chevron up icon
Understanding Kernel-Mode Rootkits
Kernel mode versus user mode
Protection rings
Windows internals
The infrastructure of Windows
The execution path from user mode to kernel mode
Rootkits and device drivers
What is a rootkit?
Types of rootkits
What is a device driver?
Hooking mechanisms
SSDT hooking
Hooking the SYSENTER entry function
Modifying SSDT in an x86 environment
Modifying SSDT in an x64 environment
Hooking SSDT functions
IRP hooking
Devices and major functions
Attaching to a device
Modifying the IRP response and setting a completion routine
DKOM
The kernel objects—EPROCESS and ETHREAD
How do rootkits perform an object manipulation attack?
Process injection in kernel mode
Executing the inject code using APC queuing
KPP in x64 systems (PatchGuard)
Bypassing driver signature enforcement
Bypassing PatchGuard—the Turla example
Bypassing PatchGuard—GhostHook
Disabling PatchGuard using the Command Prompt
Static and dynamic analysis in kernel mode
Static analysis
Tools
Tips and tricks
Dynamic and behavioral analysis
Tools
Monitors
Rootkit detectors
Setting up a testing environment
Setting up the debugger
Stopping at the driver's entry point
Loading the driver
Restoring the debugging state
Summary
Section 3: Examining Cross-Platform Malware Chevron down icon Chevron up icon
Section 3: Examining Cross-Platform Malware
Handling Exploits and Shellcode Chevron down icon Chevron up icon
Handling Exploits and Shellcode
Getting familiar with vulnerabilities and exploits
Types of vulnerabilities
Stack overflow vulnerability
Heap overflow vulnerabilities
The use-after-free vulnerability
Logical vulnerabilities
Types of exploits
Cracking the shellcode
What's shellcode?
Linux shellcode in x86-64
Getting the absolute address
Null-free shellcode
Local shell shellcode
Reverse shell shellcode
Linux shellcode for ARM
Null-free shellcode
Windows shellcode
Getting the Kernel32.dll's ImageBase
Getting the required APIs from Kernel32.dll
The download and execute shellcode
Static and dynamic analysis of exploits
Analysis workflow
Shellcode analysis
Exploring bypasses for exploit mitigation technologies
Data execution prevention (DEP/NX)
Return-oriented programming
Address space layout randomization
DEP and partial ASLR
DEP and full ASLR – partial ROP and chaining multiple vulnerabilities
DEP and full ASLR – heap spray technique
Other mitigation technologies
Analyzing Microsoft Office exploits
File structures
Compound file binary format
Rich text format
Office open XML format
Static and dynamic analysis of MS Office exploits
Static analysis
Dynamic analysis
Studying malicious PDFs
File structure
Static and dynamic analysis of PDF files
Static analysis
Dynamic analysis
Summary
Reversing Bytecode Languages: .NET, Java, and More Chevron down icon Chevron up icon
Reversing Bytecode Languages: .NET, Java, and More
The basic theory of bytecode languages
Object-oriented programming
Inheritance
Polymorphism
.NET explained
.NET file structure
.NET COR20 header
Metadata streams
How to identify a .NET application from PE characteristics
The CIL language instruction set
Pushing into stack instructions
Pulling out a value from the stack
Mathematical and logical operations
Branching instructions
CIL language to higher-level languages
Local variable assignments
Local variable assignment with a method return value
Basic branching statements
Loops statements
.NET malware analysis
.NET analysis tools
Static and dynamic analysis (with Dnspy)
.NET static analysis
.NET dynamic analysis
Patching a .NET sample
Dealing with obfuscation
Obfuscated names for classes, methods, and others
Encrypted strings inside the binary
The sample is obfuscated using an obfuscator
The essentials of Visual Basic
File structure
P-code versus native code
Common p-code instructions
Dissecting Visual Basic samples
Static analysis
P-code
Native code
Dynamic analysis
P-code
Native code
The internals of Java samples
File structure
JVM instructions
Static analysis
Dynamic analysis
Dealing with anti-reverse engineering solutions
Python—script language internals
File structure
Bytecode instructions
Analyzing compiled Python
Static analysis
Dynamic analysis
Summary
Scripts and Macros: Reversing, Deobfuscation, and Debugging Chevron down icon Chevron up icon
Scripts and Macros: Reversing, Deobfuscation, and Debugging
Classic shell script languages
Windows batch scripting
Bash
VBScript explained
Basic syntax
Static and dynamic analysis
Deobfuscation
Those evil macros inside documents
Basic syntax
Static and dynamic analysis
Besides macros
The power of PowerShell
Basic syntax
Static and dynamic analysis
Handling JavaScript
Basic syntax
Static and dynamic analysis
Anti-reverse engineering tricks
Behind C and C—even malware has its own backend
Things to focus on
Static and dynamic analysis
Other script languages
Where to start from
Questions to answer
Summary
Section 4: Looking into IoT and Other Platforms Chevron down icon Chevron up icon
Section 4: Looking into IoT and Other Platforms
Dissecting Linux and IoT Malware Chevron down icon Chevron up icon
Dissecting Linux and IoT Malware
Explaining ELF files
ELF structure
System calls
Filesystem
Network
Process management
Other
Syscalls in assembly
Common anti-reverse engineering tricks
Exploring common behavioral patterns
Initial delivery and lateral movement
Persistence
Privilege escalation
Interaction with the command and control server
Attacking stage
Static and dynamic analysis of x86 (32- and 64-bit) samples
Static analysis
File type detectors
Data carving
Disassemblers
Actual tools
Engines
How to choose
Dynamic analysis
Tracers
Network monitors
Debuggers
Binary emulators
Radare2 cheat sheet
Anti-reverse engineering techniques
Learning Mirai, its clones, and more
High-level functionality
Propagation
Weaponry
Self-defense
Later derivatives
Other widespread families
Static and dynamic analysis of RISC samples
ARM
MIPS
PowerPC
SuperH
SPARC
Handling other architectures
What to start from
Summary
Introduction to macOS and iOS Threats Chevron down icon Chevron up icon
Introduction to macOS and iOS Threats
Understanding the role of the security model
macOS
Security policies
Filesystem hierarchy and encryption
Directory structure
Encryption
Apps protection
Gatekeeper
App sandbox
Other technologies
iOS
System security
Data encryption and password management
Apps' security
File formats and APIs
Mach-O
Thin
Fat
Application bundles (.app)
Info.plist
macOS
iOS
Installer packages (.pkg)
Apple disk images (.dmg)
iOS app store packages (.ipa)
APIs
Static and dynamic analyses of macOS and iOS samples
Static analysis
Retrieving samples
Disassemblers and decompilers
Auxiliary tools and libraries
Dynamic and behavioral analysis
macOS
Debuggers
Monitoring and dynamic instrumentation
Network analysis
iOS
Installers and loaders
Debuggers
Dumping and decryption
Monitors and in-memory patching
Network analysis
Attack stages
Jailbreaks on demand
Penetration
Deployment and persistence
macOS
iOS
Action phase
macOS
iOS
Other attack techniques
macOS
iOS
Advanced techniques
Anti-reverse-engineering (RE) tricks
Misusing dynamic data exchange (DDE)
User hiding
Use of AppleScript
API hijacking
Rootkits for Mac—do they exist?
Analysis workflow
Summary
Analyzing Android Malware Samples Chevron down icon Chevron up icon
Analyzing Android Malware Samples
(Ab)using Android internals
File hierarchy
Android security model
Process management
Filesystem
App permissions
Security services
Console
To root or not to root?
Understanding Dalvik and ART
Dalvik VM (DVM)
Android runtime (ART)
APIs
File formats
DEX
ODEX
OAT
VDEX
ART
ELF
APK
Bytecode set
Malware behavior patterns
Attack stages
Penetration
Deployment
Action phase
Advanced techniques—investment pays off
Patching system libraries
Keylogging
Self-defense
Rootkits—get it covered
Static and dynamic analysis of threats
Static analysis
Disassembling and data extraction
Decompiling
Dynamic analysis
Android debug bridge
Emulators
Behavioral analysis and tracing
Debuggers
Analysis workflow
Summary
Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Leave a review - let other readers know what you think

Recommendations for you

Left arrow icon
Mastering Microsoft Defender for Office 365
Mastering Microsoft Defender for Office 365
Read more
Sep 2024 426 pages
Full star icon 5 (3)
eBook
eBook
  • eBook eBook €17.99
  • Paperback Paperback €33.99
€17.99 €26.99
€33.99
IT Audit Field Manual
IT Audit Field Manual
Read more
Sep 2024 336 pages
Full star icon 5 (2)
eBook
eBook
  • eBook eBook €15.99
  • Paperback Paperback €29.99
€15.99 €23.99
€29.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Read more
Apr 2024 828 pages
Full star icon 4.8 (27)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €28.99
€22.99 €32.99
€28.99 €41.99
Resilient Cybersecurity
Resilient Cybersecurity
Read more
Sep 2024 752 pages
Full star icon 5 (6)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €25.99
€20.98 €29.99
€25.99 €37.99
Pentesting APIs
Pentesting APIs
Read more
Sep 2024 290 pages
Full star icon 5 (6)
eBook
eBook
  • eBook eBook €17.99
  • Paperback Paperback €22.99
€17.99 €26.99
€22.99 €33.99
Offensive Security Using Python
Offensive Security Using Python
Read more
Sep 2024 248 pages
Full star icon 5 (4)
eBook
eBook
  • eBook eBook €15.99
  • Paperback Paperback €20.98
€15.99 €23.99
€20.98 €29.99
Practical Cyber Hacking Skills for Beginners
Practical Cyber Hacking Skills for Beginners
Read more
Jul 2023 8hrs 23mins
Video
Video
  • Video Video €82.99
€82.99
Risk Management Excellence - NIST 800-37 Framework Training
Risk Management Excellence - NIST 800-37 Framework Training
Read more
Feb 2024 1hr 58mins
Video
Video
  • Video Video €48.99
€48.99
Cybersecurity Architecture Fundamentals
Cybersecurity Architecture Fundamentals
Read more
Jul 2023 3hrs 3mins
Video
Video
  • Video Video €82.99
€82.99
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Read more
Jan 2024 634 pages
Full star icon 4.9 (226)
Paperback
Paperback
  • Paperback Paperback €33.99
€33.99
Right arrow icon

Customer reviews

Most Recent
  • Top Reviews
  • Most Recent
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(10 Ratings)
5 star 70%
4 star 20%
3 star 0%
2 star 10%
1 star 0%
Filter icon Filter
Most Recent
  • Top Reviews
  • Most Recent

Filter reviews by

Kindle Customer Apr 08, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is excellent. Clear and concise and the topics are given in an order that really is great for following along with.
Amazon Verified review Amazon
Kindle Customer May 05, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Although I have not yet finished reading the book, I have found it to be a good balance between intermediate and advanced ideas.I would not recommend this for people with no assembly language understanding. The introductory sections covering AL are better considered as refreshers rather than primers. As someone who learned assembly on 6502 in the 80's and last touched AL on 8080's in the 90's, it was a good refresher and explained various processor architectures and approaches in just enough detail. Should a reader need more information on a specific platform, there are more than enough other reference works to provide that.Some readers and commenters have pointed out that the book has a number of typographic and grammatical errors. The version I have has some errors, but not so many as to affect the readability, and I've learned from tutors at institutes whose spelling and grammar are worse than the minimal errors I've found so far.To those inclined to complain about the errors, I would offer this advice - approach the authors with details of the errors you've found, they will welcome your input. Be part of the solution, not part of the problem.Buy this book, help support the authors, learn some good concepts and ideas.
Amazon Verified review Amazon
James S Apr 02, 2021
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
So I got electronic version of this book via a course I took. Within a few weeks of getting the book I was going on a long road trip and felt a paper copy would be easy for the trip. So I bought the book (Learning Malware Analysis) by Monnappa K.A. which is also published by Packt. So my review here will be sort of comparative.As I think about it now, the title somewhat reflects the design of the book. 'Learning Malware Analysis' may come across as first level and 'Mastering Malware Analysis' may come across as the next level. However 'Mastering Malware Analysis' can also be used by beginner and expert alike.Not sure why the authors put Assembly Programming as chapter1, that can certainly through off a beginner. Apart from that the book has good coverage on Windows internals, towards the end it covers cross-platform malware, Linux, IoT, macOS, iOS, Android etc., malware thoroughly.All-in-all, I would strongly recommend the book not only to someone interested in Malware Analysis but also those interested in the broader area of Incident Response and Threat Hunting. It will also be helpful for those looking to Reverse Engineer games.
Amazon Verified review Amazon
sgcl Mar 10, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book was excellent on both breadth and depth on malware analysis topics. It also provided the inspiring thinking beside techniques. The only regret was that the book did not provide many practical examples so a bit hard for beginner to follow. But the explanation on the complex concept was neat and clear, so it helped greatly on learning for all levels of the readers.
Amazon Verified review Amazon
Bogart Jan 16, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Beginners will find it very useful as it easy to follow. Very good reference for advanced analysts.
Amazon Verified review Amazon

People who bought this also bought

Left arrow icon
Learn Computer Forensics – 2nd edition
Learn Computer Forensics – 2nd edition
Read more
Jul 2022 434 pages
Full star icon 4.8 (63)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €27.99
  • Audiobook Audiobook €35.99
€20.98 €29.99
€27.99 €37.99
€35.99
Digital Forensics and Incident Response
Digital Forensics and Incident Response
Read more
Dec 2022 532 pages
Full star icon 4.9 (15)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
  • Audiobook Audiobook €43.99
€22.99 €32.99
€41.99
€43.99
Mastering Windows Security and Hardening
Mastering Windows Security and Hardening
Read more
Aug 2022 816 pages
Full star icon 4.8 (20)
eBook
eBook
  • eBook eBook €22.99
  • Paperback Paperback €41.99
€22.99 €32.99
€41.99
Cybersecurity – Attack and Defense Strategies, 3rd edition
Cybersecurity – Attack and Defense Strategies, 3rd edition
Read more
Sep 2022 570 pages
Full star icon 4.9 (42)
eBook
eBook
  • eBook eBook €17.99
  • Paperback Paperback €31.99
€17.99 €25.99
€31.99
Mastering Linux Security and Hardening
Mastering Linux Security and Hardening
Read more
Feb 2023 618 pages
Full star icon 4.6 (34)
eBook
eBook
  • eBook eBook €20.98
  • Paperback Paperback €37.99
€20.98 €29.99
€37.99
Right arrow icon

About the authors

Left arrow icon
Profile icon Alexey Kleymenov
Alexey Kleymenov
Alexey Kleymenov started working in the information security industry in his second year at university and now has more than 14 years of practical experience at several international cybersecurity companies. He is a malware analyst and software developer who is passionate about reverse engineering, automation, and research. Alexey has taken part in numerous investigations analyzing all types of malicious samples, has developed various systems to perform threat intelligence activities in the IT, OT, and IoT sectors, and has authored several patents. Alexey is a member of the (ISC)² organization and holds the CISSP certification. Finally, he is a founder of the RE and More project, teaching people all over the world how to perform malware analysis in the most efficient way.
Read more
See other products by Alexey Kleymenov
Profile icon Amr Thabet
Amr Thabet
LinkedIn icon Github icon
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience. He has worked in several Fortune 500 companies, including Symantec and Tenable. Currently, he is the founder of MalTrak, providing real-world in-depth training in malware analysis, incident response, threat hunting, and red teaming to help the next generation of cybersecurity enthusiasts to build their careers in cybersecurity. Amr is also a speaker and trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
Read more
See other products by Amr Thabet
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.