舉報 
會員
Mastering Reverse Engineering
Ifyouwanttoanalyzesoftwareinordertoexploititsweaknessesandstrengthenitsdefenses,thenyoushouldexplorereverseengineering.ReverseEngineeringisahackerfriendlytoolusedtoexposesecurityflawsandquestionableprivacypractices.Inthisbook,youwilllearnhowtoanalysesoftwareevenwithouthavingaccesstoitssourcecodeordesigndocuments.Youwillstartoffbylearningthelow-levellanguageusedtocommunicatewiththecomputerandthenmoveontocoveringreverseengineeringtechniques.Next,youwillexploreanalysistechniquesusingreal-worldtoolssuchasIDAProandx86dbg.Asyouprogressthroughthechapters,youwillwalkthroughusecasesencounteredinreverseengineering,suchasencryptionandcompression,usedtoobfuscatecode,andhowtotoidentifyandovercomeanti-debuggingandanti-analysistricks.Lastly,youwilllearnhowtoanalyseothertypesoffilesthatcontaincode.Bytheendofthisbook,youwillhavetheconfidencetoperformreverseengineering.
目錄(271章)
倒序
- coverpage
- Title Page
- Packt Upsell
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Preparing to Reverse
- Reverse engineering
- Technical requirements
- Reverse engineering as a process
- Seeking approval
- Static analysis
- Dynamic analysis
- Low-level analysis
- Reporting
- Tools
- Binary analysis tools
- Disassemblers
- Debuggers
- Monitoring tools
- Decompilers
- Malware handling
- Basic analysis lab setup
- Our setup
- Samples
- Summary
- Identification and Extraction of Hidden Components
- Technical requirements
- The operating system environment
- The filesystem
- Memory
- The registry system
- Typical malware behavior
- Persistence
- Run keys
- Load and Run values
- Startup values
- The Image File Execution Options key
- Malware delivery
- Instant messenger
- The computer network
- Media storage
- Exploits and compromised websites
- Software piracy
- Malware file properties
- Payload – the evil within
- Tools
- Autoruns
- The Process explorer
- Summary
- Further reading
- The Low-Level Language
- Technical requirements
- Binary numbers
- Bases
- Converting between bases
- Binary arithmetic
- Signed numbers
- x86
- Registers
- Memory addressing
- Endianness
- Basic instructions
- Opcode bytes
- Copying data
- MOV and LEA
- Arithmetic operations
- Addition and subtraction
- Increment and decrement instructions
- Multiplication and division instructions
- Other signed operations
- Bitwise algebra
- Control flow
- Stack manipulation
- Tools – builder and debugger
- Popular assemblers
- MASM
- NASM
- FASM
- x86 Debuggers
- WinDbg
- Ollydebug
- x64dbg
- Hello World
- Installation of FASM
- It works!
- Dealing with common errors when building
- Dissecting the program
- After Hello
- Calling APIs
- Common Windows API libraries
- Short list of common API functions
- Debugging
- Summary
- Further reading
- Static and Dynamic Reversing
- Assessment and static analysis
- Static analysis
- File types and header analysis
- Extracting useful information from file
- PEid and TrID
- python-magic
- file
- MASTIFF
- Other information
- PE executables
- Deadlisting
- IDA (Interactive Disassembler)
- Decompilers
- ILSpy – C# Decompiler
- Dynamic analysis
- Memory regions and the mapping of a process
- Process and thread monitoring
- Network traffic
- Monitoring system changes
- Post-execution differences
- Debugging
- Try it yourself
- Summary
- References
- Tools of the Trade
- Analysis environments
- Virtual machines
- Windows
- Linux
- Information gathering tools
- File type information
- Hash identifying
- Strings
- Monitoring tools
- Default command-line tools
- Disassemblers
- Debuggers
- Decompilers
- Network tools
- Editing tools
- Attack tools
- Automation tools
- Software forensic tools
- Automated dynamic analysis
- Online service sites
- Summary
- RE in Linux Platforms
- Setup
- Linux executable – hello world
- dlroW olleH
- What have we gathered so far?
- Dynamic analysis
- Going further with debugging
- A better debugger
- Setup
- Hello World in Radare2
- What is the password?
- Network traffic analysis
- Summary
- Further reading
- RE for Windows Platforms
- Technical requirements
- Hello World
- Learning about the APIs
- Keylogger
- regenum
- processlist
- Encrypting and decrypting a file
- The server
- What is the password?
- Static analysis
- A quick run
- Deadlisting
- Dynamic analysis with debugging
- Decompilers
- Summary
- Further reading
- Sandboxing - Virtualization as a Component for RE
- Emulation
- Emulation of Windows and Linux under an x86 host
- Emulators
- Analysis in unfamiliar environments
- Linux ARM guest in QEMU
- MBR debugging with Bochs
- Summary
- Further Reading
- Binary Obfuscation Techniques
- Data assembly on the stack
- Code assembly
- Encrypted data identification
- Loop codes
- Simple arithmetic
- Simple XOR decryption
- Assembly of data in other memory regions
- Decrypting with x86dbg
- Other obfuscation techniques
- Control flow flattening obfuscation
- Garbage code insertion
- Code obfuscation with a metamorphic engine
- Dynamic library loading
- Use of PEB information
- Summary
- Packing and Encryption
- A quick review on how native executables are loaded by the OS
- Packers crypters obfuscators protectors and SFX
- Packers or compressors
- Crypters
- Obfuscators
- Protectors
- SFX Self-extracting archives
- Unpacking
- The UPX tool
- Debugging though the packer
- Dumping processes from memory
- Memory dumping with VirtualBox
- Extracting the process to a file using Volatility
- How about an executable in its unpacked state?
- Other file-types
- Summary
- Anti-analysis Tricks
- Anti-debugging tricks
- IsDebuggerPresent
- Debug flags in the PEB
- Debugger information from NtQueryInformationProcess
- Timing tricks
- Passing code execution via SEH
- Causing exceptions
- A typical SEH setup
- Anti-VM tricks
- VM running process names
- Existence of VM files and directories
- Default MAC address
- Registry entries made by VMs
- VM devices
- CPUID results
- Anti-emulation tricks
- Anti-dumping tricks
- Summary
- Practical Reverse Engineering of a Windows Executable
- Things to prepare
- Initial static analysis
- Initial file information
- Deadlisting
- Debugging
- The unknown image
- Analysis summary
- Summary
- Further Reading
- Reversing Various File Types
- Analysis of HTML scripts
- MS Office macro analysis
- PDF file analysis
- SWF file analysis
- SWFTools
- FLASM
- Flare
- XXXSWF
- JPEXS SWF decompiler
- Summary
- Further reading
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-10 19:41:16
推薦閱讀
- Mobile Forensics Cookbook
- Kali Linux Social Engineering
- CSO進階之路:從安全工程師到首席安全官
- 信息系統安全檢測與風險評估
- 零信任網絡:在不可信網絡中構建安全系統
- 計算機病毒分析與防范大全(第3版)
- 安全實戰之滲透測試
- 網絡安全技術及應用(第3版)
- Building a Home Security System with BeagleBone
- 信息安全導論(第2版)
- 先進云安全研究與實踐
- VMware vCloud Security
- 網絡空間安全:拒絕服務攻擊檢測與防御
- 云計算安全防護技術
- Mastering Malware Analysis
- 復雜信息系統網絡安全體系建設指南
- 隱私保護機器學習
- ATT&CK與威脅獵殺實戰
- 5G網絡安全規劃與實踐
- 從實踐中學習TCP/IP協議
- 從實踐中學習Fiddler Web應用分析
- Burp Suite Essentials
- 互聯網金融法律與風險控制(第2版)
- 網絡安全運營服務能力指南(套裝共9冊)
- 華為防火墻技術漫談
- 漏洞
- Hands-On Enterprise Application Development with Python
- 互聯網安全建設從0到1
- 黑客揭秘與反黑實戰:基礎入門不求人
- 動手學差分隱私
