Learning Linux binary analysis : uncover the secrets of Linux binary analysis with this handy guide / Ryan "elfmaster" O'Neill.
Material type:
TextSeries: Community experience distilledPublication details: Birmingham : Packt Publishing, 2016.Description: 1 online resource (xiii, 253 pages) : illustrations (some color)Content type: - text
- computer
- online resource
- 1782167110
- 9781782167112
- 1782167102
- 9781782167105
- 005.432 23
- QA76.774.L46
| Item type | Home library | Collection | Call number | Materials specified | Status | Date due | Barcode | |
|---|---|---|---|---|---|---|---|---|
Electronic-Books
|
OPJGU Sonepat- Campus | E-Books EBSCO | Available |
Online resource; title from PDF title page (EBSCO, viewed March 17, 2016).
Includes index.
Annotation Uncover the secrets of Linux binary analysis with this handy guideAbout This Book Grasp the intricacies of the ELF binary format of UNIX and Linux Design tools for reverse engineering and binary forensic analysis Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes Who This Book Is ForIf you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed. What You Will Learn Explore the internal workings of the ELF binary format Discover techniques for UNIX Virus infection and analysis Work with binary hardening and software anti-tamper methods Patch executables and process memory Bypass anti-debugging measures used in malware Perform advanced forensic analysis of binaries Design ELF-related tools in the C language Learn to operate on memory with ptraceIn DetailLearning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more. This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them. The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis. This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker. Style and approachThe material in this book provides detailed insight into the arcane arts of hacking, coding, reverse engineering Linux executables, and dissecting process memory. In the computer security industry these skills are priceless, and scarce. The tutorials are filled with knowledge gained through first hand experience, and are complemented with frequent examples including source code.
Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Linux Environment and Its Tools; Chapter 2: The ELF Binary Format; Chapter 3: Linux Process Tracing; Chapter 4: ELF Virus Technology -- Linux/Unix Viruses; Chapter 5: Linux Binary Protection; Chapter 6: ELF Binary Forensics in Linux; Chapter 7: Process Memory Forensics; Chapter 8: ECFS -- Extended Core File Snapshot Technology; Chapter 9: Linux /proc/kcore Analysis; Index; Linux tools; Useful devices and files; Linker-related environment points
ELF virus technologyELF virus engineering challenges; ELF virus parasite infection methods; The PT_NOTE to PT_LOAD conversion infection method; Infecting control flow; Process memory viruses and rootkits -- remote code injection techniques; ELF anti-debugging and packing techniques; ELF virus detection and disinfection; Summary; ELF binary packers -- dumb protectors; Stub mechanics and the userland exec; Other jobs performed by protector stubs; Existing ELF binary protectors; Downloading Maya-protected binaries; Anti-debugging for binary protection; Resistance to emulation; Obfuscation methods
Protecting control flow integrityOther resources; Summary; The science of detecting entry point modification; Detecting other forms of control flow hijacking; Identifying parasite code characteristics; Checking the dynamic segment for DLL injection traces; Identifying reverse text padding infections; Identifying text segment padding infections; Identifying protected binaries; IDA Pro; Summary; What does a process look like?; Process memory infection; Detecting the ET_DYN injection; Linux ELF core files; Summary; History; The ECFS philosophy; Getting started with ECFS
Libecfs -- a library for parsing ECFS filesreadecfs; Examining an infected process using ECFS; The ECFS reference guide; Process necromancy with ECFS; Learning more about ECFS; Summary; Linux kernel forensics and rootkits; stock vmlinux has no symbols; /proc/kcore and GDB exploration; Direct sys_call_table modifications; Kprobe rootkits; Debug register rootkits -- DRR; VFS layer rootkits; Other kernel infection techniques; vmlinux and .altinstructions patching; Using taskverse to see hidden processes; Infected LKMs -- kernel drivers; Notes on /dev/kmem and /dev/mem; /dev/mem
K-ecfs -- kernel ECFS
eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide
There are no comments on this title.