Malware Development for Ethical Hackers Learn How to Develop Various Types of Malware to Strengthen Cybersecurity
Packed with real-world examples, this book simplifies cybersecurity, delves into malware development, and serves as a must-read for advanced ethical hackers Key Features Learn how to develop and program Windows malware applications using hands-on examples Explore methods to bypass security mechanism...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing
[2024]
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009837633006719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Contributors
- Table of Contents
- Preface
- Part 1: Malware Behavior: Injection, Persistence, and Privilege Escalation Techniques
- Chapter 1: Quick Introduction to Malware Development
- Technical requirements
- What is malware development?
- A simple example
- Unpacking malware functionality and behavior
- Types of malware
- Reverse shells
- Practical example: reverse shell
- Practical example: reverse shell for Windows
- Demo
- Leveraging Windows internals for malware development
- Practical example
- Exploring PE-file (EXE and DLL)
- Practical example
- The art of decieving a victim's systems
- Summary
- Chapter 2: Exploring Various Malware Injection Attacks
- Technical requirements
- Traditional injection approaches - code and DLL
- A simple example
- Code injection example
- DLL injection
- DLL injection example
- Exploring hijacking techniques
- DLL hijacking
- Practical example
- Understanding APC injection
- A practical example of APC injection
- A practical example of APC injection via NtTestAlert
- Mastering API hooking techniques
- What is API hooking?
- Practical example
- Summary
- Chapter 3: Mastering Malware Persistence Mechanisms
- Technical requirements
- Classic path: registry Run Keys
- A simple example
- Leveraging registry keys utilized by Winlogon process
- A practical example
- Implementing DLL search order hijacking for persistence
- Exploiting Windows services for persistence
- A practical example
- Hunting for persistence: exploring non-trivial loopholes
- A practical example
- How to find new persistence tricks
- Summary
- Chapter 4: Mastering Privilege Escalation on Compromised Systems
- Technical requirements
- Manipulating access tokens
- Windows tokens
- Local administrator
- SeDebugPrivilege.
- A simple example
- Impersonate
- Password stealing
- Practical example
- Leveraging DLL search order hijacking and supply chain attacks
- Practical example
- Circumventing UAC
- fodhelper.exe
- Practical example
- Summary
- Part 2: Evasion Techniques
- Chapter 5: Anti-Debugging Tricks
- Technical requirements
- Detecting debugger presence
- Practical example 1
- Practical example 2
- Spotting breakpoints
- Practical example
- Identifying flags and artifacts
- Practical example
- ProcessDebugFlags
- Practical example
- Summary
- Chapter 6: Navigating Anti-Virtual Machine Strategies
- Technical requirements
- Filesystem detection techniques
- VirtualBox machine detection
- A practical example
- Demo
- Approaches to hardware detection
- Checking the HDD
- Demo
- Time-based sandbox evasion techniques
- A simple example
- Identifying VMs through the registry
- A practical example
- Demo
- Summary
- Chapter 7: Strategies for Anti-Disassembly
- Popular anti-disassembly techniques
- Practical example
- Exploring the function control problem and its benefits
- Practical example
- Obfuscation of the API and assembly code
- Practical example
- Crashing malware analysis tools
- Practical example
- Summary
- Chapter 8: Navigating the Antivirus Labyrinth - a Game of Cat and Mouse
- Technical requirements
- Understanding the mechanics of antivirus engines
- Static detection
- Heuristic detection
- Dynamic heuristic analysis
- Behavior analysis
- Evasion static detection
- Practical example
- Evasion dynamic analysis
- Practical example
- Circumventing the Antimalware Scan Interface (AMSI)
- Practical example
- Advanced evasion techniques
- Syscalls
- Syscall ID
- Practical example
- Userland hooking
- Direct syscalls
- Practical example
- Bypassing EDR
- Practical example
- Summary.
- Part 3: Math and Cryptography in Malware
- Chapter 9: Exploring Hash Algorithms
- Technical requirements
- Understanding the role of hash algorithms in malware
- Cryptographic hash functions
- Applying hashing in malware analysis
- A deep dive into common hash algorithms
- MD5
- SHA-1
- Bcrypt
- Practical use of hash algorithms in malware
- Hashing WINAPI calls
- MurmurHash
- Summary
- Chapter 10: Simple Ciphers
- Technical requirements
- Introduction to simple ciphers
- Caesar cipher
- ROT13 cipher
- ROT47 cipher
- Decrypting malware - a practical implementation of simple ciphers
- Caesar cipher
- ROT13
- ROT47
- The power of the Base64 algorithm
- Base64 in practice
- Summary
- Chapter 11: Unveiling Common Cryptography in Malware
- Technical requirements
- Overview of common cryptographic techniques in malware
- Encryption resources such as configuration files
- Practical example
- Cryptography for secure communication
- Practical example
- Payload protection - cryptography for obfuscation
- Practical example
- Summary
- Chapter 12: Advanced Math Algorithms and Custom Encoding
- Technical requirements
- Exploring advanced math algorithms in malware
- Tiny encryption algorithm (TEA)
- A5/1
- Madryga algorithm
- Practical example
- The use of prime numbers and modular arithmetic in malware
- Practical example
- Implementing custom encoding techniques
- Practical example
- Elliptic curve cryptography (ECC) and malware
- Practical example
- Summary
- Part 4: Real-World Malware Examples
- Chapter 13: Classic Malware Examples
- Historical overview of classic malware
- Early malware
- The 1980s-2000s - the era of worms and mass propagation
- Malware of the 21st century
- Modern banking Trojans
- The evolution of ransomware
- Analysis of the techniques used by classic malware.
- Evolution and impact of classic malware
- Lessons learned from classic malware
- Practical example
- Summary
- Chapter 14: APT and Cybercrime
- Introduction to APTs
- The birth of APTs - early 2000s
- Operation Aurora (2009)
- Stuxnet and the dawn of cyber-physical attacks (2010)
- The rise of nation-state APTs - mid-2010s onward
- What about the current landscape and future challenges?
- Characteristics of APTs
- Infamous examples of APTs
- APT28 (Fancy Bear) - the Russian cyber espionage
- APT29 (Cozy Bear) - the persistent intruder
- Lazarus Group - the multifaceted threat
- Equation Group - the cyber-espionage arm of the NSA
- Tailored Access Operations - the cyber arsenal of the NSA
- TTPs used by APTs
- Persistence via AppInit_DLLs
- Persistence by accessibility features
- Persistence by alternate data streams
- Summary
- Chapter 15: Malware Source Code Leaks
- Understanding malware source code leaks
- The Zeus banking Trojan
- Carberp
- Carbanak
- Other famous malware source code leaks
- The impact of source code leaks on the malware development landscape
- Zeus
- Carberp
- Carbanak
- Practical example
- Significant examples of malware source code leaks
- Summary
- Chapter 16: Ransomware and Modern Threats
- Introduction to ransomware and modern threats
- Analysis of ransomware techniques
- Conti
- Hello Kitty
- Case studies of notorious ransomware and modern threats
- Case study one: WannaCry ransomware attack
- Case study two: NotPetya ransomware attack
- Case study three: GandCrab ransomware
- Case study four: Ryuk ransomware
- Modern threats
- Practical example
- Mitigation and recovery strategies
- Summary
- Index
- Other Books You May Enjoy.
