Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Malware Analysis Techniques
Malware Analysis Techniques

Malware Analysis Techniques: Tricks for the triage of adversarial software

eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Malware Analysis Techniques

Chapter 1: Creating and Maintaining your Detonation Environment

Malware can be slippery, difficult to dissect, and prone to escapism. As malware analysts, however, we frequently find ourselves in a position where it's necessary to be able to both examine the binaries and samples we come across, as well as actively run the samples and observe their behavior in a semi-live environment. Observing how the malware behaves within a real-world OS informs us as analysts how to better defend and remediate infections of the same kind we come across.

Such needs present several challenges:

  • How do we execute and study malicious code while ensuring our real environments remain safe and we do not assist the malware authors in propagating their code?
  • What tools do we require to ensure that we're able to adequately study the malware?
  • How do we achieve the two aforementioned goals in a repeatable fashion so that we do not have to rebuild our environment after every piece of malware we study?

In this chapter, we'll review how it's possible to set up a VM specifically for the purposes of analyzing adversarial code, while simultaneously ensuring that we remain on good terms with our friends in Systems Administration, and do not spread our samples across the network, thereby defeating the purposes of our analysis.

In this chapter, we'll cover the following topics:

  • Setting up VMware Workstation with Windows 10
  • Tooling installation – FLARE
  • Isolating your environment
  • Maintenance and snapshotting

Technical requirements

The following are the requirements for this chapter:

Setting up VirtualBox with Windows 10

An excellent tool, which is also free (as in beer), is Oracle's VirtualBox. We'll utilize this software package to create our malware analysis environment with a Windows 10 VM.

To begin, we'll navigate to the VirtualBox download page, which can be found at https://virtualbox.org/wiki/downloads. The page should look like the one shown in the following screenshot:

Figure 1.1 – Downloading VirtualBox for macOS, Windows, and Linux

Figure 1.1 – Downloading VirtualBox for macOS, Windows, and Linux

Let's now move on to downloading and installing VirtualBox.

Downloading and verifying VirtualBox

Here, we can select our host OS, with Linux, macOS, and Windows all supported platforms. In this instance, the process will be completed in macOS, but post-installation, the steps are largely the same, and generally platform-agnostic. Begin by selecting your host OS and downloading the latest package for VirtualBox.

As with downloading any binary or package from the internet, it is an excellent idea to ensure that the download is neither corrupt nor has been tampered with during transit.

Thankfully, Oracle provides pre-computed SHA256 sums of their packages, and we can use sha256sum on either Linux or Mac to ascertain whether we have the correct package:

Figure 1.2 – The SHA256 sum of the downloaded file

Figure 1.2 – The SHA256 sum of the downloaded file

Once we have computed the SHA256 in our terminal, we can compare it to known hashes on the VirtualBox page found at https://www.virtualbox.org/download/hashes/6.1.12/SHA256SUMS. Here, we can see that we have a matching hash and can proceed with the installation:

Figure 1.3 – The list of known good hashes published for VirtualBox's installer packages

Figure 1.3 – The list of known good hashes published for VirtualBox's installer packages

Installing Windows 10

Once you have gone through the installation steps for VirtualBox on your platform and have run the application, you'll be presented with the following screen. We can now begin building our environment:

Figure 1.4 – The VirtualBox main screen

Figure 1.4 – The VirtualBox main screen

In order to create our malware analysis environment, it will be necessary to have a Windows 10 installation ISO. If you do not already have a Windows 10 ISO, one may be obtained from Microsoft at https://www.microsoft.com/en-us/software-download/windows10. You will be required to purchase a license key in order to activate your copy of Windows:

  1. To begin creating our VM, we'll click the New button in VirtualBox, as seen in the following screenshot:
    Figure 1.5 – Click New to begin creating your analysis VM

    Figure 1.5 – Click New to begin creating your analysis VM

  2. Clicking the New button will reveal a new pane requiring several selections. Here, we'll want to select Windows 10 (64-bit). The machine may be named anything of your choosing. Once these fields are filled in, click Continue:
    Figure 1.6 – Name your VM and select the proper OS configuration

    Figure 1.6 – Name your VM and select the proper OS configuration

    At this point, VirtualBox will guide you through several steps. Proceed with the defaults here – no additional customization is necessary for our use case, with one exception: if you have sufficient memory on your host machine, strongly consider changing the memory to 4,096 MB for a smoother experience (and to bypass some possible anti-analysis techniques! More on this later).

  3. Once done with the creation of the VM, we are dropped back at our initial screen with a VM available to us. However, it is necessary to specify the ISO file that the VM's OS should be installed from. For this, highlight the VM we've just created, and click Settings, as shown in the following screenshot:
    Figure 1.7 – Click the Settings button in VirtualBox's main pane

    Figure 1.7 – Click the Settings button in VirtualBox's main pane

  4. A new pane will be presented that outlines the many settings currently applied to the VM. Here, we'll select Storage, and then the compact disc icon in the tree. From here, we can click the browse icon and then select the applicable ISO for installation. Then, click OK:
    Figure 1.8 – Selecting the virtual optical disk file

    Figure 1.8 – Selecting the virtual optical disk file

  5. Once the applicable ISO has been loaded, it's time to boot the VM and begin installation of Windows. To do this, simply highlight the VM you have created and then select Start:
    Figure 1.9 – Clicking the Start button will launch our analysis VM

    Figure 1.9 – Clicking the Start button will launch our analysis VM

    If everything has been done correctly to this point, the VM will boot and a Windows 10 installation screen will appear! Here, we can click Next and then proceed as usual through our Windows 10 installation steps:

    Figure 1.10 – Select the appropriate language and keyboard layout for your region

    Figure 1.10 – Select the appropriate language and keyboard layout for your region

  6. We'll continue by creating a new partition and begin our installation as shown in the following screenshot:
    Figures 1.11 – Create a new partition by utilizing the New button

    Figures 1.11 – Create a new partition by utilizing the New button

    Once this is finished, a Windows installation screen will appear. Please wait for it to finish:

    Figure 1.12 – Installation of Windows 10

    Figure 1.12 – Installation of Windows 10

  7. Once the installation of Windows has completed, a screen will appear asking for a username to be utilized, along with a corresponding password:

    Analysis tip

    It is highly advisable to make the password entirely unique to the instance in which we are working. Malware often steals passwords for reuse in further campaigns or operations.

    Figure 1.13 – Choose a totally unique password for this VM

    Figure 1.13 – Choose a totally unique password for this VM

  8. Once the user has been created, Windows will prompt for a few more settings related to privacy – which you may answer how you choose:
Figure 1.14 – Windows 10's privacy settings

Figure 1.14 – Windows 10's privacy settings

Analysis tip

You may consider replicating the settings pictured here. While disabling Windows 10 telemetry isn't required, you may not want to deliver data to Microsoft over the internet if you're utilizing it to analyze sensitive samples.

Once all the selections have been completed, Windows will perform a number of final initialization steps for the OS and drop you at the desktop!

Installing the FLARE VM package

Before the critical step of isolating our VM from the outside world can be undertaken, tools that require the internet to be downloaded must first be loaded on the VM. Our brand-new VM would be largely useless to us without the requisite tools utilized by malware analysts to glean information, of which there are a multitude.

Thankfully, the folks at FireEye have created a wonderful installation package called FLARE VM, a PowerShell script that can automatically download and install nearly every tool a malware analyst would need. The script is publicly available on GitHub at the following address: https://github.com/fireeye/flare-vm. This script will save a great deal of tedium and allow us to instantly install the necessary tooling:

Figure 1.15 – Downloading the FLARE VM package from GitHub

Figure 1.15 – Downloading the FLARE VM package from GitHub

Once you have downloaded the ZIP file containing the repository for FLARE VM, right-click the ZIP archive and extract it. Once extracted, you'll be presented with a directory containing several files, including a .ps1 script. From here, we can begin the tooling installation process.

To begin the tooling installation process, it is first necessary that we obtain an administrative console in PowerShell. To do so, we can utilize WinKey + X, which presents the option to open a Windows PowerShell prompt as an administrator:

Figure 1.16 – Administrative PowerShell option in the Start menu

Figure 1.16 – Administrative PowerShell option in the Start menu

Once the administrative shell has been obtained, starting the installation is a matter of two commands issued in a single line:

cd C:\Users\$Your_Username\Downloads\flare-vm-master\flare-vm-master; powershell.exe -ExecutionPolicy Bypass -File .\Install.ps1

With these commands issued, FLARE's Chocolatey-based installer will take over and prompt for credentials stored as secure strings. Once these credentials are entered, the installation will proceed, rebooting the VM several times, and logging in automatically following each reboot. No further action is required on our part during the installation:

Figure 1.17 – FLARE's install.ps1 prompting for credentials

Figure 1.17 – FLARE's install.ps1 prompting for credentials

Analysis tip

FLARE installs a lot of tools. It may take quite a while to install, depending on the speed of your internet connection. It would be wise to utilize this time to make a sandwich, relax, or catch up on your favorite TV show.

Once the entire process has been completed, you'll be presented with the following desktop:

Figure 1.18 – The FLARE VM desktop

Figure 1.18 – The FLARE VM desktop

Several changes are apparent here. First, we have a FLARE folder, which is chock full of great malware analysis and dissection tools.

Additionally, you have the official FLARE VM wallpaper. Our malware analysis workstation is now set up and very nearly ready to go!

Isolating your environment

With our tooling installed, we no longer require internet access for most malware analysis. Analysis with a VM connected to the internet can pose several risks and should be avoided unless absolutely necessary. Risks associated with exposing your VM to the internet include the following:

  • Allowing attackers to directly interact with the target machine via command and control
  • Assisting in the wider propagation of worming malware to your network or others
  • Accidentally participating in illegal activities such as DDoS as a zombie, being utilized as a proxy for further hacking of targets, and more

For these reasons, it's important that we set our VM to be isolated by default and only expose it to the internet if absolutely necessary in order to further understand our malware. And even in instances such as these, take proper precautions.

Isolating your VM is a simple process, and only requires a few clicks. As before, we'll highlight our VM in VirtualBox, and then click the Settings icon as shown in the following screenshot:

Figure 1.19 – VirtualBox's Settings button will take you to the Settings pane

Figure 1.19 – VirtualBox's Settings button will take you to the Settings pane

With the Settings pane open, navigate to the Network pane. Here, we can select Host-only Adapter. This will limit the VM's network communication to just the host and prevent the spread of malware via the network to more sensitive endpoints.

Thankfully, other host isolation features such as Shared Folders and Shared Clipboard access are off by default in VirtualBox and do not require further configuration for VM isolation:

Figure 1.20 – Setting up Host-only Adapter

Figure 1.20 – Setting up Host-only Adapter

A word on executing with network activity

Occasionally, when examining malware samples, it is impossible to proceed without having an internet-connected VM. Droppers responsible for writing malware to disk often reach out to staging servers on the internet to download secondary stages, as opposed to writing them directly to disk from memory.

This can pose a challenge to an isolated VM and prevent an analyst from fully studying the execution of malware within an environment. Fortunately, it's possible to determine whether this access is required with a number of tools prior to enabling network access for your VM. These tools will be covered further in Chapter 3, Dynamic Analysis – Techniques and Tooling.

While VirtualBox does not necessarily have built-in mechanisms for safely executing in this manner, it's highly recommended that a separate network be set up, either physically or via a VLAN, for any dynamic malware analysis that requires network connectivity in order to function properly.

Maintenance and snapshotting

Now that the basis for the malware analysis VM has been set up, the tools installed, and everything is ready to go, it is important to ensure that the work does not have to be repeated each time we would like to dynamically analyze a new piece of malware.

If we simply detonated each piece of malware on top of the previous samples, it would confuse our indicators of compromise (IOCs), and we would likely be unable to tell what the result of a previous piece of malware was, what the result of the piece we were analyzing was, and what was just normal system activity.

VirtualBox has a built-in feature that has us covered – Snapshots. A snapshot is exactly as it sounds – a moment-in-time representation of how the VM's filesystem, registry, and other features existed precisely when that snapshot was taken. It allows an analyst to revert a VM to a time before it was purposely infected with malware.

To take a golden-image snapshot of our newly created malware analysis VM, we'll navigate to VirtualBox's main menu, click the hamburger button just to the right of our VM name, and then click Snapshots:

Figure 1.21 – The Snapshots pane to take, manage, and delete any snapshot taken of your VM

Figure 1.21 – The Snapshots pane to take, manage, and delete any snapshot taken of your VM

Once clicked, the snapshot pane opens, presenting us with the option to take a current snapshot and name it:

Analysis tip

It's best to have highly descriptive snapshot names so that you aren't left guessing and restoring snapshots blindly in an attempt to find the correct one.

Figure 1.22 – Taking our first snapshot

Figure 1.22 – Taking our first snapshot

When OK is clicked, the VM will pause for a few moments to take an image of the moment-in-time configuration and save it for later restoration. Once complete, we'll be able to see our snapshot in the list of available restore points in VirtualBox, as shown in the following screenshot:

Figure 1.23 – The snapshots panel in VirtualBox

Figure 1.23 – The snapshots panel in VirtualBox

Congratulations! You've created your malware analysis VM and ensured that we can continue to use it even after we detonate malware in it several times, returning it to its previous state with the click of a button.

Welcome to your home for the next 10 chapters.

Analysis tip

Snapshots aren't only great for keeping your VM clean! Initial vectors of malware (such as droppers) no longer work after a given period of time. If you have an infected instance of your VM that you think you'd like to study in the future and are unsure whether you'd be able to re-infect it, take a snapshot!

Summary

In this chapter, we've performed a basic setup of our malware analysis environment and built the foundation of what we will utilize to inspect adversarial software over the course of the book.

During this chapter, we have completed the construction of our analysis environment, including the downloading and installation of VirtualBox, the isolation of our host, and the installation of critical tools for our analysis via the FLARE VM package. With this built, we can now move on to the next chapter, where we will be inspecting and understanding live malware samples!

Left arrow icon Right arrow icon
Download code icon Download Code

Description

Malicious software poses a threat to every enterprise globally. Its growth is costing businesses millions of dollars due to currency theft as a result of ransomware and lost productivity. With this book, you'll learn how to quickly triage, identify, attribute, and remediate threats using proven analysis techniques. Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking. Finally, you'll get to grips with common tooling utilized by professional malware analysts and understand the basics of reverse engineering with the NSA's Ghidra platform. By the end of this malware analysis book, you’ll be able to perform in-depth static and dynamic analysis and automate key tasks for improved defense against attacks.

Who is this book for?

This book is for incident response professionals, malware analysts, and researchers who want to sharpen their skillset or are looking for a reference for common static and dynamic analysis techniques. Beginners will also find this book useful to get started with learning about malware analysis. Basic knowledge of command-line interfaces, familiarity with Windows and Unix-like filesystems and registries, and experience in scripting languages such as PowerShell, Python, or Ruby will assist with understanding the concepts covered.

What you will learn

  • Discover how to maintain a safe analysis environment for malware samples
  • Get to grips with static and dynamic analysis techniques for collecting IOCs
  • Reverse-engineer and debug malware to understand its purpose
  • Develop a well-polished workflow for malware analysis
  • Understand when and where to implement automation to react quickly to threats
  • Perform malware analysis tasks such as code analysis and API inspection

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 18, 2021
Length: 282 pages
Edition : 1st
Language : English
ISBN-13 : 9781839212277
Category :
Languages :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 18, 2021
Length: 282 pages
Edition : 1st
Language : English
ISBN-13 : 9781839212277
Category :
Languages :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 125.97
Privilege Escalation Techniques
€41.99
Adversarial Tradecraft in Cybersecurity
€41.99
Malware Analysis Techniques
€41.99
Total 125.97 Stars icon
Banner background image

Table of Contents

16 Chapters
Section 1: Basic Techniques Chevron down icon Chevron up icon
Chapter 1: Creating and Maintaining your Detonation Environment Chevron down icon Chevron up icon
Chapter 2: Static Analysis – Techniques and Tooling Chevron down icon Chevron up icon
Chapter 3: Dynamic Analysis – Techniques and Tooling Chevron down icon Chevron up icon
Chapter 4: A Word on Automated Sandboxing Chevron down icon Chevron up icon
Section 2: Debugging and Anti-Analysis – Going Deep Chevron down icon Chevron up icon
Chapter 5: Advanced Static Analysis – Out of the White Noise Chevron down icon Chevron up icon
Chapter 6: Advanced Dynamic Analysis – Looking at Explosions Chevron down icon Chevron up icon
Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill Chevron down icon Chevron up icon
Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube Chevron down icon Chevron up icon
Section 3: Reporting and Weaponizing Your Findings Chevron down icon Chevron up icon
Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense Chevron down icon Chevron up icon
Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK Chevron down icon Chevron up icon
Section 4: Challenge Solutions Chevron down icon Chevron up icon
Chapter 11: Challenge Solutions Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(9 Ratings)
5 star 77.8%
4 star 22.2%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Kindle Customer Apr 05, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is excellent. It gives a good detailed guide to what Malware is, the different types, and how to effectively analyze it. The book gives a great hands on approach with the theory not being overwhelming at all. Highly recommend.
Amazon Verified review Amazon
Britt Adams Jun 22, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I hope to have more time soon to finish going through the exercises.
Amazon Verified review Amazon
Amazon Customer Jul 05, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I've always had an interest in malware analysis being a security analyst. Until now I tried to get into multiple malware analysis books but lost interest as most of them are not beginner friendly. This book is surely an exception. It take you from setting up an VM and static analysis to dynamic analysis, touches the concepts of reverse engineering and then using the IOCs for defense. The best part is how Dylan makes it easy for newbies to understand these concepts which once were so scary. I must say every security analyst and those who are interested in malware analysis should read it once.
Amazon Verified review Amazon
WideLineman Sep 10, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Book really teaches you how to put together a safe analysis environment and gives you great insight on developing an analysis workflow. I'm highly satisfied with this purchase.
Amazon Verified review Amazon
PJS Jul 25, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Dylan Barker clearly illustrates everything you need to know. This is the best malware analysis book you can buy!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.