You're reading from Mastering Malware Analysis A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks

Product type Paperback

Published in Sep 2022

Publisher Packt

ISBN-13 9781803240244

Length 572 pages

Edition 2nd Edition

Concepts

Malware Analysis

Authors (2):

Amr Thabet

Alexey Kleymenov

Preface

1. Part 1 Fundamental Theory

2. Chapter 1: Cybercrime, APT Attacks, and Research Strategies FREE CHAPTER

3. Chapter 2: A Crash Course in Assembly and Programming Basics

4. Part 2 Diving Deep into Windows Malware

5. Chapter 3: Basic Static and Dynamic Analysis for x86/x64

6. Chapter 4: Unpacking, Decryption, and Deobfuscation

7. Chapter 5: Inspecting Process Injection and API Hooking

8. Chapter 6: Bypassing Anti-Reverse Engineering Techniques

9. Chapter 7: Understanding Kernel-Mode Rootkits

10. Part 3 Examining Cross-Platform and Bytecode-Based Malware

11. Chapter 8: Handling Exploits and Shellcode

12. Chapter 9: Reversing Bytecode Languages – .NET, Java, and More

13. Chapter 10: Scripts and Macros – Reversing, Deobfuscation, and Debugging

14. Part 4 Looking into IoT and Other Platforms

15. Chapter 11: Dissecting Linux and IoT Malware

16. Chapter 12: Introduction to macOS and iOS Threats

17. Chapter 13: Analyzing Android Malware Samples

18. Index

19. Other Books You May Enjoy

The analysis workflow

When analyzing malware that is targeting Apple systems (whether it be macOS or iOS), the following workflow can be used:

Understand the available indicators of a compromise. Is it possible that they are related to an activity that doesn’t involve the usage of malicious code?
Once the candidate for a malicious sample is identified, start by obtaining it and any related files and performing static analysis.
If there are multiple files available within one bundle, find out which one is supposed to be executed first. Generally, it is defined in the Info.plist file in the CFBundleExecutable field. Also, check the executable that has the same name as the bundle, but without the .app extension.
Carefully review the strings and import functions present in binary payloads, as they may offer some insight into the malware’s functionality. Pay particular attention to the import functions mentioned in the File formats and APIs section and...

The rest of the chapter is locked