Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Looking for a Basic Book On "Reverse Malware Engineering "

From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Thu, 11 Mar 2010 08:39:32 +1100
To start, the GREM course is one of the best out there:
http://www.giac.org/certifications/security/GREM.php 

The course cheatsheet is at:
http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html 

Lenny has a few links following his paper online at:
http://zeltser.com/reverse-malware-paper/

To really do this well you need to have a good understanding of ASM (Intel
Assembly language).     
http://win32assembly.online.fr/tut1.html
http://win32assembly.online.fr/tutorials.html

And of the PE format:
http://msdn.microsoft.com/en-us/library/ms809762.aspx
http://www.pelib.com/resources/luevel.txt

This is a field where being an old fart helps. Back in the 80's we had to
write our one software and games and to do this well on the small userspace
we have, it took ASM. You can you dynamic analysis to analyse software
(behavioural) and this can provide some quick insights, but to re4ally get
into this field, you need to get good at ASM, C, C++. 

Other languages also help. Java, Flash and other language malware means you
need a wide understanding of code.

Also, unless you want to unpack sample by sample, you need to write
unpackers that work as a class. That is, code. Olly and IDA are great, but
these are point solutions that take you to a single piece of malware. To do
anything of lasting use, you need to code a signature (I have seen this done
well in Python as well).

You can look for other code sources, but with the rapidity of changes in
this field, being a script kiddie reverser does not work well.

Book wise, I would look at:
-Reversing: Secrets of Reverse Engineering by Eldad Eilam

-The IDA Pro Book: The Unofficial Guide to the World's Most Popular
Disassembler ~ Chris Eagle

-Assembly Language Step-by-step: Programming with DOS and Linux (with
CD-ROM) ~ Jeff Duntemann

- The Art of Assembly Language ~ Randall Hyde

-Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your
Programming ~ Kris Kaspersky

Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd


From: HAREN BHATT [mailto:hcbhatt () gmail com] 
Sent: Wednesday, 10 March 2010 3:50 PM
To: craig.wright () information-defense com
Cc: security-basics () securityfocus com
Subject: Looking for a Basic Book On "Reverse Malware Engineering "

Hello Craig,
This Haren from India.I recently attended Sans SEC-504(GCIH) and would be
writing the exams by end of March 2010.I am more interested towards Malware
reverse engineering. 
Can you suggest some good book which can help me to understand the "ReverseĀ 
Malware Engineering "-subject in depth???

-- 
Thanks & Regards:
Haren Bhatt | Security Analyst
|MCSA |SCSA |ENSA |CEHv5 |ECSA-LPT .

Blog : http://security-culture.blogspot.com/

"We Have A Culture Of Security."
NOTICE:This communication is meant only for the addressee(s) named above and
may contain information which is and/or legally privileged. If you are not
the named addressee(s), or the agent responsible for receiving and
delivering this communication to the named addressee(s), this communication
has been sent to you in error, please notify the sender and delete all
copies. If so, kindly contact us immediately for retrieval purposes.
Unauthorized dissemination, distribution, copying or reliance on this
communication is prohibited and may attract criminal penalties.
For privacy reasons all the addressee(s) may be hidden.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: