Learning Linux Binary Analysis (Paperback)

Ryan "elfmaster" O'Neill

  • 出版商: Packt Publishing
  • 出版日期: 2016-02-29
  • 定價: $1,800
  • 售價: 9.5$1,710
  • 語言: 英文
  • 頁數: 282
  • 裝訂: Paperback
  • ISBN: 1782167102
  • ISBN-13: 9781782167105
  • 相關分類: Linux
  • 相關翻譯: Linux 二進制分析 (簡中版)
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Key Features

  • Grasp the intricacies of the ELF binary format of UNIX and Linux
  • Design tools for reverse engineering and binary forensic analysis
  • Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes

Book Description

Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more.

This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them.

The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis.

This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker.

What you will learn

  • Explore the internal workings of the ELF binary format
  • Discover techniques for UNIX Virus infection and analysis
  • Work with binary hardening and software anti-tamper methods
  • Patch executables and process memory
  • Bypass anti-debugging measures used in malware
  • Perform advanced forensic analysis of binaries
  • Design ELF-related tools in the C language
  • Learn to operate on memory with ptrace

About the Author

Ryan "elfmaster" O'Neill is a computer security researcher and software engineer with a background in reverse engineering, software exploitation, security defense, and forensics technologies. He grew up in the computer hacker subculture, the world of EFnet, BBS systems, and remote buffer overflows on systems with an executable stack. He was introduced to system security, exploitation, and virus writing at a young age. His great passion for computer hacking has evolved into a love for software development and professional security research. Ryan has spoken at various computer security conferences, including DEFCON and RuxCon, and also conducts a 2-day ELF binary hacking workshop.

He has an extremely fulfilling career and has worked at great companies such as Pikewerks, Leviathan Security Group, and more recently Backtrace as a software engineer.

Ryan has not published any other books, but he is well known for some of his papers published in online journals such as Phrack and VXHeaven. Many of his other publications can be found on his website at http://www.bitlackeys.org.

Table of Contents

  1. The Linux Environment and Its Tools
  2. The ELF Binary Format
  3. Linux Process Tracing
  4. ELF Virus Technology – Linux/Unix Viruses
  5. Linux Binary Protection
  6. ELF Binary Forensics in Linux
  7. Process Memory Forensics
  8. ECFS – Extended Core File Snapshot Technology
  9. Linux /proc/kcore Analysis

商品描述(中文翻譯)

《學習 Linux 二進制分析》是一本充滿知識和代碼的書籍,將教授您 UNIX 和 Linux 的 ELF 格式的內部運作方式,以及黑客和安全分析師用於病毒分析、二進制修補、軟體保護等方法。

本書將從介紹 UNIX/Linux 的物件工具開始,然後教授您有關 ELF 標本的所有知識。您將學習有關進程追蹤的知識,並探索不同類型的 Linux 和 UNIX 病毒,以及如何利用 ELF 病毒技術來處理它們。

書的後半部分討論了使用 Kprobe 儀器進行核心黑客、代碼修補和調試的用法。您將了解如何檢測和清除核心模式 rootkit,並進一步分析靜態代碼。最後,您將深入研究複雜的用戶空間記憶體感染分析。

本書將帶領您進入一些專家甚至未曾涉足的領域,即電腦黑客的世界。

您將學到以下內容:
- 探索 ELF 二進制格式的內部運作方式
- 發現 UNIX 病毒感染和分析的技巧
- 使用二進制加固和軟體防篡改方法
- 修補可執行檔和進程記憶體
- 繞過恶意軟體中使用的反調試措施
- 進行二進制的高級法醫分析
- 使用 C 語言設計與 ELF 相關的工具
- 學習使用 ptrace 操作記憶體

關於作者:
Ryan 'elfmaster' O'Neill 是一位計算機安全研究員和軟體工程師,擁有逆向工程、軟體利用、安全防禦和法醫技術方面的背景。他在電腦黑客亞文化中長大,熟悉 EFnet、BBS 系統和具有可執行堆疊的遠程緩衝區溢出。他在年輕時就接觸到系統安全、利用和病毒寫作。他對計算機黑客的熱情演變為對軟體開發和專業安全研究的熱愛。Ryan 在 DEFCON 和 RuxCon 等各種計算機安全會議上發表過演講,並且還舉辦過為期兩天的 ELF 二進制黑客工作坊。

他擁有一個非常充實的職業生涯,曾在 Pikewerks、Leviathan Security Group 等優秀公司工作,最近在 Backtrace 擔任軟體工程師。

Ryan 還沒有出版其他書籍,但他以在 Phrack 和 VXHeaven 等網上期刊上發表的一些論文而聞名。他的其他許多出版物可以在他的網站 http://www.bitlackeys.org 上找到。

目錄:
1. Linux 環境及其工具
2. ELF 二進制格式
3. Linux 進程追蹤
4. ELF 病毒技術 - Linux/Unix 病毒
5. Linux 二進制保護
6. Linux 中的 ELF 二進制法醫學
7. 進程記憶體法醫學
8. ECFS - 擴展核心文件快照技術
9. Linux /proc/kcore 分析