Info
The Antivirus hacker's handbook / / Joxean Koret, Elias Bachaalany
| The Antivirus hacker's handbook / / Joxean Koret, Elias Bachaalany |
| Autore | Koret Joxean |
| Edizione | [First edition.] |
| Pubbl/distr/stampa | Indianapolis, IN : , : John Wiley and Sons, , [2015] |
| Descrizione fisica | 1 online resource (384 p.) |
| Disciplina | 005.84 |
| Soggetto topico |
Hackers
Computer viruses |
| ISBN |
1-119-18352-9
1-119-02878-7 1-119-02876-0 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Title Page; Copyright; Contents; Introduction; Part I Antivirus Basics; Chapter 1 Introduction to Antivirus Software; What Is Antivirus Software?; Antivirus Software: Past and Present; Antivirus Scanners, Kernels, and Products; Typical Misconceptions about Antivirus Software; Antivirus Features; Basic Features; Making Use of Native Languages; Scanners; Signatures; Compressors and Archives; Unpackers; Emulators; Miscellaneous File Formats; Advanced Features; Packet Filters and Firewalls; Self-Protection; Anti-Exploiting; Summary; Chapter 2 Reverse-Engineering the Core
Reverse-Engineering ToolsCommand-Line Tools versus GUI Tools; Debugging Symbols; Tricks for Retrieving Debugging Symbols; Debugging Tricks; Backdoors and Configuration Settings; Kernel Debugging; Debugging User-Mode Processes with a Kernel-Mode Debugger; Analyzing AV Software with Command-Line Tools; Porting the Core; A Practical Example: Writing Basic Python Bindings for Avast for Linux; A Brief Look at Avast for Linux; Writing Simple Python Bindings for Avast for Linux; The Final Version of the Python Bindings; A Practical Example: Writing Native C/C++ Tools for Comodo Antivirus for Linux Other Components Loaded by the KernelSummary; Chapter 3 The Plug-ins System; Understanding How Plug-ins Are Loaded; A Full-Featured Linker in Antivirus Software; Understanding Dynamic Loading; Advantages and Disadvantages of the Approaches for Packaging Plug-ins; Types of Plug-ins; Scanners and Generic Routines; File Format and Protocol Support; Heuristics; Bayesian Networks; Bloom Filters; Weights-Based Heuristics; Some Advanced Plug-ins; Memory Scanners; Non-native Code; Scripting Languages; Emulators; Summary; Chapter 4 Understanding Antivirus Signatures; Typical Signatures; Byte-Streams ChecksumsCustom Checksums; Cryptographic Hashes; Advanced Signatures; Fuzzy Hashing; Graph-Based Hashes for Executable Files; Summary; Chapter 5 The Update System; Understanding the Update Protocols; Support for SSL/TLS; Verifying the Update Files; Dissecting an Update Protocol; When Protection Is Done Wrong; Summary; Part II Antivirus Software Evasion; Chapter 6 Antivirus Software Evasion; Who Uses Antivirus Evasion Techniques?; Discovering Where and How Malware Is Detected; Old Tricks for Determining Where Malware Is Detected: Divide and Conquer Evading a Simple Signature-Based Detection with the Divide and Conquer TrickBinary Instrumentation and Taint Analysis; Summary; Chapter 7 Evading Signatures; File Formats: Corner Cases and Undocumented Cases; Evading a Real Signature; Evasion Tips and Tricks for Specific File Formats; PE Files; JavaScript; String Encoding; Executing Code on the Fly; Hiding the Logic: Opaque Predicates and Junk Code; PDF; Summary; Chapter 8 Evading Scanners; Generic Evasion Tips and Tricks; Fingerprinting Emulators; Advanced Evasion Tricks; Taking Advantage of File Format Weaknesses Using Anti-emulation Techniques |
| Record Nr. | UNINA-9910131650203321 |
Koret Joxean
|
||
| Indianapolis, IN : , : John Wiley and Sons, , [2015] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
The Antivirus hacker's handbook / / Joxean Koret, Elias Bachaalany
| The Antivirus hacker's handbook / / Joxean Koret, Elias Bachaalany |
| Autore | Koret Joxean |
| Edizione | [First edition.] |
| Pubbl/distr/stampa | Indianapolis, IN : , : John Wiley and Sons, , [2015] |
| Descrizione fisica | 1 online resource (384 p.) |
| Disciplina | 005.84 |
| Soggetto topico |
Hackers
Computer viruses |
| ISBN |
1-119-18352-9
1-119-02878-7 1-119-02876-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Title Page; Copyright; Contents; Introduction; Part I Antivirus Basics; Chapter 1 Introduction to Antivirus Software; What Is Antivirus Software?; Antivirus Software: Past and Present; Antivirus Scanners, Kernels, and Products; Typical Misconceptions about Antivirus Software; Antivirus Features; Basic Features; Making Use of Native Languages; Scanners; Signatures; Compressors and Archives; Unpackers; Emulators; Miscellaneous File Formats; Advanced Features; Packet Filters and Firewalls; Self-Protection; Anti-Exploiting; Summary; Chapter 2 Reverse-Engineering the Core
Reverse-Engineering ToolsCommand-Line Tools versus GUI Tools; Debugging Symbols; Tricks for Retrieving Debugging Symbols; Debugging Tricks; Backdoors and Configuration Settings; Kernel Debugging; Debugging User-Mode Processes with a Kernel-Mode Debugger; Analyzing AV Software with Command-Line Tools; Porting the Core; A Practical Example: Writing Basic Python Bindings for Avast for Linux; A Brief Look at Avast for Linux; Writing Simple Python Bindings for Avast for Linux; The Final Version of the Python Bindings; A Practical Example: Writing Native C/C++ Tools for Comodo Antivirus for Linux Other Components Loaded by the KernelSummary; Chapter 3 The Plug-ins System; Understanding How Plug-ins Are Loaded; A Full-Featured Linker in Antivirus Software; Understanding Dynamic Loading; Advantages and Disadvantages of the Approaches for Packaging Plug-ins; Types of Plug-ins; Scanners and Generic Routines; File Format and Protocol Support; Heuristics; Bayesian Networks; Bloom Filters; Weights-Based Heuristics; Some Advanced Plug-ins; Memory Scanners; Non-native Code; Scripting Languages; Emulators; Summary; Chapter 4 Understanding Antivirus Signatures; Typical Signatures; Byte-Streams ChecksumsCustom Checksums; Cryptographic Hashes; Advanced Signatures; Fuzzy Hashing; Graph-Based Hashes for Executable Files; Summary; Chapter 5 The Update System; Understanding the Update Protocols; Support for SSL/TLS; Verifying the Update Files; Dissecting an Update Protocol; When Protection Is Done Wrong; Summary; Part II Antivirus Software Evasion; Chapter 6 Antivirus Software Evasion; Who Uses Antivirus Evasion Techniques?; Discovering Where and How Malware Is Detected; Old Tricks for Determining Where Malware Is Detected: Divide and Conquer Evading a Simple Signature-Based Detection with the Divide and Conquer TrickBinary Instrumentation and Taint Analysis; Summary; Chapter 7 Evading Signatures; File Formats: Corner Cases and Undocumented Cases; Evading a Real Signature; Evasion Tips and Tricks for Specific File Formats; PE Files; JavaScript; String Encoding; Executing Code on the Fly; Hiding the Logic: Opaque Predicates and Junk Code; PDF; Summary; Chapter 8 Evading Scanners; Generic Evasion Tips and Tricks; Fingerprinting Emulators; Advanced Evasion Tricks; Taking Advantage of File Format Weaknesses Using Anti-emulation Techniques |
| Record Nr. | UNINA-9910824210803321 |
|
Koret Joxean
|
||
| Indianapolis, IN : , : John Wiley and Sons, , [2015] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse
| Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse |
| Autore | Dang Bruce |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Indianapolis, IN : , : John Wiley and Sons, , [2014] |
| Descrizione fisica | 1 online resource (383 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
GazetAlexandre
BachaalanyElias JosseSébastien |
| Soggetto topico | Reverse engineering |
| Soggetto genere / forma | Electronic books. |
| ISBN |
1-118-78739-0
1-118-78725-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Title Page; Copyright; Contents; Chapter 1 x86 and x64; Register Set and Data Types; Instruction Set; Syntax; Data Movement; Exercise; Arithmetic Operations; Stack Operations and Function Invocation; Exercises; Control Flow; System Mechanism; Address Translation; Interrupts and Exceptions; Walk-Through; Exercises; x64; Register Set and Data Types; Data Movement; Canonical Address; Function Invocation; Exercises; Chapter 2 ARM; Basic Features; Data Types and Registers; System-Level Controls and Settings; Introduction to the Instruction Set; Loading and Storing Data; LDR and STR
Other Usage for LDRLDM and STM; PUSH and POP; Functions and Function Invocation; Arithmetic Operations; Branching and Conditional Execution; Thumb State; Switch-Case; Miscellaneous; Just-in-Time and Self-Modifying Code; Synchronization Primitives; System Services and Mechanisms; Instructions; Walk-Through; Next Steps; Exercises; Chapter 3 The Windows Kernel; Windows Fundamentals; Memory Layout; Processor Initialization; System Calls; Interrupt Request Level; Pool Memory; Memory Descriptor Lists; Processes and Threads; Execution Context; Kernel Synchronization Primitives; Lists Implementation Details Walk-Through; Exercises; Asynchronous and Ad-Hoc Execution; System Threads; Work Items; Asynchronous Procedure Calls; Deferred Procedure Calls; Timers; Process and Thread Callbacks; Completion Routines; I/O Request Packets; Structure of a Driver; Entry Points; Driver and Device Objects; IRP Handling; A Common Mechanism for User-Kernel Communication; Miscellaneous System Mechanisms; Walk-Throughs; An x86 Rootkit; An x64 Rootkit; Next Steps; Exercises; Building Confidence and Solidifying Your Knowledge; Investigating and Extending Your Knowledge Analysis of Real-Life Drivers Chapter 4 Debugging and Automation; The Debugging Tools and Basic Commands; Setting the Symbol Path; Debugger Windows; Evaluating Expressions; Process Control and Debut Events; Registers, Memory, and Symbols; Breakpoints; Inspecting Processes and Modules; Miscellaneous Commands; Scripting with the Debugging Tools; Pseudo-Registers; Aliases; Language; Script Files; Using Scripts Like Functions; Example Debug Scripts; Using the SDK; Concepts; Writing Debugging Tools Extensions; Useful Extensions, Tools, and Resources; Chapter 5 Obfuscation A Survey of Obfuscation Techniques The Nature of Obfuscation: A Motivating Example; Data-Based Obfuscations; Control-Based Obfuscation; Simultaneous Control-Flow and Data-Flow Obfuscation; Achieving Security by Obscurity; A Survey of Deobfuscation Techniques; The Nature of Deobfuscation: Transformation Inversion; Deobfuscation Tools; Practical Deobfuscation; Case Study; First Impressions; Analyzing Handlers Semantics; Symbolic Execution; Solving the Challenge; Final Thoughts; Exercises; Appendix Sample Names and Corresponding SHA1 Hashes; Index |
| Record Nr. | UNINA-9910463849803321 |
|
Dang Bruce
|
||
| Indianapolis, IN : , : John Wiley and Sons, , [2014] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse
| Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse |
| Autore | Dang Bruce |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Indianapolis, IN : , : John Wiley and Sons, , [2014] |
| Descrizione fisica | 1 online resource (383 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
GazetAlexandre
BachaalanyElias JosseSébastien |
| Soggetto topico | Reverse engineering |
| ISBN |
1-118-78739-0
1-118-78725-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Title Page; Copyright; Contents; Chapter 1 x86 and x64; Register Set and Data Types; Instruction Set; Syntax; Data Movement; Exercise; Arithmetic Operations; Stack Operations and Function Invocation; Exercises; Control Flow; System Mechanism; Address Translation; Interrupts and Exceptions; Walk-Through; Exercises; x64; Register Set and Data Types; Data Movement; Canonical Address; Function Invocation; Exercises; Chapter 2 ARM; Basic Features; Data Types and Registers; System-Level Controls and Settings; Introduction to the Instruction Set; Loading and Storing Data; LDR and STR
Other Usage for LDRLDM and STM; PUSH and POP; Functions and Function Invocation; Arithmetic Operations; Branching and Conditional Execution; Thumb State; Switch-Case; Miscellaneous; Just-in-Time and Self-Modifying Code; Synchronization Primitives; System Services and Mechanisms; Instructions; Walk-Through; Next Steps; Exercises; Chapter 3 The Windows Kernel; Windows Fundamentals; Memory Layout; Processor Initialization; System Calls; Interrupt Request Level; Pool Memory; Memory Descriptor Lists; Processes and Threads; Execution Context; Kernel Synchronization Primitives; Lists Implementation Details Walk-Through; Exercises; Asynchronous and Ad-Hoc Execution; System Threads; Work Items; Asynchronous Procedure Calls; Deferred Procedure Calls; Timers; Process and Thread Callbacks; Completion Routines; I/O Request Packets; Structure of a Driver; Entry Points; Driver and Device Objects; IRP Handling; A Common Mechanism for User-Kernel Communication; Miscellaneous System Mechanisms; Walk-Throughs; An x86 Rootkit; An x64 Rootkit; Next Steps; Exercises; Building Confidence and Solidifying Your Knowledge; Investigating and Extending Your Knowledge Analysis of Real-Life Drivers Chapter 4 Debugging and Automation; The Debugging Tools and Basic Commands; Setting the Symbol Path; Debugger Windows; Evaluating Expressions; Process Control and Debut Events; Registers, Memory, and Symbols; Breakpoints; Inspecting Processes and Modules; Miscellaneous Commands; Scripting with the Debugging Tools; Pseudo-Registers; Aliases; Language; Script Files; Using Scripts Like Functions; Example Debug Scripts; Using the SDK; Concepts; Writing Debugging Tools Extensions; Useful Extensions, Tools, and Resources; Chapter 5 Obfuscation A Survey of Obfuscation Techniques The Nature of Obfuscation: A Motivating Example; Data-Based Obfuscations; Control-Based Obfuscation; Simultaneous Control-Flow and Data-Flow Obfuscation; Achieving Security by Obscurity; A Survey of Deobfuscation Techniques; The Nature of Deobfuscation: Transformation Inversion; Deobfuscation Tools; Practical Deobfuscation; Case Study; First Impressions; Analyzing Handlers Semantics; Symbolic Execution; Solving the Challenge; Final Thoughts; Exercises; Appendix Sample Names and Corresponding SHA1 Hashes; Index |
| Record Nr. | UNINA-9910787603303321 |
|
Dang Bruce
|
||
| Indianapolis, IN : , : John Wiley and Sons, , [2014] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse
| Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse |
| Autore | Dang Bruce |
| Edizione | [1st edition] |
| Pubbl/distr/stampa | Indianapolis, IN : , : John Wiley and Sons, , [2014] |
| Descrizione fisica | 1 online resource (383 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) |
GazetAlexandre
BachaalanyElias JosseSébastien |
| Soggetto topico | Reverse engineering |
| ISBN |
1-118-78739-0
1-118-78725-0 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Cover; Title Page; Copyright; Contents; Chapter 1 x86 and x64; Register Set and Data Types; Instruction Set; Syntax; Data Movement; Exercise; Arithmetic Operations; Stack Operations and Function Invocation; Exercises; Control Flow; System Mechanism; Address Translation; Interrupts and Exceptions; Walk-Through; Exercises; x64; Register Set and Data Types; Data Movement; Canonical Address; Function Invocation; Exercises; Chapter 2 ARM; Basic Features; Data Types and Registers; System-Level Controls and Settings; Introduction to the Instruction Set; Loading and Storing Data; LDR and STR
Other Usage for LDRLDM and STM; PUSH and POP; Functions and Function Invocation; Arithmetic Operations; Branching and Conditional Execution; Thumb State; Switch-Case; Miscellaneous; Just-in-Time and Self-Modifying Code; Synchronization Primitives; System Services and Mechanisms; Instructions; Walk-Through; Next Steps; Exercises; Chapter 3 The Windows Kernel; Windows Fundamentals; Memory Layout; Processor Initialization; System Calls; Interrupt Request Level; Pool Memory; Memory Descriptor Lists; Processes and Threads; Execution Context; Kernel Synchronization Primitives; Lists Implementation Details Walk-Through; Exercises; Asynchronous and Ad-Hoc Execution; System Threads; Work Items; Asynchronous Procedure Calls; Deferred Procedure Calls; Timers; Process and Thread Callbacks; Completion Routines; I/O Request Packets; Structure of a Driver; Entry Points; Driver and Device Objects; IRP Handling; A Common Mechanism for User-Kernel Communication; Miscellaneous System Mechanisms; Walk-Throughs; An x86 Rootkit; An x64 Rootkit; Next Steps; Exercises; Building Confidence and Solidifying Your Knowledge; Investigating and Extending Your Knowledge Analysis of Real-Life Drivers Chapter 4 Debugging and Automation; The Debugging Tools and Basic Commands; Setting the Symbol Path; Debugger Windows; Evaluating Expressions; Process Control and Debut Events; Registers, Memory, and Symbols; Breakpoints; Inspecting Processes and Modules; Miscellaneous Commands; Scripting with the Debugging Tools; Pseudo-Registers; Aliases; Language; Script Files; Using Scripts Like Functions; Example Debug Scripts; Using the SDK; Concepts; Writing Debugging Tools Extensions; Useful Extensions, Tools, and Resources; Chapter 5 Obfuscation A Survey of Obfuscation Techniques The Nature of Obfuscation: A Motivating Example; Data-Based Obfuscations; Control-Based Obfuscation; Simultaneous Control-Flow and Data-Flow Obfuscation; Achieving Security by Obscurity; A Survey of Deobfuscation Techniques; The Nature of Deobfuscation: Transformation Inversion; Deobfuscation Tools; Practical Deobfuscation; Case Study; First Impressions; Analyzing Handlers Semantics; Symbolic Execution; Solving the Challenge; Final Thoughts; Exercises; Appendix Sample Names and Corresponding SHA1 Hashes; Index |
| Record Nr. | UNINA-9910825125303321 |
|
Dang Bruce
|
||
| Indianapolis, IN : , : John Wiley and Sons, , [2014] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||