Learning Malware Analysis

Key Features Gets you up and running with the key concepts of malware analysis Learn the art of detecting, analyzing and investigating malware threats Practical use of malware analysis using different tools and techniques. Learn the concepts using real world examples Book Description

Malware analysis and memory forensics are powerful analysis and investigation techniques used in reverse engineering, digital forensics and incident response. With adversaries becoming sophisticated and carrying out advanced malware attacks on critical infrastructures, Data centers, private and public organizations; detecting, responding and investigating such intrusions are critical to information security professionals. Malware analysis and memory forensics have become a must have skill for fighting advanced malware, targeted attacks and security breaches.

This book teaches concepts, techniques, and tools to understand the behavior and characteristics of malware by using malware analysis and it also teaches the techniques to investigate and hunt malwares using memory forensics.

This book will introduce readers to the basics of malware analysis, Windows internals and it then gradually progresses deep into more advanced concepts of code analysis memory forensics. This book uses real world malware samples and infected memory images to help readers gain a better understanding of the subject so that the readers will be equipped with skills required to analyze, investigate and respond to malware related incidents.

What you will learn Create a safe and isolated lab environment for malware analysis Tools, concepts techniques to perform malware analysis using static, dynamic, code and memory analysis/forensics Extracting the metadata associated with malware Determining malware interaction with system Reverse engineering and debugging using code analysis tools like IDA pro and x64dbg Reverse engineering various malware functionalities Reverse engineering decoding the common encoding/encryption algorithms. Techniques to investigate hunt malware using memory forensics. Build a custom sandbox to automate malware analysis

Monnappa K A works with Cisco Systems as information security investigator focusing on threat intelligence, investigation, and research of cyber espionage attacks. He is the author of Limon sandbox used for analyzing Linux malwares and winner of Volatility memory forensics plugin contest 2016. He is the co-founder of cyber security research community ""Cysinfo"". His fields of interest include malware analysis, reverse engineering, memory forensics, and threat intelligence. He has presented and conducted training at security conferences like Black Hat, FIRST, 4SICS-SCADA/ICS summit, DSCI/NASSCOM and Cysinfo events. He has also authored various articles in Hakin9, eForensics, and Hack[In]sight magazines.