Malware Analysis for the Enterprise jason ross

In a typical organization, an attack from malicious software (known as malware) is not likely to go completely unnoticed. Detection of an attack may come through one or more technologies such as antivirus software, intrusion detection systems, or it may come from systems compliance monitoring. | Malware Analysis for the Enterprise jason ross Table of Contents Introduction. How Does Malware Analysis Help . The Need For Analysis. Times have changed it s a business not a kiddie . The signature arms race. Where Does Malware Analysis Fit In . Infection is an incident. How Does Malware Today Work . Droppers and Downloaders and Rootkits Oh My . How can you say you re clean if you can t trust the OS . Playing With Fire How To Analyze Malware . Static analysis. Runtime analysis. What is a sandnet . Virtual Machines vs. Bare Metal. Smart malware authors check for VM. Dumb malware authors also check for VM. Setting Up The Sandnet. Network configuration. Monitoring and logging traffic. Services Host Setup. OS Configuration. DNS Service ISC Bind 9 . Web Service Apache 2 . SMTP Service Postfix . Generic Listener Service Netcat . A quick note about javascript obfuscation. Victim Host Setup. OS Configuration. Analysis Software. Conclusion. Appendix A Online Analysis Labs. Appendix B Malware Sample Resources Online. Introduction In a typical organization an attack from malicious software known as malware is not likely to go completely unnoticed. Detection of an attack may come through one or more technologies such as antivirus software intrusion detection systems or it may come from systems compliance monitoring. Unfortunately detection of the attack is no longer sufficient to identify the full risk posed by malware. Often detection occurs after the host has already been compromised. As malware evolves and grows increasingly complex it is utilizing self-defense mechanisms such as root kit technologies to hide processes from the kernel disable antivirus software and block access to security vendor websites and operating system update information. Faced with these threats once a host s integrity becomes compromised a crucial part of the incident response process is to determine what activity the malicious code is engaged in and specifically whether any data may have been .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
24    21    1    01-12-2024
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.