Malware analyst's cookbook and dvd [electronic resource] : tools and techniques for fighting malicious code / Michael Ligh ... [et al.].

Ligh, Michael W.
Indianapolis, Ind. : Wiley Pub., Inc, 2011.
1 online resource (746 p.)
1st edition

Location Notes Your Loan Policy


Other records:
Malware (Computer software).
Electronic books.
System Details:
text file
A computer forensics ""how-to"" for fighting malicious code and analyzing incidents With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills.Security professionals face a constant battle
Malware Analyst's Cookbook and DVD; Contents; Introduction; On The Book's DVD; Chapter 1: Anonymizing Your Activities; Recipe 1-1: Anonymous Web Browsing with Tor; Recipe 1-2: Wrapping Wget and Network Clients with Torsocks; Recipe 1-3: Multi-platform Tor-enabled Downloader in Python; Recipe 1-4: Forwarding Traffic through Open Proxies; Recipe 1-5: Using SSH Tunnels to Proxy Connections; Recipe 1-6: Privacy-enhanced Web browsing with Privoxy; Recipe 1-7: Anonymous Surfing with; Recipe 1-8: Internet Access through Cellular Networks
Recipe 1-9: Using VPNs with Anonymizer UniversalChapter 2: Honeypots; Recipe 2-1: Collecting Malware Samples with Nepenthes; Recipe 2-2: Real-Time Attack Monitoring with IRC Logging; Recipe 2-3: Accepting Nepenthes Submissions over HTTP with Python; Recipe 2-4: Collecting Malware Samples with Dionaea; Recipe 2-5: Accepting Dionaea Submissions over HTTP with Python; Recipe 2-6: Real-time Event Notification and Binary Sharing with XMPP; Recipe 2-7: Analyzing and Replaying Attacks Logged by Dionea; Recipe 2-8: Passive Identification of Remote Systems with p0f
Recipe 2-9: Graphing Dionaea Attack Patterns with SQLite and GnuplotChapter 3: Malware Classification; Recipe 3-1: Examining Existing ClamAV Signatures; Recipe 3-2: Creating a Custom ClamAV Database; Recipe 3-3: Converting ClamAV Signatures to YARA; Recipe 3-4: Identifying Packers with YARA and PEiD; Recipe 3-5: Detecting Malware Capabilities with YARA; Recipe 3-6: File Type Identification and Hashing in Python; Recipe 3-7: Writing a Multiple-AV Scanner in Python; Recipe 3-8: Detecting Malicious PE Files in Python; Recipe 3-9: Finding Similar Malware with ssdeep
Recipe 3-10: Detecting Self-modifying Code with ssdeepRecipe 3-11: Comparing Binaries with IDA and BinDiff; Chapter 4: Sandboxes and Multi-AV Scanners; Recipe 4-1: Scanning Files with VirusTotal; Recipe 4-2: Scanning Files with Jotti; Recipe 4-3: Scanning Files with NoVirusThanks; Recipe 4-4: Database-Enabled Multi-AV Uploader in Python; Recipe 4-5: Analyzing Malware with ThreatExpert; Recipe 4-6: Analyzing Malware with CWSandbox; Recipe 4-7: Analyzing Malware with Anubis; Recipe 4-8: Writing AutoIT Scripts for Joebox; Recipe 4-9: Defeating Path-dependent Malware with Joebox
Recipe 4-10: Defeating Process-dependent DLLs with JoeboxRecipe 4-11: Setting an Active HTTP Proxy with Joebox; Recipe 4-12: Scanning for Artifacts with Sandbox Results; Chapter 5: Researching Domains and IP Addresses; Recipe 5-1: Researching Domains with WHOIS; Recipe 5-2: Resolving DNS Hostnames; Recipe 5-3: Obtaining IP WHOIS Records; Recipe 5-4: Querying Passive DNS with BFK; Recipe 5-5: Checking DNS Records with Robtex; Recipe 5-6: Performing a Reverse IP Search with DomainTools; Recipe 5-7: Initiating Zone Transfers with dig; Recipe 5-8: Brute-forcing Subdomains with dnsmap
Recipe 5-9: Mapping IP Addresses to ASNs via Shadowserver
Includes index.