2 options
Malware Development for Ethical Hackers : Learn How to Develop Various Types of Malware to Strengthen Cybersecurity / Zhassulan Zhussupov.
- Format:
- Book
- Author/Creator:
- Zhussupov, Zhassulan, author.
- Language:
- English
- Subjects (All):
- Penetration testing (Computer security).
- Computer security.
- Hackers.
- Physical Description:
- 1 online resource (390 pages)
- Edition:
- First edition.
- Place of Publication:
- Birmingham, England : Packt Publishing, [2024]
- Biography/History:
- Zhussupov Zhassulan: Zhassulan Zhusupov is a professional who wears many hats: software developer, cybersecurity enthusiast, and mathematician. He has been developing products for law enforcement for over ten years. Professionally, Zhasulan shares his experience as a malware analyst and threat hunter at the MSSP Research Lab in Kazakhstan, a cybersecurity researcher at Websec B. V. in the Netherlands, and Cyber5W in the USA. He has also actively contributed to the Malpedia project. Zhassulan's literary achievements include writing the popular ebooks "MD MZ Malware Development" and "Malwild: Malware in the Wild, " details of which can be found on his personal Github page. He is the author and co-author of numerous articles on cybersecurity blogs and has also spoken at various international conferences like Black Hat, DEFCON, BSides, Standoff, and many others. His love for his family is reflected in his role as a loving husband and caring father.
- Summary:
- Packed with real-world examples, this book simplifies cybersecurity, delves into malware development, and serves as a must-read for advanced ethical hackers Key Features Learn how to develop and program Windows malware applications using hands-on examples Explore methods to bypass security mechanisms and make malware undetectable on compromised systems Understand the tactics and tricks of real adversaries and APTs and apply their experience in your operations Purchase of the print or Kindle book includes a free PDF eBook Book Description Malware Development for Ethical Hackers is a comprehensive guide to the dark side of cybersecurity within an ethical context. This book takes you on a journey through the intricate world of malware development, shedding light on the techniques and strategies employed by cybercriminals. As you progress, you'll focus on the ethical considerations that ethical hackers must uphold. You'll also gain practical experience in creating and implementing popular techniques encountered in real-world malicious applications, such as Carbanak, Carberp, Stuxnet, Conti, Babuk, and BlackCat ransomware. This book will also equip you with the knowledge and skills you need to understand and effectively combat malicious software. By the end of this book, you'll know the secrets behind malware development, having explored the intricate details of programming, evasion techniques, persistence mechanisms, and more. What you will learn Familiarize yourself with the logic of real malware developers for cybersecurity Get to grips with the development of malware over the years using examples Understand the process of reconstructing APT attacks and their techniques Design methods to bypass security mechanisms for your red team scenarios Explore over 80 working examples of malware Get to grips with the close relationship between mathematics and modern malware Who this book is for This book is for penetration testers, exploit developers, ethical hackers, red teamers, and offensive security researchers. Anyone interested in cybersecurity and ethical hacking will also find this book helpful. Familiarity with core ethical hacking and cybersecurity concepts will help you understand the topics discussed in this book more easily.
- Contents:
- Cover
- Title Page
- Copyright and Credits
- Contributors
- Table of Contents
- Preface
- Part 1: Malware Behavior: Injection, Persistence, and Privilege Escalation Techniques
- Chapter 1: Quick Introduction to Malware Development
- Technical requirements
- What is malware development?
- A simple example
- Unpacking malware functionality and behavior
- Types of malware
- Reverse shells
- Practical example: reverse shell
- Practical example: reverse shell for Windows
- Demo
- Leveraging Windows internals for malware development
- Practical example
- Exploring PE-file (EXE and DLL)
- The art of decieving a victim's systems
- Summary
- Chapter 2: Exploring Various Malware Injection Attacks
- Traditional injection approaches - code and DLL
- Code injection example
- DLL injection
- DLL injection example
- Exploring hijacking techniques
- DLL hijacking
- Understanding APC injection
- A practical example of APC injection
- A practical example of APC injection via NtTestAlert
- Mastering API hooking techniques
- What is API hooking?
- Chapter 3: Mastering Malware Persistence Mechanisms
- Classic path: registry Run Keys
- Leveraging registry keys utilized by Winlogon process
- A practical example
- Implementing DLL search order hijacking for persistence
- Exploiting Windows services for persistence
- Hunting for persistence: exploring non-trivial loopholes
- How to find new persistence tricks
- Chapter 4: Mastering Privilege Escalation on Compromised Systems
- Manipulating access tokens
- Windows tokens
- Local administrator
- SeDebugPrivilege.
- A simple example
- Impersonate
- Password stealing
- Leveraging DLL search order hijacking and supply chain attacks
- Circumventing UAC
- fodhelper.exe
- Part 2: Evasion Techniques
- Chapter 5: Anti-Debugging Tricks
- Detecting debugger presence
- Practical example 1
- Practical example 2
- Spotting breakpoints
- Identifying flags and artifacts
- ProcessDebugFlags
- Chapter 6: Navigating Anti-Virtual Machine Strategies
- Filesystem detection techniques
- VirtualBox machine detection
- Approaches to hardware detection
- Checking the HDD
- Time-based sandbox evasion techniques
- Identifying VMs through the registry
- Chapter 7: Strategies for Anti-Disassembly
- Popular anti-disassembly techniques
- Exploring the function control problem and its benefits
- Obfuscation of the API and assembly code
- Crashing malware analysis tools
- Chapter 8: Navigating the Antivirus Labyrinth - a Game of Cat and Mouse
- Understanding the mechanics of antivirus engines
- Static detection
- Heuristic detection
- Dynamic heuristic analysis
- Behavior analysis
- Evasion static detection
- Evasion dynamic analysis
- Circumventing the Antimalware Scan Interface (AMSI)
- Advanced evasion techniques
- Syscalls
- Syscall ID
- Userland hooking
- Direct syscalls
- Bypassing EDR
- Summary.
- Part 3: Math and Cryptography in Malware
- Chapter 9: Exploring Hash Algorithms
- Understanding the role of hash algorithms in malware
- Cryptographic hash functions
- Applying hashing in malware analysis
- A deep dive into common hash algorithms
- MD5
- SHA-1
- Bcrypt
- Practical use of hash algorithms in malware
- Hashing WINAPI calls
- MurmurHash
- Chapter 10: Simple Ciphers
- Introduction to simple ciphers
- Caesar cipher
- ROT13 cipher
- ROT47 cipher
- Decrypting malware - a practical implementation of simple ciphers
- ROT13
- ROT47
- The power of the Base64 algorithm
- Base64 in practice
- Chapter 11: Unveiling Common Cryptography in Malware
- Overview of common cryptographic techniques in malware
- Encryption resources such as configuration files
- Cryptography for secure communication
- Payload protection - cryptography for obfuscation
- Chapter 12: Advanced Math Algorithms and Custom Encoding
- Exploring advanced math algorithms in malware
- Tiny encryption algorithm (TEA)
- A5/1
- Madryga algorithm
- The use of prime numbers and modular arithmetic in malware
- Implementing custom encoding techniques
- Elliptic curve cryptography (ECC) and malware
- Part 4: Real-World Malware Examples
- Chapter 13: Classic Malware Examples
- Historical overview of classic malware
- Early malware
- The 1980s-2000s - the era of worms and mass propagation
- Malware of the 21st century
- Modern banking Trojans
- The evolution of ransomware
- Analysis of the techniques used by classic malware.
- Evolution and impact of classic malware
- Lessons learned from classic malware
- Chapter 14: APT and Cybercrime
- Introduction to APTs
- The birth of APTs - early 2000s
- Operation Aurora (2009)
- Stuxnet and the dawn of cyber-physical attacks (2010)
- The rise of nation-state APTs - mid-2010s onward
- What about the current landscape and future challenges?
- Characteristics of APTs
- Infamous examples of APTs
- APT28 (Fancy Bear) - the Russian cyber espionage
- APT29 (Cozy Bear) - the persistent intruder
- Lazarus Group - the multifaceted threat
- Equation Group - the cyber-espionage arm of the NSA
- Tailored Access Operations - the cyber arsenal of the NSA
- TTPs used by APTs
- Persistence via AppInit_DLLs
- Persistence by accessibility features
- Persistence by alternate data streams
- Chapter 15: Malware Source Code Leaks
- Understanding malware source code leaks
- The Zeus banking Trojan
- Carberp
- Carbanak
- Other famous malware source code leaks
- The impact of source code leaks on the malware development landscape
- Zeus
- Significant examples of malware source code leaks
- Chapter 16: Ransomware and Modern Threats
- Introduction to ransomware and modern threats
- Analysis of ransomware techniques
- Conti
- Hello Kitty
- Case studies of notorious ransomware and modern threats
- Case study one: WannaCry ransomware attack
- Case study two: NotPetya ransomware attack
- Case study three: GandCrab ransomware
- Case study four: Ryuk ransomware
- Modern threats
- Mitigation and recovery strategies
- Index
- Other Books You May Enjoy.
- Notes:
- Includes index.
- Description based on publisher supplied metadata and other sources.
- Description based on print version record.
- ISBN:
- 9781801076975
- 1801076979
- OCLC:
- 1437273132
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.