Book Description
Key Features
- Grasp the intricacies of the ELF binary format of UNIX and Linux
- Design tools for reverse engineering and binary forensic analysis
- Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes
Book Description
Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more.
This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them.
The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis.
This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker.
What you will learn
- Explore the internal workings of the ELF binary format
- Discover techniques for UNIX Virus infection and analysis
- Work with binary hardening and software anti-tamper methods
- Patch executables and process memory
- Bypass anti-debugging measures used in malware
- Perform advanced forensic analysis of binaries
- Design ELF-related tools in the C language
- Learn to operate on memory with ptrace
About the Author
Ryan “elfmaster” O’Neill is a computer security researcher and software engineer with a background in reverse engineering, software exploitation, security defense, and forensics technologies. He grew up in the computer hacker subculture, the world of EFnet, BBS systems, and remote buffer overflows on systems with an executable stack. He was introduced to system security, exploitation, and virus writing at a young age. His great passion for computer hacking has evolved into a love for software development and professional security research. Ryan has spoken at various computer security conferences, including DEFCON and RuxCon, and also conducts a 2-day ELF binary hacking workshop.
He has an extremely fulfilling career and has worked at great companies such as Pikewerks, Leviathan Security Group, and more recently Backtrace as a software engineer.
Ryan has not published any other books, but he is well known for some of his papers published in online journals such as Phrack and VXHeaven. Many of his other publications can be found on his website at http://www.bitlackeys.org.
Table of Contents
Chapter 1. The Linux Environment and Its Tools
Chapter 2. The ELF Binary Format
Chapter 3. Linux Process Tracing
Chapter 4. ELF Virus Technology – Linux/Unix Viruses
Chapter 5. Linux Binary Protection
Chapter 6. ELF Binary Forensics in Linux
Chapter 7. Process Memory Forensics
Chapter 8. ECFS – Extended Core File Snapshot Technology
Chapter 9. Linux /proc/kcore Analysis
中文:
书名:Learning Linux Binary Analysis
Key Features
- 掌握UNIX和Linux的ELF二进制格式的复杂性
- 逆向工程和二进制取证分析的设计工具
- 深入了解Unix和Linux内存感染、ELF病毒和二进制保护方案
Book Description
学习Linux二进制分析充满了知识和代码,将教您ELF格式的内部工作原理,以及黑客和安全分析师用于病毒分析、二进制补丁、软件保护等的方法。
本书将从介绍Unix/Linux对象实用程序开始,然后向您介绍ELF示例。您将学习进程跟踪,并将探索不同类型的Linux和UNIX病毒,以及如何利用ELF病毒技术来处理它们。
本书的后半部分讨论了如何使用KProbe工具进行内核破解、代码修补和调试。您将了解如何检测和杀毒内核模式rootkit,并继续分析静态代码。最后,您将了解复杂的用户空间内存感染分析。
这本书将带你进入一些专家都不知道的领域,直接进入电脑黑客的世界。
What you will learn
- 探索ELF二进制格式的内部工作原理
- 发现Unix病毒感染和分析的技术
- Work with binary hardening and software anti-tamper methods
- 修补可执行文件和进程内存
- 绕过恶意软件中使用的反调试措施
- Perform advanced forensic analysis of binaries
- 用C语言设计ELF相关工具
- 学习使用ptrace对内存进行操作
About the Author
瑞安8220;埃尔夫特8221;O8217;尼尔 是一名计算机安全研究员和软件工程师,具有反向工程、软件开发、安全防御和取证技术方面的背景。他成长于计算机黑客亚文化、EFnet、BBS系统和具有可执行堆栈的系统上的远程缓冲区溢出的世界。他在很小的时候就接触到了系统安全、利用和病毒编写。他对计算机黑客的巨大热情已经演变为对软件开发和专业安全研究的热爱。Ryan曾在各种计算机安全会议上发言,包括DEFCON和Ruxcon,还主持了一个为期两天的ELF二进制黑客研讨会。
他的职业生涯非常有成就感,曾在Pikewerks、Leviathan Security Group等伟大公司工作过,最近还担任过Backtrace软件工程师。
瑞安没有发表过任何其他书籍,但他的一些论文发表在PhRack和VXHeaven等在线期刊上,因此广为人知。他的许多其他出版物都可以在他的网站上找到,网址是http://www.bitlackeys.org.
Table of Contents
第1章.Linux环境及其工具
第2章.ELF二进制格式
第3章.Linux进程跟踪
第4章ELF病毒技术-Linux/Unix病毒
第5章.Linux二进制保护
第6章Linux中的ELF二进制取证
第7章:进程内存取证
第8章.ECFS-扩展核心文件快照技术
Chapter 9. Linux /proc/kcore Analysis
评论前必须登录!
注册