Reverse Engineering Code with IDA Pro

Rating: 
Amazon Price: $76.03 (as of June 20, 2018 05:40 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pro’s interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the world’s most powerful and popular took for reverse engineering code.*Reverse Engineer REAL Hostile Code
To follow along with this chapter, you must download a file called !DANGER!INFECTEDMALWARE!DANGER!… ‘nuff said.
*Download the Code!
The companion Web site to this book offers up really evil code for you to reverse engineer and really nice code for you to automate tasks with the IDC Scripting Language.
*Portable Executable (PE) and Executable and Linking Formats (ELF)
Understand the physical layout of PE and ELF files, and analyze the components that are essential to reverse engineering.
*Break Hostile Code Armor and Write your own Exploits
Understand execution flow, trace functions, recover hard coded passwords, find vulnerable functions, backtrace execution, and craft a buffer overflow.
*Master Debugging
Debug in IDA Pro, use a debugger while reverse engineering, perform heap and stack access modification, and use other debuggers.
*Stop Anti-Reversing
Anti-reversing, like reverse engineering or coding in assembly, is an art form. The trick of course is to try to stop the person reversing the application. Find out how!
*Track a Protocol through a Binary and Recover its Message Structure
Trace execution flow from a read event, determine the structure of a protocol, determine if the protocol has any undocumented messages, and use IDA Pro to determine the functions that process a particular message.
*Develop IDA Scripts and Plug-ins
Learn the basics of IDA scripting and syntax, and write IDC scripts and plug-ins to automate even the most complex tasks.

Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet’s Greatest Threat

Rating: 
Amazon Price: N/A (as of June 20, 2018 06:47 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Combating Spyware in the Enterprise is the first book published on defending enterprise networks from increasingly sophisticated and malicious spyware.

Combating Spyware in the Enterprise begins by examining the various types of insidious spyware and adware currently propagating across the internet and infiltrating enterprise networks. This section closely examines Spyware’s ongoing transformation from nuisance to malicious, sophisticated attack vector. Next, the book uncovers spyware’s intricate economy and network of malicious hackers and criminals. Forensic investigations presented in this section of the book reveal how increasingly sophisticated spyware can compromise enterprise networks via trojans, keystroke loggers, system monitoring, distributed denial of service attacks, backdoors, viruses, and worms. After close examination of these attack vectors, the book begins to detail both manual and automated techniques for scanning your network for the presence of spyware, and customizing your IDS and IPS to detect spyware. From here, the book goes on to detail how to prevent spyware from being initially installed to mitigating the damage inflicted by spyware should your network become infected. Techniques discussed in this section include slowing the exposure rate; web filtering; using FireFox, MacOSX, or Linux; patching and updating, machine restrictions, shielding, deploying anti-spyware, and re-imaging. The book concludes with an analysis of the future of spyware and what the security community must accomplish to win the ware against spyware.
Continue reading “Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet’s Greatest Threat”

Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides

Rating: 
Amazon Price: N/A (as of June 20, 2018 04:38 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

Dissecting the dark side of the Internet with its infectious worms, botnets, rootkits, and Trojan horse programs (known as malware) is a treaterous condition for any forensic investigator or analyst. Written by information security experts with real-world investigative experience, Malware Forensics Field Guide for Windows Systems is a "tool" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips.

*A condensed hand-held guide complete with on-the-job tasks and checklists
Continue reading “Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides”

Introduction to Social Media Investigation: A Hands-on Approach

Rating: 
Amazon Price: N/A (as of June 20, 2018 05:40 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

If you’re interested in using social media as an investigative tool, Introduction to Social Media Investigation will show you how! Social networks and social media, like Facebook, Twitter, and Foursquare, are some of the most popular services on the Web, with hundreds of millions of users. The public information that people share on these sites can be valuable for anyone interested in investigating people of interest through open, public sources.

Social media as an investigative device is in its infancy and not well understood. This book presents an overview of social media and discusses special skills and techniques to use when conducting investigations. The book features hands-on tutorials and case studies and offers additional data-gathering techniques.
Continue reading “Introduction to Social Media Investigation: A Hands-on Approach”

Buffer Overflow Attacks: Detect, Exploit, Prevent

Rating: 
Amazon Price: N/A (as of June 20, 2018 10:00 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.
Continue reading “Buffer Overflow Attacks: Detect, Exploit, Prevent”