Evasive Malware

Informationen zum Autor Kyle Cucci has over 17 years in cybersecurity and IT, including roles as a malware analyst and detection engineer with Proofpoint's Threat Research team and leader of the forensic investigations and malware research teams at Deutsche Bank. Cucci regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Cucci enjoys contributing to the community via open source tooling, research, and blogging. Klappentext "This book is full of practical information, real-world examples, and cutting-edge techniques for discovering, reverse engineering, and analyzing state-of-the-art malware. It covers the basics in the context of the Windows operating system and details the tricks and evasive maneuvers that malware programs use to avoid detection and security controls. The book also instructs the reader on how to build their own anti-evasion analysis lab"-- Zusammenfassung Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools. We're all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today's malicious software and show you how to defeat them. Following a crash course on using static and dynamic code analysis to uncover malware's true intentions, you'll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You'll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You'll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you'll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within. You'll learn how malware: Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering Detects debuggers and circumvents dynamic and static code analysis You'll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you're a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today's cyber adversaries. Inhaltsverzeichnis Introduction Part I: The Fundamentals Chapter 1: Windows Foundational Concepts Chapter 2: A Crash Course in Malware Triage and Behavioral Analysis Chapter 3: A Crash Course in Static and Dynamic Code Analysis Part II: Context Awareness and Sandbox Evasion Chapter 4: Enumerating Operating System Artifacts Chapter 5: User Environment and Interaction Detection Chapter 6: Enumerating Hardware and Network Configurations Chapter 7: Runtime Environment and Virtual Processor Anomalies Chapter 8: Evading Sandboxes and Disrupting Analysis Part III: Anti-reversing Chapter 9: Anti-disassembly Chapter 10: Anti-debugging Chapter 11: Covert Code Execution and Misdirection<b...

Texte du rabat

"This book is full of practical information, real-world examples, and cutting-edge techniques for discovering, reverse engineering, and analyzing state-of-the-art malware. It covers the basics in the context of the Windows operating system and details the tricks and evasive maneuvers that malware programs use to avoid detection and security controls. The book also instructs the reader on how to build their own anti-evasion analysis lab"--

Résumé
Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

We’re all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today’s malicious software and show you how to defeat them.

Following a crash course on using static and dynamic code analysis to uncover malware’s true intentions, you’ll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You’ll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You’ll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you’ll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.

You’ll learn how malware:

• Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected
• Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis
• Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering
• Detects debuggers and circumvents dynamic and static code analysis
  You’ll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you’re a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today’s cyber adversaries.

Contenu
Introduction

Part I: The Fundamentals
Chapter 1: Windows Foundational Concepts
Chapter 2: A Crash Course in Malware Triage and Behavioral Analysis
Chapter 3: A Crash Course in Static and Dynamic Code Analysis

Part II: Context Awareness and Sandbox Evasion
Chapter 4: Enumerating Operating System Artifacts
Chapter 5: User Environment and Interaction Detection
Chapter 6: Enumerating Hardware and Network Configurations
Chapter 7: Runtime Environment and Virtual Processor Anomalies
Chapter 8: Evading Sandboxes and Disrupting Analysis

Part III: Anti-reversing
Chapter 9: Anti-disassembly
Chapter 10: Anti-debugging
Chapter 11: Covert Code Execution and Misdirection

Part IV: Defense Evasion
Chapter 12: Process Injection, Manipulation, and Hooking
Chapter 13: Evading Network and Endpoint Defenses
Chapter 14: An Introduction to Rootkits
Chapter 15: Fileless Malware and Anti-forensics

Part V: Other Topics
Chapter 16: Encoding and Encryption
Chapter 17: Packers and Unpacking Malware
Chapter 18: Tips for Building an Anti-evasion Analysis Lab

Appendix A: Evasion-Related Windows API Functions
Appendix B: Windows LOLbins and Example Usage
Appendix C: Further Reading