Название: Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats
Автор: Kyle Cucci
Издательство: No Starch Press
Год: 2024
Страниц: 490
Язык: английский
Формат: True/Retail (PDF EPUB)
Размер: 58.8 MB

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

We’re all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today’s malicious software and show you how to defeat them.

Following a crash course on using static and dynamic code analysis to uncover malware’s true intentions, you’ll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You’ll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You’ll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you’ll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.

You’ll learn how malware:
Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected
Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis
Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering
Detects debuggers and circumvents dynamic and static code analysis

You’ll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you’re a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today’s cyber adversaries.

Who Should Read This Book:
I wrote this book for anyone who seeks to better understand evasion techniques used by modern and advanced malware. Perhaps you’re already a malware researcher who wants to explore how malware can evade and circumvent your analysis tools and analysis lab environment. Maybe you’re a frontline incident responder seeking to better understand how to identify and detect these types of threats, or perhaps you’re a forensics analyst trying to determine how to investigate systems compromised with advanced malware. This book is for you.

This book is very technical in nature and is not a beginner’s guide to Windows malware analysis, so I assume you have at least an intermediate-level knowledge of cybersecurity principles and a basic understanding of malware analysis concepts. Ideally, you’ll also have experience reversing assembly code. If you’re new to these topics, however, have no fear: the first three chapters of this book provide a crash course in malware analysis and the fundamental concepts required to understand the later chapters of the book.

Also, I expect that you have a malware analysis lab environment set up to safely execute malware. This is very important, as all examples in this book use real malware samples. Appendix A includes a guide for setting up a hypervisor and virtual machines for safe malware analysis.