Preface
Malware Analysis Techniques covers several topics relating to the static and behavioral
analysis of malware in the quest to understand the behavior, abilities, and goals of
adversarial software. It provides technical walk-throughs and leverages several different
tools to this end.
The book seeks to make you more effective and faster at triaging and to help you gain
an understanding of the adversarial software you may come across – and how to better
defend an enterprise against it.
Who this book is for
Malware Analysis Techniques is for everyone – that is to say, the book covers things in such
a way that they should be easy to pick up for even a beginner analyst. The book is for those
who wish to break into malware analysis, those who wish to become more effective at
understanding malware, and those who wish to harden and defend their network against
adversarial software by understanding it.
A minimum technical knowledge of utilizing virtual machines and general computing
knowledge and the ability to use the command line are all that are required to get started.
What this book covers
Chapter 1, Creating and Maintaining Your Detonation Environment, provides a guide to
building your malware analysis lab.
Chapter 2, Static Analysis – Techniques and Tooling, provides an introduction to basic
analysis without execution.
Chapter 3, Dynamic Analysis – Techniques and Tooling, provides an introduction to basic
behavioral analysis.
Chapter 4, A Word on Automated Sandboxing, covers how to automate basic analysis
of malware.
Chapter 5, Advanced Static Analysis – Out of the White Noise, dives into more advanced
static analysis utilizing Ghidra and other tooling.
Chapter 6, Advanced Dynamic Analysis – Looking at Explosions, provides a closer look at
advanced behavioral analysis techniques.
Chapter 7, Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill, provides
a look at how malware may attempt to misdirect analysis efforts.
Chapter 8, De-Obfuscation – Putting the Toothpaste Back in the Tube, covers analysis,
de-obfuscation, and the triage of malicious droppers and scripts.
Chapter 9, The Reverse Card – Weaponization of IOCs and OSINT for Defense, covers how
intelligence gained during analysis may be leveraged to defend the network.
Chapter 10, Malicious Functionality – Mapping Your Sample’s Behavior against MITRE
ATT&CK, covers leveraging the ATT&CK framework to communicate malicious
capability and write concise, efficacious reports.
Chapter 11, Challenge Solutions, covers the challenges that have been posed throughout
the book in several of the chapters.
