Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware (Paperback)

Mohanta, Abhijit, Saldanha, Anoop

  • 出版商: Apress
  • 出版日期: 2020-09-23
  • 售價: $2,850
  • 貴賓價: 9.5$2,708
  • 語言: 英文
  • 頁數: 914
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484261925
  • ISBN-13: 9781484261927
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Discover how the internals of malware work and how you can analyze and detect it. You will learn not only how to analyze and reverse malware, but also how to classify and categorize it, giving you insight into the intent of the malware. Malware Analysis and Detection Engineering is a one-stop guide to malware analysis that simplifies the topic by teaching you undocumented tricks used by analysts in the industry. You will be able to extend your expertise to analyze and reverse the challenges that malicious software throws at you.

The book starts with an introduction to malware analysis and reverse engineering to provide insight on the different types of malware and also the terminology used in the anti-malware industry. You will know how to set up an isolated lab environment to safely execute and analyze malware. You will learn about malware packing, code injection, and process hollowing plus how to analyze, reverse, classify, and categorize malware using static and dynamic tools. You will be able to automate your malware analysis process by exploring detection tools to modify and trace malware programs, including sandboxes, IDS/IPS, anti-virus, and Windows binary instrumentation.

The book provides comprehensive content in combination with hands-on exercises to help you dig into the details of malware dissection, giving you the confidence to tackle malware that enters your environment.

 


What You Will Learn

  • Analyze, dissect, reverse engineer, and classify malware
  • Effectively handle malware with custom packers and compilers
  • Unpack complex malware to locate vital malware components and decipher their intent
  • Use various static and dynamic malware analysis tools
  • Leverage the internals of various detection engineering tools to improve your workflow
  • Write Snort rules and learn to use them with Suricata IDS


Who This Book Is For
Security professionals, malware analysts, SOC analysts, incident responders, detection engineers, reverse engineers, and network security engineers

"This book is a beast If you're looking to master the ever-widening field of malware analysis, look no further. This is the definitive guide for you." Pedram Amini, CTO Inquest; Founder OpenRCE.org and ZeroDayInitiative

商品描述(中文翻譯)

了解惡意軟體內部運作的方式,以及如何進行分析和偵測。您將學習不僅如何分析和逆向惡意軟體,還如何對其進行分類和歸類,從而瞭解惡意軟體的意圖。《惡意軟體分析與偵測工程》是一本全面指南,通過教授業界分析師使用的未公開技巧,簡化了惡意軟體分析的主題。您將能夠擴展您的專業知識,分析和逆向惡意軟體帶給您的挑戰。

本書首先介紹惡意軟體分析和逆向工程,以提供有關不同類型惡意軟體以及反惡意軟體行業中使用的術語的見解。您將了解如何建立一個隔離的實驗環境,以安全地執行和分析惡意軟體。您將學習有關惡意軟體打包、代碼注入和進程空洞化的知識,以及如何使用靜態和動態工具進行惡意軟體的分析、逆向、分類和歸類。您將能夠通過探索檢測工具來自動化惡意軟體分析過程,包括沙箱、入侵檢測系統/入侵防禦系統、防病毒軟體和Windows二進制儀器。

本書提供了全面的內容,結合實踐練習,幫助您深入研究惡意軟體解剖的細節,讓您有信心應對進入您環境的惡意軟體。

您將學到什麼:
- 分析、解剖、逆向工程和分類惡意軟體
- 有效處理具有自定義打包器和編譯器的惡意軟體
- 解開複雜的惡意軟體,找到關鍵的惡意軟體組件並解讀其意圖
- 使用各種靜態和動態惡意軟體分析工具
- 利用各種檢測工程工具的內部機制,提高工作效率
- 撰寫Snort規則,並學習如何與Suricata IDS一起使用它們

本書適合對象:
安全專業人員、惡意軟體分析師、SOC分析師、事件應對人員、檢測工程師、逆向工程師和網絡安全工程師。

"這本書是一頭猛獸。如果您想精通日益擴大的惡意軟體分析領域,不用再找了。這是您的權威指南。" - Pedram Amini,Inquest首席技術官;OpenRCE.org和ZeroDayInitiative創始人

作者簡介

Abhijit Mohanta is an independent cybersecurity consultant and corporate trainer who has worked extensively in malware reverse engineering, vulnerability research, anti-virus engine development, anti-malware signature writing, and sandbox development. He has worked with the Symantec, McAfee, and Juniper Networks anti-malware labs. He holds several patents. He blogs regularly and has been a speaker at security conferences and workshops. His articles have been republished and quoted in a number of blogs and whitepapers, including eForensics magazine. He is also the author of the book Preventing Ransomware: Understand, Prevent, and Remediate Ransomware Attacks.

Anoop Saldanha is one of the core authors of the Suricata Intrusion Detection and Prevention System, funded by the US Department of Homeland Security (DHS). He works as an independent security consultant and as a corporate security trainer. He designs and develops various detection technologies to secure both the host and the network, ranging from network security tools such as IDS/IPS to malware sandboxes, malware analysis tools, firewalls, and endpoints. He holds multiple patents in the field of security and speaks at security conferences and workshops. He has previously worked in threat research labs and detection engineering teams at RSA Security, Juniper Networks, Cyphort Cybersecurity, and various other cybersecurity startups.

 

作者簡介(中文翻譯)

Abhijit Mohanta 是一位獨立的資訊安全顧問和企業培訓師,他在惡意軟體逆向工程、漏洞研究、防毒引擎開發、反惡意軟體簽名撰寫和沙箱開發方面有豐富的經驗。他曾在 Symantec、McAfee 和 Juniper Networks 的反惡意軟體實驗室工作,並擁有多項專利。他定期撰寫部落格文章,並在安全會議和研討會上擔任講者。他的文章曾在多個部落格和白皮書中轉載和引用,包括《eForensics》雜誌。他還是書籍《Preventing Ransomware: Understand, Prevent, and Remediate Ransomware Attacks》的作者。

Anoop Saldanha 是 Suricata 入侵檢測和防護系統的核心作者之一,該系統由美國國土安全部(DHS)資助。他是一位獨立的安全顧問和企業安全培訓師。他設計和開發各種檢測技術,以保護主機和網路安全,包括網路安全工具如入侵檢測/防護系統、惡意軟體沙箱、惡意軟體分析工具、防火牆和終端設備。他在安全領域擁有多項專利,並在安全會議和研討會上發表演講。他曾在 RSA Security、Juniper Networks、Cyphort Cybersecurity 和其他多家資訊安全初創公司的威脅研究實驗室和檢測工程團隊工作過。