Skip to main content

2022 | Book

Defending Cyber Systems through Reverse Engineering of Criminal Malware


About this book

This SpringerBrief discusses underlying principles of malware reverse engineering and introduces the major techniques and tools needed to effectively analyze malware that targets business organizations. It also covers the examination of real-world malware samples, which illustrates the knowledge and skills necessary to take control of cyberattacks.
This SpringerBrief explores key tools and techniques to learn the main elements of malware analysis from the inside out. It also presents malware reverse engineering using several methodical phases, in order to gain a window into the mind set of hackers. Furthermore, this brief examines malicious program’s behavior and views its code-level patterns. Real world malware specimens are used to demonstrate the emerging behavioral patterns of battlefield malware as well.
This SpringerBrief is unique, because it demonstrates the capabilities of emerging malware by conducting reverse-code engineering on real malware samples and conducting behavioral analysis in isolated lab system. Specifically, the author focuses on analyzing malicious Windows executables. This type of malware poses a large threat to modern enterprises. Attackers often deploy malicious documents and browser-based exploits to attack Windows enterprise environment. Readers learn how to take malware inside-out using static properties analysis, behavioral analysis and code-level analysis techniques.
The primary audience for this SpringerBrief is undergraduate students studying cybersecurity and researchers working in this field. Cyber security professionals that desire to learn more about malware analysis tools and techniques will also want to purchase this SpringerBrief.

Table of Contents

Chapter 1. Introduction to the Fascinating World of Malware Analysis
Information technology has forever changed the way we live and work, and there is no doubt about the fact that the world has benefited from technological advancements in ways that are immeasurable and never imagined before. However, these technological advancements are not risk-free, and there is a flip side to this: cybercriminal activities have skyrocketed in the recent years to the point where in some cases hackers have been able to take business organization as hostage using malware.
Marwan Omar
Chapter 2. Static Analysis of Malware
Static analysis is one of the malware analysis techniques used by malware analysts to quickly triage suspect programs/files without executing them. During this initial assessment phase, the goal is to be able to extract valuable insights from the suspect binary which would help inform the subsequent steps so that we can determine how to analyze or categorize the suspect file and where to focus our analysis efforts (Kirubavathi & Anitha, 2018).
Marwan Omar
Chapter 3. Behavioral Analysis Principles
Behavioral (also referred to as dynamic analysis) entails analyzing a specimen by triggering it to run in an isolated and controlled lab environment and monitoring its behavior, interaction, and impact on the system. In the previous chapter, we learned the techniques, tools, and principles to examine the different aspects of the suspect specimen without executing it. In this chapter, we will capitalize on that knowledge to further observe the behavior, purpose, and functionality of the suspect specimen using dynamic analysis. You will learn the behavioral analysis tools and their features and simulate Internet services. Our goal during this analysis phase is to observe and monitor malware behavior and better understand its characteristics (Ul Haq et al., 2018).
Marwan Omar
Chapter 4. Principles of Code-Level Analysis
Static properties analysis and behavioral analysis are excellent techniques to understand the basic characteristics and functionality of malware; however, these techniques alone do not offer all the needed information to fully understand the malware’s functionality. Malware authors often write their malicious code in a high-level language, such as C or C++, which is compiled to an executable program using a compiler (Monnappa, 2018). Security analysts do not have access to the source code during the malware analysis process; they only have access to the malicious executable. To better understand the critical dimensions of a malicious specimen as well as its inner workings, we will need to take our analysis efforts to the next level: code analysis.
Marwan Omar
Defending Cyber Systems through Reverse Engineering of Criminal Malware
Marwan Omar
Copyright Year
Electronic ISBN
Print ISBN

Premium Partner