Evasive malware

• Verfasst von: Cucci, Kyle [VerfasserIn]
• Titel: Evasive malware
• Titelzusatz: a field guide to detecting, analyzing, and defeating advanced threats
• Verf.angabe: by Kyle Cucci
• Ausgabe: [First edition].
• Verlagsort: San Francisco, CA
• Verlag: No Starch Press
• E-Jahr: 2024
• Jahr: [2024]
• Umfang: 1 online resource (488 pages)
• Illustrationen: illustrations
• Fussnoten: Includes bibliographical references and index
• Datenträger: Online-Ressource
• Sprache: eng
• Sach-SW: Sécurité informatique
• K10plus-PPN: 189910903X
• K10plus-PPN:
  Universitätsbibliothek
• Lokale URL UB: Zum Volltext
• Lokale URL UB: Bibliothek der Medizinischen Fakultät Mannheim der Universität Heidelberg
• Bibliothek/Idn: UW / m4568071631
• Lokale URL Inst.: Zum Volltext

Abstract

We’re all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today’s malicious software and show you how to defeat them. Following a crash course on using static and dynamic code analysis to uncover malware’s true intentions, you’ll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You’ll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You’ll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you’ll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.