Malware analysis is big business. Not only is it a lucrative, rapidly growing discipline, but attacks can cost a company dearly. As a security professional, you can't effectively respond to intrusions without being able to analyze malware. When malware breaches your defenses or a client drops a freshly minted piece of malware into your inbox, you need to act quickly to understand the malware thoroughly enough to cure current and future infections.
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you how to use the tools and techniques that professional malware analysts use to dissect malicious software. With this book as your guide, you'll learn how to safely analyze, debug, and disassemble malware so that you're in the driver's seat, not the malware author.
You'll learn how to:
- Set up a safe virtual environment to analyze malware
- Quickly extract network signatures and host-based indicators
- Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
- Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
- Use your newfound knowledge of Windows internals for malware analysis
- Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
- Analyze special cases of malware with shellcode, C++, and 64-bit code
Hands-on labs included throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples. And pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, what damage it has done to your network, how to thoroughly clean it, and how to ensure it never comes back.
Malware analysis is a cat and mouse game with rules that are constantly changing. Whether you're tasked with fighting malware on one or a thousand networks or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.