WINDOWS APT WARFARE identify and prevent Windows APT attacks effectively

Book Cover
Average Rating
Author
Ma, Sheng-Hao,
Published
[S.l.] : PACKT PUBLISHING LIMITED, 2023.
Status
Available Online

Description

Loading Description...

More Details

Format
Edition
1st edition.
Language
English
ISBN
1804617210, 9781804617212

Notes

Description
Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand how malware evades modern security products Learn to reverse engineer standard PE format program files Become familiar with modern attack techniques used by multiple red teams Book Description An Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you've understood the internal design of operating systems, you'll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you'll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection. As you advance, you'll cover practical examples of malware and online game hacking, such as EXE infection, shellcode development, software packers, UAC bypass, path parser vulnerabilities, and digital signature forgery, gaining expertise in keeping your system safe from this kind of malware. By the end of this book, you'll be well equipped to implement the red team techniques that you've learned on a victim's computer environment, attempting to bypass security and antivirus products, to test its defense against Windows APT attacks. What you will learn Explore various DLL injection techniques for setting API hooks Understand how to run an arbitrary program file in memory Become familiar with malware obfuscation techniques to evade antivirus detection Discover how malware circumvents current security measures and tools Use Microsoft Authenticode to sign your code to avoid tampering Explore various strategies to bypass UAC design for privilege escalation Who this book is for This book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.
Local note
O'Reilly O'Reilly Online Learning: Academic/Public Library Edition

Discover More

Catalog enrichment powered by Syndetics Unbound

Also in this Series

Checking series information...

More Like This

Loading more titles like this title...

Published Reviews

Reviews from GoodReads

Loading GoodReads Reviews.

Citations

APA Citation, 7th Edition (style guide)

Ma, S. (2023). WINDOWS APT WARFARE: identify and prevent Windows APT attacks effectively (1st edition.). PACKT PUBLISHING LIMITED.

Chicago / Turabian - Author Date Citation, 17th Edition (style guide)

Ma, Sheng-Hao. 2023. WINDOWS APT WARFARE: Identify and Prevent Windows APT Attacks Effectively. [S.l.]: PACKT PUBLISHING LIMITED.

Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)

Ma, Sheng-Hao. WINDOWS APT WARFARE: Identify and Prevent Windows APT Attacks Effectively [S.l.]: PACKT PUBLISHING LIMITED, 2023.

Harvard Citation (style guide)

Ma, S. (2023). WINDOWS APT WARFARE: identify and prevent windows APT attacks effectively. 1st edn. [S.l.]: PACKT PUBLISHING LIMITED.

MLA Citation, 9th Edition (style guide)

Ma, Sheng-Hao. WINDOWS APT WARFARE: Identify and Prevent Windows APT Attacks Effectively 1st edition., PACKT PUBLISHING LIMITED, 2023.

Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.

Staff View

Grouped Work ID
b72dc2b4-a713-bb3e-e31b-20f43b7c4a7d-eng
Go To Grouped Work View in Staff Client

Grouping Information

Grouped Work IDb72dc2b4-a713-bb3e-e31b-20f43b7c4a7d-eng
Full titlewindows apt warfare identify and prevent windows apt attacks effectively
Authorma sheng hao
Grouping Categorybook
Last Update2025-01-24 12:33:29PM
Last Indexed2025-05-03 03:30:05AM

Book Cover Information

Image Sourcedefault
First LoadedFeb 3, 2025
Last UsedMar 11, 2025

Marc Record

First DetectedDec 16, 2024 11:24:37 PM
Last File Modification TimeDec 17, 2024 08:24:08 AM
SuppressedRecord had no items

MARC Record

LEADER07389cam a22005417a 4500
001on1371483974
003OCoLC
00520241217082219.0
006m     o  d        
007cr cnu---unuuu
008230311s2023    xx      o     000 0 eng d
015 |a GBC341603|2 bnb
0167 |a 020967629|2 Uk
019 |a 1371755127
020 |a 1804617210|q (electronic bk.)
020 |a 9781804617212|q (electronic bk.)
035 |a (OCoLC)1371483974|z (OCoLC)1371755127
037 |a 9781804618110|b O'Reilly Media
040 |a YDX|b eng|c YDX|d UKMGB|d ORMDA|d EBLCP|d IEEEE|d OCLCO|d N$T|d ORMDA|d DEGRU
049 |a MAIN
050 4|a QA76.76.C68
08204|a 005.8|2 23/eng/20231116
1001 |a Ma, Sheng-Hao,|e author.
24510|a WINDOWS APT WARFARE|h [electronic resource] :|b identify and prevent Windows APT attacks effectively /|c Sheng-Hao Ma.
250 |a 1st edition.
260 |a [S.l.] :|b PACKT PUBLISHING LIMITED,|c 2023.
300 |a 1 online resource
336 |a text|2 rdacontent
337 |a computer|2 rdamedia
338 |a online resource|2 rdacarrier
5050 |a Cover -- Title Page -- Copyright and Credits -- Dedication -- Foreword -- Contributors -- Disclaimer -- Table of Contents -- Preface -- Part 1 -- Modern Windows Compiler -- Chapter 1: From Source to Binaries -- The Journey of a C Program -- The simplest Windows program in C -- C compiler -- assembly code generation -- Assembler -- transforming assembly code into machine code -- Compiling code -- Windows linker -- packing binary data into PE format -- Running static PE files as dynamic processes -- Summary -- Chapter 2: Process Memory -- File Mapping, PE Parser, tinyLinker, and Hollowing
5058 |a Sample programs -- The memory of the static contents of PE files -- NT Headers -- Section Headers -- PE Parser example -- Dynamic file mapping -- PE infection (PE Patcher) example -- tinyLinker example -- Examples of process hollowing -- PE files to HTML -- Summary -- Chapter 3: Dynamic API Calling -- Thread, Process, and Environment Information -- Sample programs -- Function calling convention -- Calling convention -- Thread Environment Block (TEB) -- Process Environment Block -- Examples of process parameter forgery -- Examples of enumerating loaded modules without an API
5058 |a Examples of disguising and hiding loaded DLLs -- Summary -- Part 2 -- Windows Process Internals -- Chapter 4: Shellcode Technique -- Exported Function Parsing -- Sample programs -- EATs in PE -- Examples of a DLL file analyzer -- Dynamic crawling function in PE -- Examples of writing shellcode in x86 -- A shellcode generator in Python -- Summary -- Chapter 5: Application Loader Design -- Import Address Table in PE -- Import API analyzer example -- Calling programs directly in memory -- Examples of IAT hijack -- DLL side-loading example -- Summary -- Chapter 6: PE Module Relocation
5058 |a Relocation table of PE -- tinyLoader example -- Summary -- Part 3 -- Abuse System Design and Red Team Tips -- Chapter 7: PE to Shellcode -- Transforming PE Files into Shellcode -- The open source project pe_to_shellcode analysis -- Parsing Kernel32's export table in x86 assembly -- Getting API addresses in x86 assembly -- File mapping and repairing an import table in x86 -- Handling relocation in x86 -- An example of PE to shellcode -- Summary -- Chapter 8: Software Packer Design -- What is a software packer? -- Packer builder -- Stub -- the main program of an unpacker
5058 |a Examples of software packers -- Summary -- Chapter 9: Digital Signature -- Authenticode Verification -- Authenticode digital signatures -- Signature verification -- WinVerifyTrust under the hood -- Signature data in PE files -- PKCS#7 information -- Examples of mock signatures -- Examples of bypassing hash verification -- Examples of signature steganography -- Getting signed by abusing path normalization -- Summary -- Chapter 10: Reversing User Account Control and Bypassing Tricks -- UAC overview -- RAiLaunchAdminProcess callback -- Two-level authentication mechanism -- Authentication A
520 |a Learn Windows system design from the PE binary structure to modern and practical attack techniques used by red teams to implement advanced prevention Purchase of the print or Kindle book includes a free PDF eBook Key Features Understand how malware evades modern security products Learn to reverse engineer standard PE format program files Become familiar with modern attack techniques used by multiple red teams Book Description An Advanced Persistent Threat (APT) is a severe form of cyberattack that lies low in the system for a prolonged time and locates and then exploits sensitive information. Preventing APTs requires a strong foundation of basic security techniques combined with effective security monitoring. This book will help you gain a red team perspective on exploiting system design and master techniques to prevent APT attacks. Once you've understood the internal design of operating systems, you'll be ready to get hands-on with red team attacks and, further, learn how to create and compile C source code into an EXE program file. Throughout this book, you'll explore the inner workings of how Windows systems run and how attackers abuse this knowledge to bypass antivirus products and protection. As you advance, you'll cover practical examples of malware and online game hacking, such as EXE infection, shellcode development, software packers, UAC bypass, path parser vulnerabilities, and digital signature forgery, gaining expertise in keeping your system safe from this kind of malware. By the end of this book, you'll be well equipped to implement the red team techniques that you've learned on a victim's computer environment, attempting to bypass security and antivirus products, to test its defense against Windows APT attacks. What you will learn Explore various DLL injection techniques for setting API hooks Understand how to run an arbitrary program file in memory Become familiar with malware obfuscation techniques to evade antivirus detection Discover how malware circumvents current security measures and tools Use Microsoft Authenticode to sign your code to avoid tampering Explore various strategies to bypass UAC design for privilege escalation Who this book is for This book is for cybersecurity professionals- especially for anyone working on Windows security, or malware researchers, network administrators, ethical hackers looking to explore Windows exploit, kernel practice, and reverse engineering. A basic understanding of reverse engineering and C/C++ will be helpful.
5880 |a Print version record.
590 |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition
650 0|a Malware (Computer software)|x Prevention.
650 0|a Windows (Computer programs)|x Security measures.
77608|i Print version:|a Ma, Sheng-Hao.|t WINDOWS APT WARFARE.|b 1st edition.|d [S.l.] : PACKT PUBLISHING LIMITED, 2023|z 1804617210
85640|u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781804618110/?ar|x O'Reilly|z eBook
938 |a De Gruyter|b DEGR|n 9781804617212
938 |a YBP Library Services|b YANK|n 304658882
938 |a ProQuest Ebook Central|b EBLB|n EBL30394363
938 |a EBSCOhost|b EBSC|n 3563814
994 |a 92|b VIA
999 |c 358906|d 358906