the Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks.
وضعیت نشر و پخش و غیره
محل نشرو پخش و غیره
Birmingham :
نام ناشر، پخش کننده و غيره
Packt Publishing, Limited,
تاریخ نشرو بخش و غیره
2019.
مشخصات ظاهری
نام خاص و کميت اثر
1 online resource (548 pages)
یادداشتهای مربوط به مندرجات
متن يادداشت
Cover; Title Page; Copyright and Credits; About Packt; Contributors; Table of Contents; Preface; Section 1: Fundamental Theory; Chapter 1: A Crash Course in CISC/RISC and Programming Basics; Basic concepts; Registers; Memory; Virtual memory; Stack; Branches, loops, and conditions; Exceptions, interrupts, and communicating with other devices; Assembly languages; CISC versus RISC; Types of instructions; Becoming familiar with x86 (IA-32 and x64); Registers; Special registers; The instruction structure; opcode; dest; src; The instruction set; Data manipulation instructions
متن يادداشت
Data transfer instructionsFlow control instructions; Arguments, local variables, and calling conventions (in x86 and x64); stdcall; Arguments; Local variables; cdecl; fastcall; thiscall; The x64 calling convention; Exploring ARM assembly; Basics; Instruction sets; Basics of MIPS; Basics; The instruction set; Diving deep into PowerPC; Basics; The instruction set; Covering the SuperH assembly; Basics; The instruction set; Working with SPARC; Basics; The instruction set; From assembly to high-level programming languages; Arithmetic statements; If conditions; While loop conditions; Summary
متن يادداشت
Modifying the instruction pointer valueChanging the program data; Debugging malicious services; What is service?; Attaching to the service; Summary; Chapter 3: Unpacking, Decryption, and Deobfuscation; Exploring packers; Exploring packing and encrypting tools; Identifying a packed sample; Technique 1 -- checking PE tool static signatures; Technique 2 -- evaluating PE section names; Technique 3 -- using stub execution signs; Technique 4 -- detecting a small import table; Automatically unpacking packed samples; Technique 1 -- the official unpacking process; Technique 2 -- using OllyScript with OllyDbg.
متن يادداشت
PE loading and process creationBasic terminology; What's process?; Virtual memory to physical memory mapping; Threads; Important data structures: TIB, TEB, and PEB; Process loading step by step; PE file loading step by step; WOW64 processes; Dynamic analysis with OllyDbg/immunity debugger; Debugging tools; How to analyze a sample with OllyDbg; Types of breakpoints; Step into/step over breakpoint; INT3 breakpoint; Memory breakpoints; Hardware breakpoints; Modifying the program execution; Patching-modifying the program's assembly instructions; Change EFlags
متن يادداشت
Section 2: Diving Deep into Windows MalwareChapter 2: Basic Static and Dynamic Analysis for x86/x64; Working with the PE header structure; Why PE?; Exploring PE structure; MZ header; PE header; File header; Optional header; Data directory; Section table; PE+ (x64 PE); PE analysis tools; Static and dynamic linking; Static linking; Dynamic linking; Dynamic link libraries; Application programming interface; Dynamic API loading; Using PE header information for static analysis; How to use PE header for incident handling; How to use a PE header for threat intelligence
بدون عنوان
0
بدون عنوان
8
بدون عنوان
8
بدون عنوان
8
بدون عنوان
8
یادداشتهای مربوط به خلاصه یا چکیده
متن يادداشت
Malware analysis is a powerful investigation technique widely used in various security areas including digital forensics and incident response processes. Working through practical examples, you'll be able to analyze any type of malware you may encounter within the modern world.
یادداشتهای مربوط به سفارشات
منبع سفارش / آدرس اشتراک
OverDrive, Inc.
شماره انبار
74D995F6-1972-410B-9224-4213067B9862
ویراست دیگر از اثر در قالب دیگر رسانه
عنوان
Mastering Malware Analysis : The Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks.
شماره استاندارد بين المللي کتاب و موسيقي
9781789610789
عنوان به منزله موضوع
موضوع مستند نشده
Microsoft Windows (Computer file)-- Security measures.
موضوع مستند نشده
Microsoft Windows (Computer file)
موضوع (اسم عام یاعبارت اسمی عام)
موضوع مستند نشده
Computer security.
موضوع مستند نشده
Cyberterrorism-- Security measures.
موضوع مستند نشده
Malware (Computer software)
موضوع مستند نشده
Computer security.
موضوع مستند نشده
Malware (Computer software)
موضوع مستند نشده
Security systems.
رده بندی ديویی
شماره
005
.
88
ويراست
23
رده بندی کنگره
شماره رده
QA76
.
76
.
C68
نام شخص به منزله سر شناسه - (مسئولیت معنوی درجه اول )