Evasive Malware: Understanding Deceptive and Self-Defending Threats

Cucci, Kyle

  • 出版商: No Starch Press
  • 出版日期: 2024-09-10
  • 售價: $2,430
  • 貴賓價: 9.5$2,309
  • 語言: 英文
  • 頁數: 488
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1718503261
  • ISBN-13: 9781718503267
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

We're all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today's malicious software and show you how to defeat them.

Following a crash course on using static and dynamic code analysis to uncover malware's true intentions, you'll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You'll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You'll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you'll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.

You'll learn how malware:

  • Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected
  • Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis
  • Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering
  • Detects debuggers and circumvents dynamic and static code analysis

You'll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you're a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today's cyber adversaries.

商品描述(中文翻譯)

掌握最先進的惡意軟體分析技巧,這是首本針對設計用來主動避免檢測和取證工具的惡意 Windows 軟體的指南。

我們都知道 Stuxnet、ShadowHammer、Sunburst 以及類似的攻擊,這些攻擊利用逃避技術保持隱藏,同時防禦檢測和分析。由於這些先進威脅能夠適應,並在某些情況下自我摧毀以逃避檢測,即使是最資深的調查員有時也需要一些分析上的幫助。《Evasive Malware》將介紹當今惡意軟體使用的逃避技術,並教你如何擊敗它們。

在快速了解如何使用靜態和動態代碼分析來揭示惡意軟體的真實意圖後,你將學習惡意軟體如何利用上下文感知來檢測和避開虛擬機和沙盒,以及它用來阻撓分析工具的各種技巧。你將探索反反向工程的世界,從反反組譯方法和調試干擾到隱蔽代碼執行和誤導策略。你還將深入了解防禦逃避技術,從進程注入和 rootkits 到無文件惡意軟體。最後,你將剖析編碼、加密以及惡意軟體混淆器和打包器的複雜性,以揭示其內部的邪惡。

你將學習惡意軟體如何:
- 濫用 Windows 的合法組件,如 Windows API 和 LOLBins,以便不被檢測
- 利用環境特徵和上下文感知,如 CPU 時序和虛擬機監控器枚舉,來檢測分析嘗試
- 使用被動繞過技術,如混淆和變異,以及主動技術,如解除鉤子和篡改,來繞過網路和端點防禦
- 檢測調試器並繞過動態和靜態代碼分析

你還會找到建立惡意軟體分析實驗室的技巧,並調整它以更好地對抗惡意軟體中的反分析技術。無論你是前線防禦者、取證分析師、檢測工程師還是研究人員,《Evasive Malware》都將為你提供超越當今最隱秘的網路對手所需的知識和技能。

作者簡介

Kyle Cucci has over 17 years in cybersecurity and IT, including roles as a malware analyst and detection engineer with Proofpoint's Threat Research team and leader of the forensic investigations and malware research teams at Deutsche Bank. Cucci regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Cucci enjoys contributing to the community via open source tooling, research, and blogging.

作者簡介(中文翻譯)

Kyle Cucci 在網路安全和資訊科技領域擁有超過 17 年的經驗,包括擔任 Proofpoint 威脅研究團隊的惡意軟體分析師和檢測工程師,以及德意志銀行的取證調查和惡意軟體研究團隊的負責人。Cucci 定期在安全會議上發表演講,並主導國際培訓和研討會,主題涵蓋惡意軟體分析和安全工程等。閒暇時,Cucci 喜歡透過開源工具、研究和部落格為社群做出貢獻。