Mastering Malware Analysis
The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks
Alexey Kleymenov
Amr Thabet
BIRMINGHAM - MUMBAI
Mastering Malware Analysis
Copyright 2019 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Heramb Bhavsar
Content Development Editor: Shubham Bhattacharya
Technical Editor: Varsha Shivhare
Copy Editor: Safis Editing
Language Support Editor : Rahul Dsouza
Project Coordinator: Nusaiba Ansari
Proofreader: Safis Editing
Indexer: Tejal Daruwale Soni
Production Designer: Aparna Bhagat, Jisha Chirayil
First published: June 2019
Production reference: 1030619
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78961-078-9
www.packtpub.com
Packt.com
Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Fully searchable for easy access to vital information
Copy and paste, print, and bookmark content
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.
At www.packt.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the authors
Alexey Kleymenov started working in the information security industry in his second year at university, and now has more than 10 years of practical experience at three international antivirus companies. He is an IT engineer with a strong security background and is passionate about reverse engineering, prototyping, process automation, and research. Alexey has taken part in numerous e-crime and targeted attack-related investigations, has worked on several projects that involved building machine learning classifiers to detect various types of attacks, and has developed several applications that extend the visibility of modern threats in the IoT domain. Alexey is also a member of the (ISC) organization and holds the CISSP certification.
I would like to deeply thank all my family, and especially my beloved mom and wife, for always believing in me. Big thanks to Amr, who turned this project into enjoyable cooperative work. Great respect to the Packt team, especially Sharon and Shubham, for addressing our inquiries at any time, and to the reviewers for their feedback. And finally, thanks to all the people who contributed to my personal development or served as an inspiration.
Amr Thabet is a former malware researcher at Symantec and the founder of MalTrak (maltrak.com). Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
Prior to that, he struggled to get into the field as he was a mechanical engineer graduate. he didn't have the budget to afford expensive certificates to prove his skills. And because of that, after his successes, he decided to be the inspiring voice to all enthusiasts starting in malware analysis. he helps students all around the world to build their expertise and most importantly, their irresistible resume to land their next malware analysis job.
I'd like to thank my parents for helping me and believing in me throughout this journey. And big thanks for my book partner, friend, and former colleague, Alexey. Without his expertise, hard work, and dedication, this book wouldn't have come to light. We put our experience, expertise, and our hearts in this work and we really hope it changes your life and your career as this knowledge once changed ours.
About the reviewers
Daniel Cuthbert is the global head of security research for a large global bank. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from small groups of curious minds to the organized criminal networks. He is an original co-author of the OWASP Testing Guide, released in 2003, and is a co-author of the OWASP Application Security Verification Standard (ASVS).
Pablo Ramos has been in the security industry for more than 10 years, working for antivirus companies, social networks, vulnerability management, and consulting companies. He graduated from the Universidad Tecnologica Nacional in Buenos Aires, Argentina. He has been actively contributing to private and public research on malware analysis, reverse engineering, and vulnerability analysis. He has presented at international conferences such as Virus Bulletin and AVAR, specifically about malware analysis and botnet tracking. In his free time, likes to play soccer, surf, and practice kitesurfing.
I'd like to thank my wife for her constant support and for helping me to achieve my professional goals.
Dr. Michael Spreitzenbarth did his diploma thesis on mobile phone forensics, and after that he worked for several years as a freelancer in the IT security sector. In 2013, he finished his PhD in the field of Android forensics and mobile malware analysis. Since this time, he has been working at an internationally operating CERT and in an internal red team.
Next page