You're reading from Mastering Malware Analysis A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks

Product type Paperback

Published in Sep 2022

Publisher Packt

ISBN-13 9781803240244

Length 572 pages

Edition 2nd Edition

Concepts

Malware Analysis

Authors (2):

Amr Thabet

Alexey Kleymenov

Preface

1. Part 1 Fundamental Theory

2. Chapter 1: Cybercrime, APT Attacks, and Research Strategies FREE CHAPTER

3. Chapter 2: A Crash Course in Assembly and Programming Basics

4. Part 2 Diving Deep into Windows Malware

5. Chapter 3: Basic Static and Dynamic Analysis for x86/x64

6. Chapter 4: Unpacking, Decryption, and Deobfuscation

7. Chapter 5: Inspecting Process Injection and API Hooking

8. Chapter 6: Bypassing Anti-Reverse Engineering Techniques

9. Chapter 7: Understanding Kernel-Mode Rootkits

10. Part 3 Examining Cross-Platform and Bytecode-Based Malware

11. Chapter 8: Handling Exploits and Shellcode

12. Chapter 9: Reversing Bytecode Languages – .NET, Java, and More

13. Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging

14. Part 4 Looking into IoT and Other Platforms

15. Chapter 11: Dissecting Linux and IoT Malware

16. Chapter 12: Introduction to macOS and iOS Threats

17. Chapter 13: Analyzing Android Malware Samples

18. Index

19. Other Books You May Enjoy

Exploring common behavioral patterns

Generally, all malware of the same type shares similar needs regardless of the platform, mainly the following:

It needs to get into the target system.
In many cases, it may want to achieve persistence in order to survive the reboot.
It may need to get a higher level of privileges, for example, to achieve system-wide persistence or to get access to valuable data.
In many cases, it needs to communicate with the remote system (C&C) in order to do some of the following:
- Get commands.
- Get new configurations.
- Get self-updates, as well as additional payloads.
- Upload responses, collected information, and files of interest.
It needs to actually achieve what it was actually created for.
In many cases, it may want to protect itself from being detected or analyzed.

Some malware families behave as worms do, aiming to penetrate deeper into reached networks; this behavior is commonly called lateral movement.

The implementation...

The rest of the chapter is locked