Binary Analysis Cookbook Actionable recipes for disassembling and analyzing binaries for security risks

Born, Michael

  • 出版商: Packt Publishing
  • 出版日期: 2019-09-20
  • 售價: $1,600
  • 貴賓價: 9.5$1,520
  • 語言: 英文
  • 頁數: 396
  • 裝訂: Paperback
  • ISBN: 1789807603
  • ISBN-13: 9781789807608
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Key Features

  • Adopt a methodological approach to binary ELF analysis on Linux
  • Learn how to disassemble binaries and understand disassembled code
  • Discover how and when to patch a malicious binary during analysis

Book Description

Binary analysis is the process of examining a binary program to determine information security actions. It is a complex, constantly evolving, and challenging topic that crosses over into several domains of information technology and security.

This binary analysis book is designed to help you get started with the basics, before gradually advancing to challenging topics. Using a recipe-based approach, this book guides you through building a lab of virtual machines and installing tools to analyze binaries effectively. You'll begin by learning about the IA32 and ELF32 as well as IA64 and ELF64 specifications. The book will then guide you in developing a methodology and exploring a variety of tools for Linux binary analysis. As you advance, you'll learn how to analyze malicious 32-bit and 64-bit binaries and identify vulnerabilities. You'll even examine obfuscation and anti-analysis techniques, analyze polymorphed malicious binaries, and get a high-level overview of dynamic taint analysis and binary instrumentation concepts.

By the end of the book, you'll have gained comprehensive insights into binary analysis concepts and have developed the foundational skills to confidently delve into the realm of binary analysis.

What you will learn

  • Traverse the IA32, IA64, and ELF specifications
  • Explore Linux tools to disassemble ELF binaries
  • Identify vulnerabilities in 32-bit and 64-bit binaries
  • Discover actionable solutions to overcome the limitations in analyzing ELF binaries
  • Interpret the output of Linux tools to identify security risks in binaries
  • Understand how dynamic taint analysis works

Who this book is for

This book is for anyone looking to learn how to dissect ELF binaries using open-source tools available in Linux. If you're a Linux system administrator or information security professional, you'll find this guide useful. Basic knowledge of Linux, familiarity with virtualization technologies and the working of network sockets, and experience in basic Python or Bash scripting will assist you with understanding the concepts in this book

商品描述(中文翻譯)

主要特點


  • 採用方法論的方式進行Linux上的二進制ELF分析

  • 學習如何反組譯二進制文件並理解反組譯的代碼

  • 在分析過程中發現並修補惡意二進制文件的方法和時機

書籍描述

二進制分析是檢查二進制程序以確定信息安全行動的過程。它是一個複雜、不斷發展且具有挑戰性的主題,涉及到信息技術和安全的多個領域。

這本二進制分析書籍旨在幫助您從基礎知識入手,逐漸深入探討挑戰性的主題。通過提供一系列的實踐方法,本書引導您建立一個虛擬機器實驗室並安裝工具以有效地分析二進制文件。您將首先學習IA32和ELF32以及IA64和ELF64的規範。然後,本書將指導您制定一種方法論並探索各種用於Linux二進制分析的工具。隨著進一步的學習,您將學習如何分析惡意的32位和64位二進制文件並識別漏洞。您甚至將研究混淆和反分析技術,分析多態惡意二進制文件,並獲得動態污點分析和二進制儀器化概念的高級概述。

通過閱讀本書,您將全面了解二進制分析的概念,並具備自信地深入研究二進制分析領域所需的基礎技能。

您將學到什麼


  • 瀏覽IA32、IA64和ELF規範

  • 探索Linux工具以反組譯ELF二進制文件

  • 識別32位和64位二進制文件中的漏洞

  • 發現克服分析ELF二進制文件限制的可行解決方案

  • 解讀Linux工具的輸出以識別二進制文件中的安全風險

  • 了解動態污點分析的工作原理

適合閱讀對象

本書適合任何希望使用Linux上的開源工具解析ELF二進制文件的人。如果您是Linux系統管理員或信息安全專業人員,您會發現本指南很有用。對Linux的基本知識、熟悉虛擬化技術和網絡套接字的工作原理,以及具備基本的Python或Bash腳本編寫經驗,將有助於您理解本書中的概念。

作者簡介

Michael Born is a senior security consultant for SecureSky, Inc. Michael has earned several industry certifications and has co-taught offensive-focused Python programming classes at OWASP AppSec USA, and AppSec Europe. He enjoys coding in Python, IA32, IA64, PowerShell, participating in, and designing, capture the flag (ctf) challenges, teaching and mentoring others looking to embark on a career in information security, and presenting on various information security topics at local chapters of well-known information security groups. Michael has served on the chapter board for his local OWASP chapter, is a lifetime OWASP member, and participates in the local DC402 group.

作者簡介(中文翻譯)

Michael Born 是 SecureSky 公司的高級安全顧問。Michael 獲得了多個行業認證,並在 OWASP AppSec USA 和 AppSec Europe 共同教授以攻擊為重點的 Python 編程課程。他喜歡使用 Python、IA32、IA64 和 PowerShell 進行編程,參與設計和解決 capture the flag (ctf) 挑戰,教導和指導其他希望從事信息安全職業的人,並在知名信息安全組織的本地分會上就各種信息安全主題進行演講。Michael 曾在當地 OWASP 分會擔任董事,是終身 OWASP 會員,並參與當地的 DC402 群組。

目錄大綱

  1. Setting Up The Lab
  2. 32-bit Assembly on Linux And The ELF Specification
  3. 64-bit Assembly on Linux and the ELF Specification
  4. Creating A Binary Analysis Methodology
  5. Linux Tools for Binary Analysis
  6. Analyzing A Simple Bind Shell
  7. Analyzing A Simple Reverse Shell
  8. Identifying Vulnerabilities
  9. Understanding Anti-Analysis Techniques
  10. A Simple Reverse Shell With Polymorphism
  11. Appendix: Dynamic Taint Analysis - the 30,000 Foot View

目錄大綱(中文翻譯)


  1. 建立實驗室

  2. 在Linux上使用32位元組合語言和ELF規範

  3. 在Linux上使用64位元組合語言和ELF規範

  4. 建立二進制分析方法論

  5. 用於二進制分析的Linux工具

  6. 分析簡單的綁定殼程式

  7. 分析簡單的反向殼程式

  8. 識別漏洞

  9. 了解反分析技術

  10. 具有多態性的簡單反向殼程式

  11. 附錄:動態污點分析 - 30000英尺的概觀