Muutke küpsiste eelistusi

Android Malware and Analysis [Kõva köide]

4.62/5 (16 hinnangut Goodreads-ist)
, , , ,
  • Formaat: Hardback, 242 pages, kõrgus x laius: 234x156 mm, kaal: 566 g, 4 Tables, black and white; 83 Illustrations, black and white
  • Ilmumisaeg: 24-Oct-2014
  • Kirjastus: Apple Academic Press Inc.
  • ISBN-10: 1482252198
  • ISBN-13: 9781482252194
Teised raamatud teemal:
Android Malware and AnalysisSuurem pilt
  • Formaat: Hardback, 242 pages, kõrgus x laius: 234x156 mm, kaal: 566 g, 4 Tables, black and white; 83 Illustrations, black and white
  • Ilmumisaeg: 24-Oct-2014
  • Kirjastus: Apple Academic Press Inc.
  • ISBN-10: 1482252198
  • ISBN-13: 9781482252194
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781482252194.html
Märksõnad:
The rapid growth and development of Android-based devices has resulted in a wealth of sensitive information on mobile devices that offer minimal malware protection. This has created an immediate need for security professionals that understand how to best approach the subject of Android malware threats and analysis.

In Android Malware and Analysis, Ken Dunham, renowned global malware expert and author, teams up with international experts to document the best tools and tactics available for analyzing Android malware. The book covers both methods of malware analysis: dynamic and static.

This tactical and practical book shows you how to use to use dynamic malware analysis to check the behavior of an application/malware as it has been executed in the system. It also describes how you can apply static analysis to break apart the application/malware using reverse engineering tools and techniques to recreate the actual code and algorithms used.

The book presents the insights of experts in the field, who have already sized up the best tools, tactics, and procedures for recognizing and analyzing Android malware threats quickly and effectively. You also get access to an online library of tools that supplies what you will need to begin your own analysis of Android malware threats. Tools available on the books site include updated information, tutorials, code, scripts, and author assistance.

This is not a book on Android OS, fuzz testing, or social engineering. Instead, it is about the best ways to analyze and tear apart Android malware threats. After reading the book, you will be able to immediately implement the tools and tactics covered to identify and analyze the latest evolution of Android threats.

Updated information, tutorials, a private forum, code, scripts, tools, and author assistance are available at AndroidRisk.com for first-time owners of the book.
Preface xi
Acknowledgments xiii
Authors xv
Conventions xix
Chapter 1 Introduction to the Android Operating System and Threats
1(6)
Android Development Tools
2(1)
Risky Apps
3(2)
Looking Closer at Android Apps
5(2)
Chapter 2 Malware Threats, Hoaxes, and Taxonomy
7(28)
2010
7(3)
FakePlayer
7(1)
DroidSMS
8(1)
FakeInst
8(1)
TapSnake
8(1)
SMSReplicator
9(1)
Geinimi
9(1)
2011
10(15)
ADRD
10(1)
Pjapps
11(1)
BgServ
11(1)
DroidDream
11(1)
Walkinwat
12(1)
zHash
13(1)
DroidDreamLight
13(1)
Zsone
14(1)
BaseBridge
14(1)
DroidKungFu1
15(1)
GGTracker
16(1)
jSMSHider
16(1)
Plankton
17(1)
GoldDream
18(1)
DroidKungFu2
18(1)
GamblerSMS
19(1)
HippoSMS
19(1)
LoveTrap
19(1)
Nickyspy
20(1)
SndApps
20(1)
Zitmo
21(1)
DogWars
21(1)
DroidKungFu3
22(1)
GingerMaster
22(1)
AnserverBot
23(1)
DroidCoupon
23(1)
Spitmo
24(1)
JiFake
24(1)
Batterydoctor
24(1)
2012
25(3)
AirPush
25(1)
Boxer
25(1)
Gappusin
26(1)
Leadbolt
26(1)
Adwo
26(1)
Counterclank
27(1)
SMSZombie
27(1)
NotCompatible
27(1)
Bmaster
27(1)
LuckyCat
28(1)
DrSheep
28(1)
2013
28(4)
GGSmart
28(1)
Defender
29(1)
Qadars
29(1)
MisoSMS
29(1)
FakeRun
30(1)
TechnoReaper
30(1)
BadNews
31(1)
Obad
31(1)
2014
32(3)
DriveGenie
32(1)
Torec
32(1)
OldBoot
33(1)
DroidPack
33(2)
Chapter 3 Open Source Tools
35(16)
Locating and Downloading Android Packages
36(1)
Vulnerability Research for Android OS
37(1)
Antivirus Scans
37(1)
Static Analysis
38(5)
Linux File Command
38(1)
Unzip the APK
38(1)
Strings
39(1)
Keytool Key and Certificate Management Utility
39(1)
DexID
39(1)
DARE
40(1)
Dex2Jar
40(1)
JD-GUI
41(1)
JAD
41(1)
APKTool
41(1)
AndroWarn
41(1)
Dexter
42(1)
VisualThreat
43(1)
Sandbox Analysis
43(2)
AndroTotal
45(1)
APKScan
45(1)
Mobile Malware Sandbox
45(1)
Mobile Sandbox
45(1)
Emulation Analysis
45(1)
Eclipse
45(1)
DroidBox
46(1)
AppsPlayground
46(1)
Native Analysis
46(1)
Logcat
46(1)
Traceview and Dmtracedump
46(1)
Tcpdump
47(1)
Reverse Engineering
47(1)
Androguard
47(1)
AndroidAuditTools
48(1)
Smali/Baksmali
48(1)
AndBug
48(1)
Memory Analysis
48(3)
LiME
49(1)
Memfetch
49(1)
Volatility for Android
49(1)
Volatilitux
49(2)
Chapter 4 Static Analysis
51(20)
Collections: Where to Find Apps for Analysis
52(2)
Google Play Marketplace
52(1)
Marketplace Mirrors and Cache
53(1)
Contagio Mobile
53(1)
Advanced Internet Queries
53(1)
Private Groups and Rampart Research Inc.
53(1)
Android Malware Genome Project
54(1)
File Data
54(1)
Cryptographic Hash Types and Queries
55(1)
Other Metadata
56(6)
Antivirus Scans and Aliases
57(1)
Unzipping an APK
57(1)
Common Elements of an Unpacked APK File
57(1)
Certificate Information
58(1)
Permissions
59(1)
Strings
60(1)
Other Content of Interest within an APK
61(1)
Creating a JAR File
62(1)
VisualThreat Modeling
62(1)
Automation
62(1)
(Fictional) Case Study
63(8)
Chapter 5 Android Malware Evolution
71(6)
Chapter 6 Android Malware Trends and Reversing Tactics
77(14)
Chapter 7 Behavioral Analysis
91(38)
Introduction to AVD and Eclipse
91(1)
Downloading and Installing the ADT Bundle
92(1)
The Software Development Kit Manager
93(1)
Choosing an Android Platform
94(1)
Processor Emulation
95(1)
Choosing a Processor
95(1)
Using HAXM
95(1)
Configuring Emulated Devices within AVD
96(3)
Location of Emulator Files
99(1)
Default Image Files
100(1)
Runtime Images: User Data and SD Card
100(1)
Temporary Images
100(1)
Setting Up an Emulator for Testing
101(1)
Controlling Malicious Samples in an Emulated Environment
102(1)
Additional Networking in Emulators
102(1)
Using the ADB Tool
103(1)
Using the Emulator Console
103(1)
Applications for Analysis
104(1)
Capabilities and Limitations of the Emulators
105(1)
Preserving Data and Settings on Emulators
105(1)
Setting Up a Physical Device for Testing
106(2)
Limitations and Capabilities of Physical Devices
108(1)
Network Architecture for Sniffing in a Physical Environment
109(1)
Applications for Analysis
110(1)
Installing Samples to Devices and Emulators
111(1)
Application Storage and Data Locations
112(1)
Getting Samples Off Devices
112(1)
The Eclipse DDMS Perspective
113(1)
Devices View
113(4)
Network Statistics
116(1)
File Explorer
116(1)
Emulator Control
117(1)
System Information
117(1)
LogCat View
117(1)
Filtering LogCat Output
117(1)
Application Tracing
118(1)
Analysis of Results
118(4)
Data Wiping Method
122(1)
Application Tracing on a Physical Device
122(2)
Imaging the Device
124(2)
Other Items of Interest
126(2)
Using Google Services Accounts
126(1)
Sending SMS Messages
126(1)
Getting Apps from Google Play
127(1)
Working with Databases
127(1)
Conclusion
128(1)
Chapter 8 Building Your Own Sandbox
129(46)
Static Analysis
130(1)
Dynamic Analysis
131(1)
Working Terminology for an Android Sandbox
131(4)
Android Internals Overview
131(1)
Android Architecture
132(1)
Applications
133(1)
Applications Framework
133(1)
Libraries
134(1)
Android Runtime
135(4)
The Android Kernel
139(5)
Build Your Own Sandbox
144(1)
Tools for Static Analysis
144(1)
Androguard
144(8)
Radare2
146(1)
Dex2Jar and JD-GUI
147(1)
APKInspector
148(1)
Keytool
148(1)
Tools for Dynamic Analysis
149(1)
TaintDroid
149(1)
DroidBox
150(1)
DECAF
151(1)
TraceDroid Analysis Platform
151(1)
Volatility Framework
152(1)
Sandbox Lab (Codename AMA)
152(23)
Architecture
153(1)
Host Requirements
154(1)
Operating System
154(4)
Configuration
158(4)
Running Sandbox
162(2)
Static Analysis of Uploaded Malware Samples
164(4)
Dynamic Analysis of Uploaded Malware Samples
168(5)
Conclusions about AMA
173(2)
Chapter 9 Case Study Examples
175(30)
Usbcleaver
175(21)
Checkpoint
180(1)
Static Analysis
180(5)
Checkpoint
185(1)
Dynamic Analysis
185(2)
Launch of the APK
187(8)
Summary
195(1)
Torec
196(9)
Bibliography 205(4)
Index 209
Ken Dunham has nearly two decades of experience on the front lines of information security. He currently works as a principal incident intelligence engineer for iSIGHT Partners and as CEO of the nonprofit Rampart Research. Dunham regularly briefs top-level executives and officials in Fortune 500 companies and manages major newsworthy incidents globally. Formerly, he led training efforts as a contractor for the U.S. Air Force for U-2 reconnaissance, Warthog Fighter, and Predator (UAV) programs. Concurrently, he also authored top Web sites and freeware antiviruses and other software, and has taught at multiple levels on a diverse range of topics.

Dunham is the author of multiple books, is a regular columnist, and has authored thousands of incident and threat reports over the past two decades. He holds a masters of teacher education and several certifications: CISSP, GCFA Gold (forensics), GCIH Gold (Honors) (incident handling), GSEC (network security), GREM Gold (reverse engineering), and GCIA (intrusion detection). He is also the founder and former president of Idaho InfraGard and Boise ISSA, a member of multiple security organizations globally, and former Wildlist Organization reporter. In 2014, Dunham was awarded the esteemed ISSA International Distinguished Fellow status. Dunham is also the founder of the nonprofit organization Rampart Research, which meets the needs of over 1,000 cybersecurity experts globally.

Shane Hartman, CISSP, GREM, is a malware engineer at iSIGHT Partners, focusing on the analysis and characteristics of malicious code. He has been in the information technology field for 20 years covering a wide variety of areas including network engineering and security. He is also a frequent speaker at local security events and teaches security courses at the University of South Florida. Hartman holds a masters degree in digital forensics from the University of Central Florida.

Jose Morales has been a researcher in cybersecurity since 1998, focusing on behavior-based malware analysis and detection and suspicion assessment theory and implementation. He graduated with his Ph.D. in computer science in 2008 from Florida International University and completed a postdoctoral fellowship at the Institute for Cyber Security at the University of Texas at San Antonio. He is a senior member of the Association of Computing Machinery (ACM) and IEEE.

Manu Quintans is a malware researcher linked from many years ago to the malware scene, as a collaborator with groups such Hacktimes.com and Malware Intelligence, developing expertise and disciplines related to malware research and response. He currently works as an intelligence manager for a Big4, performing campaign tracking of malware and supporting incidence response teams in the Middle East. He also chairs a nonprofit organization called mlw.re dedicated to the study of new online threats to assist organizations and computer emergency response teams (CERTs) combating such threats.

Tim Strazzere is a lead research and response engineer at Lookout Mobile Security. Along with writing security software, he specializes in reverse engineering and malware analysis. Some interesting past projects include reversing the Android Market protocol, Dalvik decompilers, and memory manipulation on mobile devices. Past speaking engagements have included DEFCON, BlackHat, SyScan, HiTCON, and EICAR.