| 000 | 08156nam a2200469 i 4500 | ||
|---|---|---|---|
| 003 | OSt | ||
| 005 | 20240809170516.0 | ||
| 008 | 230120s2018 xx a | ||1|0 eng d | ||
| 020 | _a9781788838849 (paperback) | ||
| 035 | _a(MiAaPQ)EBC5573418 | ||
| 035 | _a(Au-PeEL)EBL5573418 | ||
| 035 | _a(CaPaEBR)ebr11630313 | ||
| 035 | _a(OCoLC)1064731152 | ||
| 040 |
_aMiAaPQ _beng _erda _epn _cMiAaPQ _dMiAaPQ _dTUPM |
||
| 050 | 0 |
_aTA 168.5 _bW66 2018 |
|
| 100 | 1 |
_aWong, Reginald. _eauthor. |
|
| 245 | 0 | 0 |
_aMastering reverse engineering : _bre-engineer your ethical hacking skills / _cReginald Wong. |
| 264 | 1 |
_aBirmingham : _bPackt Publishing, Limited, _c2018. |
|
| 264 | 1 | _c©2018. | |
| 300 |
_avi, 422 pages : _billustrations ; _c23 cm. |
||
| 336 |
_atext _2rdacontent. |
||
| 337 |
_aunmediated _2rdamedia. |
||
| 338 |
_avolume _2rdacarrier. |
||
| 505 | 0 | _aCover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Preparing to Reverse -- Reverse engineering -- Technical requirements -- Reverse engineering as a process -- Seeking approval -- Static analysis -- Dynamic analysis -- Low-level analysis -- Reporting -- Tools -- Binary analysis tools -- Disassemblers -- Debuggers -- Monitoring tools -- Decompilers -- Malware handling -- Basic analysis lab setup -- Our setup -- Samples -- Summary -- Chapter 2: Identification and Extraction of Hidden Components -- Technical requirements -- The operating system environment -- The filesystem -- Memory -- The registry system -- Typical malware behavior -- Persistence -- Run keys -- Load and Run values -- Startup values -- The Image File Execution Options key -- Malware delivery -- Email -- Instant messenger -- The computer network -- Media storage -- Exploits and compromised websites -- Software piracy -- Malware file properties -- Payload - the evil within -- Tools -- Autoruns -- The Process explorer -- Summary -- Further reading -- Chapter 3: The Low-Level Language -- Technical requirements -- Binary numbers -- Bases -- Converting between bases -- Binary arithmetic -- Signed numbers -- x86 -- Registers -- Memory addressing -- Endianness -- Basic instructions -- Opcode bytes -- Copying data -- MOV and LEA -- Arithmetic operations -- Addition and subtraction -- Increment and decrement instructions -- Multiplication and division instructions -- Other signed operations -- Bitwise algebra -- Control flow -- Stack manipulation -- Tools - builder and debugger -- Popular assemblers -- MASM -- NASM -- FASM -- x86 Debuggers -- WinDbg -- Ollydebug -- x64dbg -- Hello World -- Installation of FASM -- It works! -- Dealing with common errors when building -- Dissecting the program -- After Hello. | |
| 505 | 0 | _aCalling APIs -- Common Windows API libraries -- Short list of common API functions -- Debugging -- Summary -- Further reading -- Chapter 4: Static and Dynamic Reversing -- Assessment and static analysis -- Static analysis -- File types and header analysis -- Extracting useful information from file -- PEid and TrID -- python-magic -- file -- MASTIFF -- Other information -- PE executables -- Deadlisting -- IDA (Interactive Disassembler) -- Decompilers -- ILSpy - C# Decompiler -- Dynamic analysis -- Memory regions and the mapping of a process -- Process and thread monitoring -- Network traffic -- Monitoring system changes -- Post-execution differences -- Debugging -- Try it yourself -- Summary -- References -- Chapter 5: Tools of the Trade -- Analysis environments -- Virtual machines -- Windows -- Linux -- Information gathering tools -- File type information -- Hash identifying -- Strings -- Monitoring tools -- Default command-line tools -- Disassemblers -- Debuggers -- Decompilers -- Network tools -- Editing tools -- Attack tools -- Automation tools -- Software forensic tools -- Automated dynamic analysis -- Online service sites -- Summary -- Chapter 6: RE in Linux Platforms -- Setup -- Linux executable - hello world -- dlroW olleH -- What have we gathered so far? -- Dynamic analysis -- Going further with debugging -- A better debugger -- Setup -- Hello World in Radare2 -- What is the password? -- Network traffic analysis -- Summary -- Further reading -- Chapter 7: RE for Windows Platforms -- Technical requirements -- Hello World -- Learning about the APIs -- Keylogger -- regenum -- processlist -- Encrypting and decrypting a file -- The server -- What is the password? -- Static analysis -- A quick run -- Deadlisting -- Dynamic analysis with debugging -- Decompilers -- Summary -- Further reading. | |
| 505 | 0 | _aChapter 8: Sandboxing - Virtualization as a Component for RE -- Emulation -- Emulation of Windows and Linux under an x86 host -- Emulators -- Analysis in unfamiliar environments -- Linux ARM guest in QEMU -- MBR debugging with Bochs -- Summary -- Further Reading -- Chapter 9: Binary Obfuscation Techniques -- Data assembly on the stack -- Code assembly -- Encrypted data identification -- Loop codes -- Simple arithmetic -- Simple XOR decryption -- Assembly of data in other memory regions -- Decrypting with x86dbg -- Other obfuscation techniques -- Control flow flattening obfuscation -- Garbage code insertion -- Code obfuscation with a metamorphic engine -- Dynamic library loading -- Use of PEB information -- Summary -- Chapter 10: Packing and Encryption -- A quick review on how native executables are loaded by the OS -- Packers, crypters, obfuscators, protectors and SFX -- Packers or compressors -- Crypters -- Obfuscators -- Protectors -- SFX Self-extracting archives -- Unpacking -- The UPX tool -- Debugging though the packer -- Dumping processes from memory -- Memory dumping with VirtualBox -- Extracting the process to a file using Volatility -- How about an executable in its unpacked state? -- Other file-types -- Summary -- Chapter 11: Anti-analysis Tricks -- Anti-debugging tricks -- IsDebuggerPresent -- Debug flags in the PEB -- Debugger information from NtQueryInformationProcess -- Timing tricks -- Passing code execution via SEH -- Causing exceptions -- A typical SEH setup -- Anti-VM tricks -- VM running process names -- Existence of VM files and directories -- Default MAC address -- Registry entries made by VMs -- VM devices -- CPUID results -- Anti-emulation tricks -- Anti-dumping tricks -- Summary -- Chapter 12: Practical Reverse Engineering of a Windows Executable -- Things to prepare -- Initial static analysis -- Initial file information. | |
| 505 | 0 | _aDeadlisting -- Debugging -- The unknown image -- Analysis summary -- Summary -- Further Reading -- Chapter 13: Reversing Various File Types -- Analysis of HTML scripts -- MS Office macro analysis -- PDF file analysis -- SWF file analysis -- SWFTools -- FLASM -- Flare -- XXXSWF -- JPEXS SWF decompiler -- Summary -- Further reading -- Other Books You May Enjoy -- Index. | |
| 520 | _aReverse engineering is a tool used for analyzing software, to exploit its weaknesses and strengthen its defenses. Hackers use reverse engineering as a tool to expose security flaws and questionable privacy practices. This book helps you to master the art of using reverse engineering. | ||
| 538 | _aAvailable electronically via the Internet. | ||
| 588 | _aDescription based on publisher supplied metadata and other sources. | ||
| 590 | _aElectronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. | ||
| 650 | 1 | 0 | _aReverse engineering. |
| 650 | 1 | 0 | _aSoftware engineering. |
| 650 | 1 | 0 | _aHacking. |
| 650 | 1 | 0 |
_aComputer networks _xSecurity measures. |
| 650 | 1 | 0 | _aComputer security. |
| 650 | 1 | 0 |
_aComputer software _xTesting. |
| 776 | 0 | 8 |
_iPrint version: _aWong, Reginald _tMastering Reverse Engineering : Re-Engineer Your Ethical Hacking Skills _dBirmingham : Packt Publishing, Limited,c2018 _z9781788838849. |
| 856 | 4 | 0 |
_uhttps://ebookcentral.proquest.com/lib/vu/detail.action?docID=5573418 _zFull-text via Proquest EBook Central |
| 942 |
_2lcc _cBK _hTA 168.5 _iW66 2018 |
||
| 999 |
_c3618 _d3618 |
||