Accelerated Windows Malware Analysis with Memory Dumps: Training Course Transcript and WinDbg Practice Exercises, Second Edition

Accelerated Windows Malware Analysis with Memory Dumps: Training Course Transcript and WinDbg Practice Exercises, Second Edition

Paperback

$150.00
Members save with free shipping everyday! 
See details

Overview

The full transcript of Software Diagnostics Services training. Learn how to navigate process, kernel, and physical spaces and diagnose various malware patterns in Windows memory dump files. The course uses a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg, process, kernel and complete memory dumps. Covered more than 20 malware analysis patterns. The main audience is software technical support and escalation engineers who analyze memory dumps from complex software environments and need to check for possible malware presence in cases of abnormal software behavior. The course will also be useful for software engineers, quality assurance and software maintenance engineers, security researchers, malware and memory forensics analysts who have never used WinDbg for analysis of computer memory. The second edition uses the latest WinDbg 10 version and includes malware analysis pattern catalog reprinted from Memory Dump Analysis Anthology volumes.

Product Details

ISBN-13: 9781908043863
Publisher: Opentask
Publication date: 10/02/2017
Pages: 316
Product dimensions: 8.50(w) x 11.00(h) x 0.82(d)

Table of Contents

About the Author

Introduction

Practice Exercises

Exercise 0: Download, setup and verify your WinDbg installation

Exercise M1A

Exercise M1B

Exercise M2

Exercise M3

Exercise M4

Exercise M5

Exercise M6

Selected Q&A

Appendix

Malware Analysis Patterns

Deviant Module

Deviant Token

Driver Device Collection

Execution Residue

Fake Module

Hidden Module

Hidden Process

Hooksware

Namespace

No Component Symbols

Out-of-Module Pointer

Packed Code

Patched Code

Pre-Obfuscation Residue

Raw Pointer

RIP Stack Trace

Self-Diagnosis (Kernel Mode)

Stack Trace Collection

Stack Trace Collection (I/O Requests)

String Hint

Unknown Module

Raw Stack Dump of All Threads (Kernel Space)

Complete Stack Traces from x64 System

Customer Reviews