Cuckoo Malware Analysis

Analyze malware using Cuckoo Sandbox

Cuckoo Malware Analysis

Starting
Digit Oktavianto, Iqbal Muhardianto

Analyze malware using Cuckoo Sandbox
$22.99
$37.99
RRP $22.99
RRP $37.99
eBook
Print + eBook
$12.99 p/month

Get Access

Get Unlimited Access to every Packt eBook and Video course

Enjoy full and instant access to over 3000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781782169239
Paperback142 pages

About This Book

  • Learn how to analyze malware in a straightforward way with minimum technical skills
  • Understand the risk of the rise of document-based malware
  • Enhance your malware analysis concepts through illustrations, tips and tricks, step-by-step instructions, and practical real-world scenarios
  • To download updated sample example click - http://www.cuckoosandboxbook.com/

Who This Book Is For

Cuckoo Malware Analysis is great for anyone who wants to analyze malware through programming, networking, disassembling, forensics, and virtualization. Whether you are new to malware analysis or have some experience, this book will help you get started with Cuckoo Sandbox so you can start analysing malware effectively and efficiently.

Table of Contents

Chapter 1: Getting Started with Automated Malware Analysis using Cuckoo Sandbox
Malware analysis methodologies
Basic theory in Sandboxing
Malware analysis lab
Cuckoo Sandbox
Installing Cuckoo Sandbox
Summary
Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
Starting Cuckoo
Submitting malware samples to Cuckoo Sandbox
Submitting a malware Word document
Submitting a malware PDF document – aleppo_plan_cercs.pdf
Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
Submitting a malicious URL – http://youtibe.com
Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
Submitting a binary file – Sality.G.exe
Memory forensic using Cuckoo Sandbox – using memory dump features
Additional memory forensic using Volatility
Summary
Chapter 3: Analyzing the Output of Cuckoo Sandbox
The processing module
Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
Summary
Chapter 4: Reporting with Cuckoo Sandbox
Creating a built-in report in HTML format
Creating a MAEC Report
Exporting data report analysis from Cuckoo to another format
Summary
Chapter 5: Tips and Tricks for Cuckoo Sandbox
Hardening Cuckoo Sandbox against VM detection
Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
Automating e-mail attachments with Cuckoo MX
Summary

What You Will Learn

  • Get started with automated malware analysis using Cuckoo Sandbox
  • Use Cuckoo Sandbox to analyze sample malware
  • Analyze output from Cuckoo Sandbox
  • Report results with Cuckoo Sandbox in standard form
  • Learn tips and tricks to get the most out of your malware analysis results

In Detail

Cuckoo Sandbox is a leading open source automated malware analysis system. This means that you can throw any suspicious file at it and, in a matter of seconds, Cuckoo will provide you with some detailed results outlining what said file did when executed inside an isolated environment.

Cuckoo Malware Analysis is a hands-on guide that will provide you with everything you need to know to use Cuckoo Sandbox with added tools like Volatility, Yara, Cuckooforcanari, Cuckoomx, Radare, and Bokken, which will help you to learn malware analysis in an easier and more efficient way.

Cuckoo Malware Analysis will cover basic theories in sandboxing, automating malware analysis, and how to prepare a safe environment lab for malware analysis. You will get acquainted with Cuckoo Sandbox architecture and learn how to install Cuckoo Sandbox, troubleshoot the problems after installation, submit malware samples, and also analyze PDF files, URLs, and binary files. This book also covers memory forensics – using the memory dump feature, additional memory forensics using Volatility, viewing result analyses using the Cuckoo analysis package, and analyzing APT attacks using Cuckoo Sandbox, Volatility, and Yara.

Finally, you will also learn how to screen Cuckoo Sandbox against VM detection and how to automate the scanning of e-mail attachments with Cuckoo.

Authors

Table of Contents

Chapter 1: Getting Started with Automated Malware Analysis using Cuckoo Sandbox
Malware analysis methodologies
Basic theory in Sandboxing
Malware analysis lab
Cuckoo Sandbox
Installing Cuckoo Sandbox
Summary
Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
Starting Cuckoo
Submitting malware samples to Cuckoo Sandbox
Submitting a malware Word document
Submitting a malware PDF document – aleppo_plan_cercs.pdf
Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
Submitting a malicious URL – http://youtibe.com
Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
Submitting a binary file – Sality.G.exe
Memory forensic using Cuckoo Sandbox – using memory dump features
Additional memory forensic using Volatility
Summary
Chapter 3: Analyzing the Output of Cuckoo Sandbox
The processing module
Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
Summary
Chapter 4: Reporting with Cuckoo Sandbox
Creating a built-in report in HTML format
Creating a MAEC Report
Exporting data report analysis from Cuckoo to another format
Summary
Chapter 5: Tips and Tricks for Cuckoo Sandbox
Hardening Cuckoo Sandbox against VM detection
Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
Automating e-mail attachments with Cuckoo MX
Summary

Book Details

ISBN 139781782169239
Paperback142 pages
Read More