Wednesday, 8 July 2020

Malware Analysis and Detection Engineering: A Comprehensive Guide to Detect, Analyze and Reverse Malwares




This book is a beast! If you're looking to master the ever widening field 
of malware analysis, look no further, this is the definitive guide for you
- Pedram Amini, Founder Zero Day Initiative(ZDI) and OpenRCE, CTO InQuest.net

8+ months. That's what it took for me along with my co-author Abhijit to complete this book. At around 900+ pages this is the most comprehensive guide one can find on Malware Analysis, Malware Reverse Engineering and Detection Engineering. This book is being published by Apress Publications and also available on the Springer Publisher Network, arguably the biggest 
book publisher network in the world.
The book also covers Detection Engineering, a topic yet to be covered by any book, where we talk 
about the internals of various detection tools like Antiviruses, Malware Sandboxes, IDS/IPS and Binary 
Instrumentation, and how their internal details can be leveraged by malware analysts and reverse
engineers and budding detection engineers to automate sample analysis.


This book will, 
  • Will help you learn how to analyze any malware thrown at you and even reverse engineer them
    using tools like Ollydbg and IDA Pro
     
  • Will reveal to you many undocumented tricks used by malware researchers in the industry to
    analyze and reverse malwares.
     
  • Balances complex technical details and easy to apply tips/techniques that can be directly used
    while researching on a sample.
     
  • Is very hands-on, with exercise driven content using both simulated malware samples to help
    hone your skills in a controlled setup, and then with real-world malware samples to help you
    test your newly learned skills.
     
  • Covers Detection Engineering - How various detection tools work internally and how to apply
    them to automating analyzing malwares. Tools covered - Antivirus, Sandboxes, IDS/IPS and
    Binary Instrumentation
     
  • Introduces a custom analysis tool “APIMiner” developed by us along with the book, that
    makes analyzing malware samples uper easy.
     
  • Provides exercise samples along with the book.
We would like to thank Pedram Amini for providing the foreword for this book and Ravikanth Tiwari
for his technical review of the book.

The book is available for pre-order at Amazon here - https://www.amazon.com/dp/1484261925

Table Of Contents
Part 1: Introduction
1. Introduction
2. Malware Analysis Lab Setup

Part 2: OS and System Fundamentals
3. File & File Formats
4. Virtual Memory & Portable Executable(PE) File
5. Windows Internals
Part 3: Malware Components & Analysis
6. Malware Components & Distribution
7. Malware Packers
8. Persistence Mechanisms
9. Network Communication
10. Code Injection, Process Hollowing & API Hooking
11. Stealth and Rootkits

Part 4: Malware Analysis & Classification
12. Static Analysis
13. Dynamic Analysis
14. Memory Forensics With Volatility
15. Malware Payload Dissection & Classification

Part 5: Malware Reverse Engineering
16. Debuggers & Assembly Language
17. Debugging Tricks for Unpacking Malwares
18. Debugging Code Injection
19. Armoring & Evasion - The Anti Techniques
20. File-less, Macros & Other Malware Trends

Part 6: Detection Engineering
21. Dev Analysis Lab Setup
22. Anti-Virus Engines
23. IDS/IPS & Snort/Suricata Rule Writing
24. Malware Sandbox Internals
25. Binary Instrumentation for Reversing Automation