Cuckoo Malware Analysis


Cuckoo Malware Analysis
eBook: $22.99
Formats: PDF, PacktLib, ePub and Mobi formats
$19.54
save 15%!
Print + free eBook + free PacktLib access to the book: $60.98    Print cover: $37.99
$37.99
save 38%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Reviews
Support
Sample Chapters
  • Learn how to analyze malware in a straightforward way with minimum technical skills
  • Understand the risk of the rise of document-based malware
  • Enhance your malware analysis concepts through illustrations, tips and tricks, step-by-step instructions, and practical real-world scenarios
  • To download updated sample example click - http://www.cuckoosandboxbook.com/

Book Details

Language : English
Paperback : 142 pages [ 235mm x 191mm ]
Release Date : October 2013
ISBN : 1782169237
ISBN 13 : 9781782169239
Author(s) : Digit Oktavianto, Iqbal Muhardianto
Topics and Technologies : All Books, Open Source

Table of Contents

Preface
Chapter 1: Getting Started with Automated Malware Analysis using Cuckoo Sandbox
Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
Chapter 3: Analyzing the Output of Cuckoo Sandbox
Chapter 4: Reporting with Cuckoo Sandbox
Chapter 5: Tips and Tricks for Cuckoo Sandbox
Index
  • Chapter 1: Getting Started with Automated Malware Analysis using Cuckoo Sandbox
    • Malware analysis methodologies
    • Basic theory in Sandboxing
    • Malware analysis lab
    • Cuckoo Sandbox
    • Installing Cuckoo Sandbox
      • Hardware requirements
      • Preparing the host OS
      • Requirements
      • Install Python in Ubuntu
      • Setting up Cuckoo Sandbox in the Host OS
      • Preparing the Guest OS
        • Configuring the network
        • Setting up a shared folder between Host OS and Guest OS
      • Creating a user
      • Installing Cuckoo Sandbox
        • cuckoo.conf
        • <machinemanager>.conf
        • processing.conf
        • reporting.conf
    • Summary
    • Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
      • Starting Cuckoo
      • Submitting malware samples to Cuckoo Sandbox
      • Submitting a malware Word document
      • Submitting a malware PDF document – aleppo_plan_cercs.pdf
      • Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
      • Submitting a malicious URL – http://youtibe.com
      • Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
      • Submitting a binary file – Sality.G.exe
      • Memory forensic using Cuckoo Sandbox – using memory dump features
      • Additional memory forensic using Volatility
        • Using Volatility
      • Summary
          • Chapter 5: Tips and Tricks for Cuckoo Sandbox
            • Hardening Cuckoo Sandbox against VM detection
            • Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
              • Installing Maltego
            • Automating e-mail attachments with Cuckoo MX
            • Summary

            Digit Oktavianto

            Digit Oktavianto is an IT security professional and system administrator with experience in the Linux server, network security, Security Information and Event Management (SIEM), vulnerability assesment, penetration testing, intrusion analysis, incident response and incident handling, security hardening, PCI-DSS, and system administration. He has good experience in Managed Security Services (MSS) projects, Security Operation Centre, operating and maintaining SIEM tools, configuring and setup of IDS/IPS, Firewall, Antivirus, Operating Systems, and Applications. He works as an information security analyst in Noosc Global, a security consultant firm based in Indonesia. Currently, he holds CEH and GIAC Incident Handler certifications. He is very enthusiastic and has a good passion in malware analysis as his main interest for research. This book is the first book that he has written, and he plans to write more about malware analysis and incident response books.

            Iqbal Muhardianto

            Iqbal Muhardianto is a security enthusiast and he is working in the Ministry of Foreign Affairs of the Republic of Indonesia. He loves breaking things apart just to know how it works. In his computer learning career, he first started with learning MS-DOS and some C programming, after being a System admin, Network Admin, and now he is a IT Security Administrator with some skills in Linux, Windows, Network, SIEM, Malware Analysis, and Pentesting. He currently lives Norway and works as an IT Staff in the Indonesia Embassy in Oslo.

            Code Downloads

            Download the code and support files for this book.


            Submit Errata

            Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


            Errata

            - 2 submitted: last submission 19 May 2014

            To download updated sample example click - http://www.cuckoosandboxbook.com/

            Errata type: Technical | Errata page: 18

            After reading the following sentence:

            With this networking type, Host OS and Guest OS can interact with each other, but the Guest OS can "see" the outside network or internet.

            Note that the Guest could only access the internet after we configure the firewall on the Host side. If you want to restrict the Guest access, you need to turn the firewall on the Host side off. Thus, the Guest will again be isolated.

            Sample chapters

            You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

            Frequently bought together

            Cuckoo Malware Analysis +    Mastering TypoScript: TYPO3 Website, Template, and Extension Development =
            50% Off
            the second eBook
            Price for both: $29.50

            Buy both these recommended eBooks together and get 50% off the cheapest eBook.

            What you will learn from this book

            • Get started with automated malware analysis using Cuckoo Sandbox
            • Use Cuckoo Sandbox to analyze sample malware
            • Analyze output from Cuckoo Sandbox
            • Report results with Cuckoo Sandbox in standard form
            • Learn tips and tricks to get the most out of your malware analysis results

            In Detail

            Cuckoo Sandbox is a leading open source automated malware analysis system. This means that you can throw any suspicious file at it and, in a matter of seconds, Cuckoo will provide you with some detailed results outlining what said file did when executed inside an isolated environment.

            Cuckoo Malware Analysis is a hands-on guide that will provide you with everything you need to know to use Cuckoo Sandbox with added tools like Volatility, Yara, Cuckooforcanari, Cuckoomx, Radare, and Bokken, which will help you to learn malware analysis in an easier and more efficient way.

            Cuckoo Malware Analysis will cover basic theories in sandboxing, automating malware analysis, and how to prepare a safe environment lab for malware analysis. You will get acquainted with Cuckoo Sandbox architecture and learn how to install Cuckoo Sandbox, troubleshoot the problems after installation, submit malware samples, and also analyze PDF files, URLs, and binary files. This book also covers memory forensics – using the memory dump feature, additional memory forensics using Volatility, viewing result analyses using the Cuckoo analysis package, and analyzing APT attacks using Cuckoo Sandbox, Volatility, and Yara.

            Finally, you will also learn how to screen Cuckoo Sandbox against VM detection and how to automate the scanning of e-mail attachments with Cuckoo.

            Approach

            This book is a step-by-step, practical tutorial for analyzing and detecting malware and performing digital investigations. This book features clear and concise guidance in an easily accessible format.

            Who this book is for

            Cuckoo Malware Analysis is great for anyone who wants to analyze malware through programming, networking, disassembling, forensics, and virtualization. Whether you are new to malware analysis or have some experience, this book will help you get started with Cuckoo Sandbox so you can start analysing malware effectively and efficiently.

            Code Download and Errata
            Packt Anytime, Anywhere
            Register Books
            Print Upgrades
            eBook Downloads
            Video Support
            Contact Us
            Awards Voting Nominations Previous Winners
            Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
            Resources
            Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software