Security Basics mailing list archives
RE: Looking for a Basic Book On "Reverse Malware Engineering "
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Thu, 11 Mar 2010 08:39:32 +1100
To start, the GREM course is one of the best out there: http://www.giac.org/certifications/security/GREM.php The course cheatsheet is at: http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html Lenny has a few links following his paper online at: http://zeltser.com/reverse-malware-paper/ To really do this well you need to have a good understanding of ASM (Intel Assembly language). http://win32assembly.online.fr/tut1.html http://win32assembly.online.fr/tutorials.html And of the PE format: http://msdn.microsoft.com/en-us/library/ms809762.aspx http://www.pelib.com/resources/luevel.txt This is a field where being an old fart helps. Back in the 80's we had to write our one software and games and to do this well on the small userspace we have, it took ASM. You can you dynamic analysis to analyse software (behavioural) and this can provide some quick insights, but to re4ally get into this field, you need to get good at ASM, C, C++. Other languages also help. Java, Flash and other language malware means you need a wide understanding of code. Also, unless you want to unpack sample by sample, you need to write unpackers that work as a class. That is, code. Olly and IDA are great, but these are point solutions that take you to a single piece of malware. To do anything of lasting use, you need to code a signature (I have seen this done well in Python as well). You can look for other code sources, but with the rapidity of changes in this field, being a script kiddie reverser does not work well. Book wise, I would look at: -Reversing: Secrets of Reverse Engineering by Eldad Eilam -The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler ~ Chris Eagle -Assembly Language Step-by-step: Programming with DOS and Linux (with CD-ROM) ~ Jeff Duntemann - The Art of Assembly Language ~ Randall Hyde -Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming ~ Kris Kaspersky Regards, ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd From: HAREN BHATT [mailto:hcbhatt () gmail com] Sent: Wednesday, 10 March 2010 3:50 PM To: craig.wright () information-defense com Cc: security-basics () securityfocus com Subject: Looking for a Basic Book On "Reverse Malware Engineering " Hello Craig, This Haren from India.I recently attended Sans SEC-504(GCIH) and would be writing the exams by end of March 2010.I am more interested towards Malware reverse engineering. Can you suggest some good book which can help me to understand the "ReverseĀ Malware Engineering "-subject in depth??? -- Thanks & Regards: Haren Bhatt | Security Analyst |MCSA |SCSA |ENSA |CEHv5 |ECSA-LPT . Blog : http://security-culture.blogspot.com/ "We Have A Culture Of Security." NOTICE:This communication is meant only for the addressee(s) named above and may contain information which is and/or legally privileged. If you are not the named addressee(s), or the agent responsible for receiving and delivering this communication to the named addressee(s), this communication has been sent to you in error, please notify the sender and delete all copies. If so, kindly contact us immediately for retrieval purposes. Unauthorized dissemination, distribution, copying or reliance on this communication is prohibited and may attract criminal penalties. For privacy reasons all the addressee(s) may be hidden. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Looking for a Basic Book On "Reverse Malware Engineering " Craig S. Wright (Mar 15)