Malware Analyst′s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code Paperback – 27 October 2010
|New from||Used from|
Frequently bought together
From the Back Cover
We called this a cookbook because each "recipe" presents both the ingredients and the steps you take to resolve a specific problem or research a given threat. On the DVD, you'll find supporting files and original programs that provide additional resources. You'll learn how to analyze malware using tools written by the authors as well as hundreds of other publicly available tools. If your job involves incident response, computer forensics, systems security, or antivirus research, this book will become invaluable to you.
Learn to conduct online investigations without revealing your identity
Use honeypots to collect malware being distributed by bots and worms
Build a low-budget malware lab with virtualization or bare bones hardware
Reverse engineer common encoding and encryption algorithms
Set up an advanced memory forensics platform for malware analysis
Investigate prevalent threats such as Zeus, Silent Banker, CoreFlood, Conficker, Virut, Clampi, Bankpatch, BlackEnergy, and many more!
On the DVD
Use the files on the DVD to follow along with the recipes or to conduct your own investigations and analyses. You will find:
Windows and Linux tools
Over 50 original programs in Python, C/C++, and Perl
"The most useful technical security book I've read this year. A must-have for all who protect systems from malicious software."
--Lenny Zeltser, Security Practice Director at Savvis and Senior Faculty Member at SANS Institute
"The ultimate guide for anyone interested in malware analysis."
--Ryan Olson, Director, VeriSign iDefense Rapid Response Team
"Every page is filled with practical malware knowledge, innovative ideas, and useful tools. Worth its weight in gold!"
--AAron Walters, Lead Developer of Volatility and VP of Security R&D at Terremark
About the Author
No customer reviews
|5 star (0%)||0%|
|4 star (0%)||0%|
|3 star (0%)||0%|
|2 star (0%)||0%|
|1 star (0%)||0%|
Review this product
Most helpful customer reviews on Amazon.com
Reviewed in the United States on 29 January 2021
1. The material is up-to-date. Tools and malware resources change on an almost daily basis and you need to get books that reflect current resources and best practices. This book does a very good job covering the current tools and resources. It provides the web addresses for the various tools and resources discussed in each chapter. It also refers to current research, articles, and conference material in the areas covered in the chapters.
2. The topics covered are comprehensive. The book includes topics on anonymizing (the first chapter), classifying malware, shellcode, DLL code injection, debugging, how to safely run malware in a virtual environment, dumping memory and memory forensics, debugging kernel code, etc. The topics are collected into 18 chapters and are very complete.
3. The focus of this book is performing analysis of malware (which includes a wide variety of exploit types) and creating/using the tools to perform this analysis. Numerous examples are given showing how the analysis can be done, and some background information is presented as needed.
4. The book assumes the reader has brains. Too many "Computer Forensics" books are a waste of time for someone that already has a background in programming, networking, etc. They (the other Forensics books) often start their discussion of Network Forensics with a definition of what a network is ("A network sends packets between computers..."). Give me a break. This book assumes the reader already has a level of knowledge that is appropriate to anyone really working in this field. However, the authors do a good job explaining what needs to be explained in the course of presenting the topics. They don't talk down to the reader.
5. The book has a wealth of examples. Each chapter presents the topics by showing examples as well as showing how to get and install the necessary tools.
6. The book balances using pre-written tools with create-your-own tools. The latter include scripts in Python and programs in C/C++. The authors indicate where to get various relevant libraries which can be used to create or customize tools. This book is not just a collection of tools, but shows how to use the tools, analysis techniques, etc.
7. The book is very reasonably priced for the quality of content and the extra DVD. The price from Amazon is under $40 and the retail price is about $60. However, even at $60 this book is a bargain. Even if you just used the web addresses for the lists of tools presented in each chapter, the amount of time would take to locate and document the huge number of forensics/hacking tools presented in this book, is worth more than the book's price.
8. The book presents a huge amount of material. Almost every page is crammed with information and examples. Frankly, this book presents more information in one chapter than most other books do in their entirety, and this book has 18 chapters. The chapters are written so they are independent of each other and you can select the chapter you want to work through without reading previous chapters.
9. The tool focus is open-source and platform independent. The authors stay with open-source tools and try to reference tools that can run on both Linux and Windows. However, they also use the best tools available for a specific task, even if the tool only runs under Linux or only under Windows.
There are enough varied topics in this book that readers with different levels of knowledge can benefit. The authors assume the reader has a background in basic networking, understands operating systems (both Windows and Unix), understands programming (Python, C/C++, Assembly), and understand processor basics (registers, the stack, etc). However, these assumptions are not barriers to getting something out of this book. Beginners will find the book too difficult, but would profit by just downloading the various tools referenced in the chapters.
* If you are doing forensic analysis on Malware you should purchase this book (for the chapters on debugging, memory forensics, and malware forensics)
* If you are working in the network/computer security area you should purchase this book (for the chapters on setting up a malware lab, classifying malware, and setting up a malware sandbox)
* If you are interested in the programming aspects of malware you should purchase this book (for the chapters on DLLs and debugging malware code and on code injection)
* If (and I hesitate to include this) you want to be a hacker you should purchase this book and read the entire thing.
The last quarter of the book covers memory forensic analysis, and it is the definitive resource currently available on the subject (either online or in print). If the entire book consisted of just this section, it would be worth the price. Instruction starts with memory acquisition, and nicely covers memory dumps from alternative sources like virtual machines (Fusion, Parallels VMware, and VirtualBox). The Volatility memory analysis framework is used exclusively, owing to one of the authors being a primary contributor to the project. That being said, the concepts behind the tools are described in detail, making it easy to port the information to any of the memory analysis suites currently available. Throughout the text, techniques learned in earlier sections are re-applied to this newest form of forensics. As an example, YARA malware identification rules are well covered in previous chapters and reappear as a viable method for scanning memory. Links to prior techniques are well documented and indexed, allowing the book to be read in any order. An extensive collection of memory dumps is included with the book DVD, letting readers immediately get their hands dirty with the exercises without needing to create their own samples. This is a wonderful addition to the book and unfortunately quite rare in books of this genre.
Although I am not a big fan of the cookbook/recipe structure, the content is so good it could be scrawled on napkins and still be engaging. With the current state of information security, the Malware Analyst's Cookbook is a must have book for every information security practitioner.