You're reading from Malware Analysis Techniques Tricks for the triage of adversarial software

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781839212277

Length 282 pages

Edition 1st Edition

Languages

Python

Tools

VMware Server

Concepts

Malware Analysis

Author (1):

Dylan Barker

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Basic Techniques

2. Chapter 1: Creating and Maintaining your Detonation Environment FREE CHAPTER

3. Chapter 2: Static Analysis – Techniques and Tooling

4. Chapter 3: Dynamic Analysis – Techniques and Tooling

5. Chapter 4: A Word on Automated Sandboxing

6. Section 2: Debugging and Anti-Analysis – Going Deep

7. Chapter 5: Advanced Static Analysis – Out of the White Noise

8. Chapter 6: Advanced Dynamic Analysis – Looking at Explosions

9. Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill

10. Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

11. Section 3: Reporting and Weaponizing Your Findings

12. Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense

13. Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK

14. Section 4: Challenge Solutions

15. Chapter 11: Challenge Solutions

16. Other Books You May Enjoy

Common tooling for IOC-based blocking

In this section, we'll discuss and list out some of the common tooling we've used. While this book also endeavors to be vendor-agnostic and to not recommend specific EDR products, we'll also list out a few of those that are in common use and include the ability to block custom indicators of compromise.

File-based IOCs:

Group Policy
EDR tooling

Network-based IOCs:

Firewalls (Cisco, Juniper, SonicWALL, Fortigate, and so on; host-based firewalls)
DNS server configurations
IPSec rules (inbound traffic – RDP, specifically)
EDR tooling
Group Policy

EDR tooling:

CrowdStrike Falcon
Microsoft Defender ATP
VMWare Carbon Black
Qualys Vulnerability Management Platform
Many more…

Obviously, in authoring this book I have biases, and it is important to do one's due diligence and select the platform that is the best fit for the organization and...