Windows APT Warfare: Identify and prevent Windows APT attacks effectively

此書是作者 aaaddress1（馬聖豪）暢銷書 Windows APT Warfare：惡意程式前線戰術指南 的英文版本。

Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Understand how malware evades modern security products
• Learn to reverse engineer standard PE format program files
• Become familiar with modern attack techniques used by multiple red teams

Book Description

An Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you've understood the internal design of operating systems, you'll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you'll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection.

As you advance, you'll cover practical examples of malware and online game hacking, such as EXE infection, shellcode development, software packers, UAC bypass, path parser vulnerabilities, and digital signature forgery, gaining expertise in keeping your system safe from this kind of malware.

By the end of this book, you'll be well equipped to implement the red team techniques that you've learned on a victim's computer environment, attempting to bypass security and antivirus products, to test its defense against Windows APT attacks.

What you will learn

• Explore various DLL injection techniques for setting API hooks
• Understand how to run an arbitrary program file in memory
• Become familiar with malware obfuscation techniques to evade antivirus detection
• Discover how malware circumvents current security measures and tools
• Use Microsoft Authenticode to sign your code to avoid tampering
• Explore various strategies to bypass UAC design for privilege escalation

Who this book is for

This book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.

此書是作者 aaaddress1（馬聖豪）暢銷書《Windows APT Warfare：惡意程式前線戰術指南》的英文版本。

從 PE 二進制結構到紅隊使用的現代實用攻擊技術，學習 Windows 系統設計以實施高級預防措施。

購買印刷版或 Kindle 版本的書籍將包含免費的 PDF 電子書。

主要特點：

- 了解惡意軟體如何逃避現代安全產品
- 學習反編譯標準 PE 格式的程式檔案
- 熟悉多個紅隊使用的現代攻擊技術

書籍描述：

高級持續性威脅（APT）是一種嚴重的網絡攻擊，它在系統中潛伏很長時間，並定位並利用敏感信息。預防 APT 需要基本安全技術的堅實基礎，並結合有效的安全監控。本書將幫助您從紅隊的角度瞭解系統設計的漏洞，並掌握預防 APT 攻擊的技巧。一旦您瞭解了操作系統的內部設計，您將準備好進行紅隊攻擊，並進一步學習如何將 C 源代碼編譯成 EXE 程式檔案。在本書中，您將探索 Windows 系統運行的內部運作方式，以及攻擊者如何濫用這些知識來繞過防病毒產品和保護。

隨著您的進步，您將涵蓋實際的惡意軟體和線上遊戲入侵的示例，例如 EXE 感染、shellcode 開發、軟體打包、UAC 繞過、路徑解析器漏洞和數字簽名偽造，從而獲得保護系統免受此類惡意軟體的專業知識。

通過閱讀本書，您將具備在受害者的電腦環境上實施所學的紅隊技術的能力，試圖繞過安全和防病毒產品，測試其對 Windows APT 攻擊的防禦能力。

您將學到什麼：

- 探索各種 DLL 注入技術以設置 API 鉤子
- 瞭解如何在記憶體中運行任意程式檔案
- 熟悉惡意軟體混淆技術以逃避防病毒偵測
- 發現惡意軟體如何繞過當前的安全措施和工具
- 使用 Microsoft Authenticode 簽署您的程式碼以避免篡改
- 探索各種繞過 UAC 設計的策略以提升權限

本書適合專業的網絡安全人員，特別是從事 Windows 安全工作的人員，或者是惡意軟體研究人員、網絡管理員、以及希望探索 Windows 漏洞、核心實踐和反編譯的道德駭客。對反編譯和 C/C++ 的基本理解將有所幫助。

1. From Source to Binaries – The Journey of a C Program
2. Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing
3. Dynamic API Calling – Thread, Process, and Environment Information
4. Shellcode Technique – Exported Function Parsing
5. Application Loader Design
6. PE Module Relocation
7. PE to Shellcode – Transforming PE Files into Shellcode
8. Software Packer Design
9. Digital Signature – Authenticode Verification
10. Reversing User Account Control and Bypassing Tricks
11. Appendix – NTFS, Paths, and Symbols

1. 從源代碼到二進制文件 - C程式的旅程
2. 處理器記憶體 - 檔案映射、PE解析器、tinyLinker和Hollowing
3. 動態API調用 - 線程、進程和環境資訊
4. Shellcode技術 - 匯出函數解析
5. 應用程式載入器設計
6. PE模組重定位
7. 從PE到Shellcode - 將PE文件轉換為Shellcode
8. 軟體封裝設計
9. 數位簽章 - Authenticode驗證
10. 反向工程使用者帳戶控制和繞過技巧
11. 附錄 - NTFS、路徑和符號