Evasive Malware: Understanding Deceptive and Self-Defending Threats

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

Dive into the fascinating and terrifying world of evasive malware--malicious software designed to avoid detection. The first of its kind, this thorough introduction is full of practical information, real-world examples, and cutting-edge techniques for discovering, reverse-engineering, and analyzing state-of-the-art malware.

Beginning with foundational knowledge about malware analysis in the context of the Windows OS, you'll learn about the evasive maneuvers that malware programs use to determine whether they're being analyzed and the tricks they employ to avoid detection. You'll explore the ways malware circumvents security controls, such as network or endpoint defense bypasses, anti-forensics techniques, and malware that deploys data and code obfuscation. At the end of the book, you'll build your very own anti-evasion analysis lab.

You'll learn:

• Modern evasive malware threats
  
• Anti-analysis techniques used in malware
  
• How malware bypasses and circumvents security controls
  
• How malware uses victim targeting and profiling techniques
  
• How malware uses anti-forensics and file-less techniques
  
• How to perform malware analysis and reverse engineering on evasive programs
  

這是一本首次出版的指南，讓您了解最先進的惡意軟體，該軟體旨在積極避免檢測和法醫工具的分析。

深入探索令人著迷且可怕的逃避式惡意軟體世界，這種惡意軟體旨在避免被檢測。這是第一本全面介紹這一主題的書籍，充滿實用信息、現實世界的例子和尖端技術，用於發現、逆向工程和分析最先進的惡意軟體。

從在Windows作業系統上進行惡意軟體分析的基礎知識開始，您將了解惡意軟體程序用於確定是否正在進行分析以及避免檢測的技巧。您將探索惡意軟體繞過安全控制的方式，例如繞過網絡或端點防禦、反法醫技術以及部署數據和代碼混淆的惡意軟體。在本書的最後，您將建立自己的反逃避分析實驗室。

您將學到以下內容：
- 現代逃避式惡意軟體威脅
- 惡意軟體中使用的反分析技術
- 惡意軟體如何繞過和繞過安全控制
- 惡意軟體如何使用受害者定位和個人化技術
- 惡意軟體如何使用反法醫和無文件技術
- 如何對逃避式程序進行惡意軟體分析和逆向工程

Kyle Cucci leads the threat analysis and forensics team at a large global financial institution, where he focuses on investigating and hunting the latest cybercrime and malware threats. He has over 15 years of experience in IT, serving various roles in malware research, threat intelligence, incident response, penetration testing, automotive security, and network administration. Kyle takes every opportunity to speak at security conferences and meet-up groups and has led international workshops in malware analysis, penetration testing, and security engineering. When not researching the latest threats, Kyle can be spotted in the wild spending time with his wife and sons or enjoying a good craft beer.

Kyle Cucci在一家大型全球金融機構領導威脅分析和取證團隊，專注於調查和追蹤最新的網絡犯罪和惡意軟體威脅。他在IT領域擁有超過15年的經驗，曾擔任惡意軟體研究、威脅情報、事件應對、滲透測試、汽車安全和網絡管理等多個職位。Kyle利用每個機會在安全會議和聚會上演講，並主持過有關惡意軟體分析、滲透測試和安全工程的國際研討會。當他不在研究最新的威脅時，你可以在野外看到他和妻子以及兒子們共度時光，或者享受一杯好的手工啤酒。