Practical Malware Analysis
The Hands-On Guide to Dissecting Malicious Software
Publisher: No Starch Press
Final Release Date: February 2012
Pages: 800

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You'll learn how to:

  • Set up a safe virtual environment to analyze malware
  • Quickly extract network signatures and host-based indicators
  • Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
  • Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
  • Use your newfound knowledge of Windows internals for malware analysis
  • Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
  • Analyze special cases of malware with shellcode, C++, and 64-bit code

Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyPractical Malware Analysis
 
4.0

(based on 4 reviews)

Ratings Distribution

  • 5 Stars

     

    (1)

  • 4 Stars

     

    (2)

  • 3 Stars

     

    (1)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Pros

  • Helpful examples (4)
  • Well-written (4)
  • Accurate (3)

Cons

    Best Uses

    • Intermediate (4)

    Reviewed by 4 customers

    Sort by

    Displaying reviews 1-4

    Back to top

     
    4.0

    Review of "Practical Malware Analysis"

    By HiSeCu (Carel Fenijn)

    from Leiden, Netherlands

    About Me Cert Member

    Pros

    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

    • Mainly Windows Os

    Best Uses

    • Intermediate
    • Student

    Comments about oreilly Practical Malware Analysis:

    "Practical Malware Analysis" is a pretty good primer on malware analysis. It is certainly useful as a text book for self study and probably for use in class rooms. I was surprised that the subject matter of this book was mainly attacks on Windows platforms, that was not evident from the title. I think it should be. However, as most attacks are addressed at such platforms IRL, that does make sense. Having a similar book that is centered around linux would be interesting as well. The way this subject is treated is clear and hands-on. Useful for beginners, who have to take their first steps learning about malware analysis, the x86 architecture and disassembly, etc. but also for others who want to use it as a quick reference book on specific malware analysis related topics (concepts and tools) from a practical point of view. For people who want to learn more about how Windows works, this book can also be useful.

     
    4.0

    Good Reference

    By Sadhana

    from USA

    About Me Developer, Sys Admin

    Pros

    • Accurate
    • Helpful examples
    • Well-written

    Cons

      Best Uses

      • Expert
      • Intermediate

      Comments about oreilly Practical Malware Analysis:

      This is a great reference book for those interested in malware analysis.

      PROS:

      1. Teaches you how to use a variety of tools (IDA PRO, etc.)
      2. Teaches you about different types of analysis (basic, static, dynamic, etc.)
      3. There was a chapter that told you how to recognize common C code constructs
      4. It goes into quite a lot of depth about the internal workings of Windows

      CONS:

      It's definitely not for a beginner. If you never did malware analysis before, the material presented can be overwhelming. It's not easy to immediately put what you learned into action (you might understand a subject theoretically but might not be comfortable enough with the subject to put it into practice).

       
      3.0

      A comprehensive text

      By sumit bisht

      from Lucknow, India

      About Me Developer

      Verified Reviewer

      Pros

      • Accurate
      • Helpful examples
      • Well-written

      Cons

      • Difficult to understand

      Best Uses

      • Expert
      • Intermediate

      Comments about oreilly Practical Malware Analysis:

      This is a comprehensive text on malware analysis that forms a nice learning course and a handy guide in identifying and removing malware.
      The nice addition in this text was the mix between theory and practicals that allowed for reading followed by practice to reinforce the concepts. Some people however might find the sequential ordering of concepts off-putting and in places where the fundamentals are stretched a little bit more than desired, especially in a professional book. But the concepts themselves are presented clearly and in all the nuances are present in their low-level details, which make learning of the advanced concepts an engaging task.

      (1 of 1 customers found this review helpful)

       
      5.0

      Great book for any malware analyst

      By MIla Parkour

      from Washintgon, DC

      About Me Sys Admin

      Verified Reviewer

      Pros

      • Accurate
      • Concise
      • Easy to understand
      • Helpful examples
      • Well-written

      Cons

        Best Uses

        • Intermediate
        • Novice
        • Student

        Comments about oreilly Practical Malware Analysis:

        I think it is hands down the best book for anyone who is interested in malicious file analysis and reverse engineering of malicious code. If you are a beginner, the book starts with baby steps explaining what you can do, how you should do it, and what exactly you should be looking at - in plain, easy to understand language. The book is the next best thing to private tutoring by the gurus guiding you every step of the way while sharing their experience, secrets, and shortcuts that you cannot find anywhere else.

        Every theoretical part is concise and contains only the information you need to do the analysis. All other techniques are tailored towards practical analysis - finding as much as possible meaningful information about malicious files and being able to interpret and understand it.

        By the end of Part 1, you will go from zero to being able to do basic analysis and knowing what to do to become better. This is a big advantage of this book over many others - it paves a way to become a malware analyst - from beginner to advanced. By the end of the book, you will reach a very respectable level, especially if you follow it with a highlighter and do all the exercises instead of skipping them. The book's website offers samples for analysis, along with a detailed answers sections for review after you finish.

        There are six parts, each is more advanced than the previous one. If you are a seasoned reverse engineer, you can dive into the sections that suit your skills. However, I suggest at least looking through the basic sections because I found very interesting tidbits of information even for those sections I thought I know well.

        You will find these topics covered (including but not limited to)
        Part 1 -
        Ch.1 - Basic Analysis: Strings, Unpacking, DLLs and how to analyze them,
        Dependencies, Functions/Function calls (which are interesting for you), PE
        file structure
        Ch.2 - Preparing VMs for analysis,
        Ch.3 - Faking a network, Wireshark and InterSim, Sysinternals tools

        Part 1
        Ch.4 - Crash course in x86 disassembly,
        Ch.5- IDA Pro (how to use),
        Ch.6 - C-code constructs in assembly,
        Ch.7 - Windows API, Registry, Threads, Services, Processes, COM objects,
        etc.

        Part 3
        Ch.8 - Debuggers - how to use, techniques, shellcode analysis,
        Ch.9 - Ollydbg,
        Ch.10 -Windbg, Rootkit analysis

        Part 4
        Ch.11 -Different malware functionality, botnets, Rats, Trojans, backdoors,
        Reverse shell, keyloggers, Persistence mechanisms, Dll-load order
        hijacking, Privilege escalation, User-mode rootkits,
        Ch.12 - Covert malware launching: process injection, process replacement,
        hook injection, Detours, APC Injection. etc,
        Ch.13 - Encoding: Simple Ciphers, XOR and other schemes, Common
        cryptographic algorithms, Custom encoding, Decoding,
        Ch.14 - Malware focused network signatures - Malware network signatures,
        Network countermeasures, crash mini course on Snort signatures, tracking
        attackers, Understanding attacker's perspective and more.

        Part 5
        Ch.15 - Anti-Disassembly, Anti-Disassembly Algorithms, Techniques, Thwarting
        Stack-Frame Analysis,
        Ch.16 - Anti - Debugging
        Ch.17 - Anti - Virtual Machine Techniques
        Ch.18 - Packers and Unpacking, various packers and techniques

        Part 6
        Ch.19 - Shellcode analysis
        Ch.20 - C++ Analysis
        Ch.21 64 - bit malware

        Appendix
        Important Windows Functions
        Tools for Malware analysis

        As you see, all the attention is given to file analysis. Compare this to another excellent book Malware Analyst's Cookbook (M.Ligh, S.Adair, B.Hartstein, M.Richard), which covers topics like honeypots, ClamAV, Yara, AV scanners, Automation, Malware Labs, Volatility and Memory analysis of various malware, Forensics and also malicious file analysis. You really need both books as they cover different areas of combating malware. There is not a lot of overlap and the topics are covered from different angles, using different approaches. Practical Malware Analysis will teach you how to rip malicious files apart and takes you through the process step by step. I very much recommend it.

        Displaying reviews 1-4

        Back to top

         
        Buy 2 Get 1 Free Free Shipping Guarantee
        Buying Options
        Immediate Access - Go Digital what's this?
        Ebook: $47.95
        Formats:  ePub, Mobi, PDF
        Print & Ebook: $65.95
        Print: $59.95