ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب The art of computer virus research and defense

دانلود کتاب هنر تحقیق و دفاع از ویروس کامپیوتری

The art of computer virus research and defense

مشخصات کتاب

The art of computer virus research and defense

دسته بندی: امنیت
ویرایش:  
نویسندگان:   
سری:  
ISBN (شابک) : 0321304543, 9780321304544 
ناشر: Addison-Wesley 
سال نشر: 2005 
تعداد صفحات: 0 
زبان: English 
فرمت فایل : CHM (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 13 مگابایت 

قیمت کتاب (تومان) : 57,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 12


در صورت تبدیل فایل کتاب The art of computer virus research and defense به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب هنر تحقیق و دفاع از ویروس کامپیوتری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی در مورد کتاب هنر تحقیق و دفاع از ویروس کامپیوتری

محقق ارشد آنتی ویروس سیمانتک راهنمای قطعی تهدیدات ویروسی معاصر، تکنیک های دفاعی و ابزارهای تجزیه و تحلیل را نوشته است. برخلاف اکثر کتاب‌های مربوط به ویروس‌های رایانه‌ای، هنر تحقیقات و دفاع از ویروس‌های رایانه‌ای مرجعی است که صرفاً برای کلاه‌های سفید نوشته شده است: متخصصان فناوری اطلاعات و امنیت که مسئول محافظت از سازمان‌های خود در برابر بدافزار هستند. پیتر زور به طور سیستماتیک همه چیزهایی را که باید بدانید، از جمله رفتار و طبقه بندی ویروس، استراتژی های محافظت، تکنیک های آنتی ویروس و مسدود کردن کرم ها و موارد دیگر را پوشش می دهد. Szor پیشرفته‌ترین فناوری‌ها را در بدافزار و محافظت ارائه می‌کند و جزئیات فنی کاملی را که متخصصان برای مدیریت حملات پیچیده‌تر به آن نیاز دارند، ارائه می‌کند. در طول مسیر، او اطلاعات گسترده‌ای در مورد دگرگونی کد و سایر تکنیک‌های در حال ظهور ارائه می‌دهد، بنابراین می‌توانید تهدیدات آینده را پیش‌بینی کرده و برای آن آماده شوید. Szor همچنین کامل ترین و کاربردی ترین پرایمر در مورد تجزیه و تحلیل ویروس را ارائه می دهد که تا کنون منتشر شده است - به همه چیز از ایجاد آزمایشگاه شخصی شما تا خودکار کردن فرآیند تجزیه و تحلیل می پردازد. پوشش این کتاب شامل: • کشف چگونگی حمله کدهای مخرب به پلتفرم های مختلف • طبقه بندی استراتژی های بدافزار برای آلودگی، عملیات درون حافظه، محافظت از خود، تحویل محموله، بهره برداری، و موارد دیگر • شناسایی و پاسخ به تهدیدات مبهم سازی کد: رمزگذاری شده، چند شکلی و دگرگونی • تسلط بر روش های تجربی برای تجزیه و تحلیل کدهای مخرب - و اینکه با آنچه یاد می گیرید چه کار کنید • مهندسی معکوس کدهای مخرب با جداکننده‌ها، دیباگرها، شبیه‌سازها و ماشین‌های مجازی • اجرای دفاع فنی: اسکن، شبیه سازی کد، ضد عفونی، تلقیح، بررسی یکپارچگی، جعبه شنی، هانی پات، مسدود کردن رفتار، و موارد دیگر • استفاده از مسدود کردن کرم، پیشگیری از نفوذ مبتنی بر میزبان، و استراتژی‌های دفاعی در سطح شبکه


توضیحاتی درمورد کتاب به خارجی

Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more. Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats. Szor also offers the most thorough and practical primer on virus analysis ever published—addressing everything from creating your own personal laboratory to automating the analysis process. This book's coverage includes: • Discovering how malicious code attacks on a variety of platforms • Classifying malware strategies for infection, in-memory operation, self-protection, payload delivery, exploitation, and more • Identifying and responding to code obfuscation threats: encrypted, polymorphic, and metamorphic • Mastering empirical methods for analyzing malicious code—and what to do with what you learn • Reverse-engineering malicious code with disassemblers, debuggers, emulators, and virtual machines • Implementing technical defenses: scanning, code emulation, disinfection, inoculation, integrity checking, sandboxing, honeypots, behavior blocking, and much more • Using worm blocking, host-based intrusion prevention, and network-level defense strategies



فهرست مطالب

About the Author.Preface.Acknowledgments.I. STRATEGIES OF THE ATTACKER.1. Introduction to the Games of Nature.    Early Models of Self-Replicating Structures      John von Neumann: Theory of Self-Reproducing Automata      Fredkin: Reproducing Structures      Conway: Game of Life      Core War: The Fighting Programs    Genesis of Computer Viruses    Automated Replicating Code: The Theory and Definition of Computer Viruses    References2. The Fascination of Malicious Code Analysis.    Common Patterns of Virus Research    Antivirus Defense Development    Terminology of Malicious Programs      Viruses      Worms      Logic Bombs      Trojan Horses      Germs      Exploits      Downloaders      Dialers      Droppers      Injectors      Auto-Rooters      Kits (Virus Generators)      Spammer Programs      Flooders      Keyloggers      Rootkits    Other Categories      Joke Programs      Hoaxes: Chain Letters      Other Pests: Adware and Spyware    Computer Malware Naming Scheme            ://      /      .                  []            :      #      @m or @mm      !    Annotated List of Officially Recognized Platform Names    References3. Malicious Code Environments.    Computer Architecture Dependency    CPU Dependency    Operating System Dependency    Operating System Version Dependency    File System Dependency      Cluster Viruses      NTFS Stream Viruses      NTFS Compression Viruses      ISO Image Infection    File Format Dependency      COM Viruses on DOS      EXE Viruses on DOS      NE (New Executable) Viruses on 16-bit Windows and OS/2      LX Viruses on OS/2      PE (Portable Executable) Viruses on 32-bit Windows      ELF (Executable and Linking Format) Viruses on UNIX      Device Driver Viruses      Object Code and LIB Viruses    Interpreted Environment Dependency      Macro Viruses in Microsoft Products      REXX Viruses on IBM Systems      DCL (DEC Command Language) Viruses on DEC/VMS      Shell Scripts on UNIX (csh, ksh, and bash)      VBScript (Visual Basic Script) Viruses on Windows Systems      BATCH Viruses      Instant Messaging Viruses in mIRC, PIRCH scripts      SuperLogo Viruses      JScript Viruses      Perl Viruses      WebTV Worms in JellyScript Embedded in HTML Mail      Python Viruses      VIM Viruses      EMACS Viruses      TCL Viruses      PHP Viruses      MapInfo Viruses      ABAP Viruses on SAP      Help File Viruses on Windows-When You Press F1...      JScript Threats in Adobe PDF      AppleScript Dependency      ANSI Dependency      Macromedia Flash ActionScript Threats      HyperTalk Script Threats      AutoLisp Script Viruses      Registry Dependency      PIF and LNK Dependency      Lotus Word Pro Macro Viruses      AmiPro Document Viruses      Corel Script Viruses      Lotus 1-2-3 Macro Dependency      Windows Installation Script Dependency      AUTORUN.INF and Windows INI File Dependency      HTML (Hypertext Markup Language) Dependency    Vulnerability Dependency    Date and Time Dependency    JIT Dependency: Microsoft .NET Viruses    Archive Format Dependency    File Format Dependency Based on Extension    Network Protocol Dependency    Source Code Dependency      Source Code Trojans    Resource Dependency on Mac and Palm Platforms    Host Size Dependency    Debugger Dependency      Intended Threats that Rely on a Debugger    Compiler and Linker Dependency    Device Translator Layer Dependency    Embedded Object Insertion Dependency    Self-Contained Environment Dependency    Multipartite Viruses    Conclusion    References4. Classification of Infection Strategies.    Boot Viruses      Master Boot Record (MBR) Infection Techniques      DOS BOOT Record (DBR) - Infection Techniques      Boot Viruses That Work While Windows 95 Is Active      Possible Boot Image Attacks in Network Environments    File Infection Techniques      Overwriting Viruses      Random Overwriting Viruses      Appending Viruses      Prepending Viruses      Classic Parasitic Viruses      Cavity Viruses      Fractionated Cavity Viruses      Compressing Viruses      Amoeba Infection Technique      Embedded Decryptor Technique      Embedded Decryptor and Virus Body Technique      Obfuscated Tricky Jump Technique      Entry-Point Obscuring (EPO) Viruses      Possible Future Infection Techniques: Code Builders    An In-Depth Look at Win32 Viruses      The Win32 API and Platforms That Support It      Infection Techniques on 32-Bit Windows      Win32 and Win64 Viruses: Designed for Microsoft Windows?    Conclusion    References5. Classification of In-Memory Strategies.    Direct-Action Viruses    Memory-Resident Viruses      Interrupt Handling and Hooking      Hook Routines on INT 13h (Boot Viruses)      Hook Routines on INT 21h (File Viruses)      Common Memory Installation Techniques Under DOS      Stealth Viruses      Disk Cache and System Buffer Infection    Temporary Memory-Resident Viruses    Swapping Viruses    Viruses in Processes (in User Mode)    Viruses in Kernel Mode (Windows 9x/Me)    Viruses in Kernel Mode (Windows NT/2000/XP)    In-Memory Injectors over Networks    References6. Basic Self-Protection Strategies.    Tunneling Viruses      Memory Scanning for Original Handler      Tracing with Debug Interfaces      Code Emulation-Based Tunneling      Accessing the Disk Using Port I/O      Using Undocumented Functions    Armored Viruses      Antidisassembly      Encrypted Data      Code Confusion to Avoid Analysis      Opcode Mixing-Based Code Confusion      Using Checksum       Compressed, Obfuscated Code      Antidebugging      Antiheuristics      Antiemulation Techniques      Antigoat Viruses    Aggressive Retroviruses    References7. Advanced Code Evolution Techniques and Computer Virus Generator Kits.    Introduction    Evolution of Code    Encrypted Viruses    Oligomorphic Viruses    Polymorphic Viruses      The 1260 Virus      The Dark Avenger Mutation Engine (MtE)      32-Bit Polymorphic Viruses    Metamorphic Viruses      What Is a Metamorphic Virus?      Simple Metamorphic Viruses      More Complex Metamorphic Viruses and Permutation Techniques      Mutating Other Applications: The Ultimate Virus Generator?      Advanced Metamorphic Viruses: Zmist      {W32, Linux}/Simile: A Metamorphic Engine Across Systems      The Dark Future-MSIL Metamorphic Viruses    Virus Construction Kits      VCS (Virus Construction Set)      GenVir      VCL (Virus Creation Laboratory)      PS-MPC (Phalcon-Skism Mass-Produced Code Generator)      NGVCK (Next Generation Virus Creation Kit)      Other Kits and Mutators      How to Test a Virus Construction Tool?    References8. Classification According to Payload.    No-Payload    Accidentally Destructive Payload    Nondestructive Payload    Somewhat Destructive Payload    Highly Destructive Payload      Viruses That Overwrite Data      Data Diddlers      Viruses That Encrypt Data: The \"Good,\" the Bad, and the Ugly      Hardware Destroyers    DoS (Denial of Service) Attacks    Data Stealers: Making Money with Viruses      Phishing Attacks      Backdoor Features    Conclusion    References9. Strategies of Computer Worms.    Introduction    The Generic Structure of Computer Worms      Target Locator      Infection Propagator      Remote Control and Update Interface      Life-Cycle Manager      Payload      Self-Tracking    Target Locator      E-Mail Address Harvesting      Network Share Enumeration Attacks      Network Scanning and Target Fingerprinting    Infection Propagators      Attacking Backdoor-Compromised Systems      Peer-to-Peer Network Attacks      Instant Messaging Attacks      E-Mail Worm Attacks and Deception Techniques      E-Mail Attachment Inserters      SMTP Proxy-Based Attacks      SMTP Attacks      SMTP Propagation on Steroids Using MX Queries      NNTP (Network News Transfer Protocol) Attacks    Common Worm Code Transfer and Execution Techniques      Executable Code-Based Attacks      Links to Web Sites or Web Proxies      HTML-Based Mail      Remote Login-Based Attacks      Code Injection Attacks      Shell Code-Based Attacks    Update Strategies of Computer Worms      Authenticated Updates on the Web or Newsgroups      Backdoor-Based Updates    Remote Control via Signaling      Peer-to-Peer Network Control    Intentional and Accidental Interactions      Cooperation      Competition      The Future: A Simple Worm Communication Protocol?    Wireless Mobile Worms    References10. Exploits, Vulnerabilities, and Buffer Overflow Attacks.    Introduction      Definition of Blended Attack      The Threat    Background    Types of Vulnerabilities      Buffer Overflows      First-Generation Attacks      Second-Generation Attacks      Third-Generation Attacks    Current and Previous Threats      The Morris Internet Worm, 1988 (Stack Overflow to Run  - Shellcode)      Linux/ADM, 1998 (\"Copycatting\" the Morris Worm)      The CodeRed Outbreak, 2001 (The Code Injection Attack)      Linux/Slapper Worm, 2002 (A Heap Overflow Example)      W32/Slammer Worm, January 2003 (The Mini Worm)      Blaster Worm, August 2003 (Shellcode-Based Attack on Win32)      Generic Buffer Overflow Usage in Computer Viruses      Description of W32/Badtrans.B@mm      Exploits in W32/Nimda.A@mm      Description of W32/Bolzano      Description of VBS/Bubbleboy      Description of W32/Blebla    Summary    ReferencesII. STRATEGIES OF THE DEFENDER.11. Antivirus Defense Techniques.    First-Generation Scanners      String Scanning       Wildcards       Mismatches       Generic Detection       Hashing       Bookmarks       Top-and-Tail Scanning       Entry-Point and Fixed-Point Scanning       Hyperfast Disk Access     Second-Generation Scanners      Smart Scanning       Skeleton Detection       Nearly Exact Identification       Exact Identification     Algorithmic Scanning Methods      Filtering      Static Decryptor Detection      The X-RAY Method    Code Emulation      Encrypted and Polymorphic Virus Detection Using Emulation      Dynamic Decryptor Detection    Metamorphic Virus Detection Examples      Geometric Detection      Disassembling Techniques      Using Emulators for Tracing    Heuristic Analysis of 32-Bit Windows Viruses      Code Execution Starts in the Last Section      Suspicious Section Characteristics      Virtual Size Is Incorrect in PE Header      Possible \"Gap\" Between Sections      Suspicious Code Redirection      Suspicious Code Section Name      Possible Header Infection      Suspicious Imports from KERNEL32.DLL by Ordinal      Import Address Table Is Patched      Multiple PE Headers      Multiple Windows Headers and Suspicious KERNEL32.DLL Imports      Suspicious Relocations      Kernel Look-Up      Kernel Inconsistency      Loading a Section into the VMM Address Space      Incorrect Size of Code in Header      Examples of Suspicious Flag Combinations    Heuristic Analysis Using Neural Networks    Regular and Generic Disinfection Methods      Standard Disinfection      Generic Decryptors      How Does a Generic Disinfector Work?      How Can the Disinfector Be Sure That the File Is Infected?      Where Is the Original End of the Host File?      How Many Virus Types Can We Handle This Way?      Examples of Heuristics for Generic Repair      Generic Disinfection Examples    Inoculation    Access Control Systems    Integrity Checking      False Positives      Clean Initial State      Speed      Special Objects      Necessity of Changed Objects      Possible Solutions    Behavior Blocking    Sand-Boxing    Conclusion    References12. Memory Scanning and Disinfection.    Introduction    The Windows NT Virtual Memory System    Virtual Address Spaces    Memory Scanning in User Mode      The Secrets of NtQuerySystemInform-ation()      Common Processes and Special System Rights      Viruses in the Win32 Subsystem      Win32 Viruses That Allocate Private Pages      Native Windows NT Service Viruses       Win32 Viruses That Use a Hidden Window Procedure      Win32 Viruses That Are Part of the Executed Image Itself    Memory Scanning and Paging      Enumerating Processes and Scanning File Images    Memory Disinfection      Terminating a Particular Process That Contains Virus Code      Detecting and Terminating Virus Threads      Patching the Virus Code in the Active Pages      How to Disinfect Loaded DLLs and Running Applications    Memory Scanning in Kernel Mode      Scanning the User Address Space of Processes      Determining NT Service API Entry Points      Important NT Functions for Kernel-Mode Memory Scanning      Process Context      Scanning the Upper 2GB of Address Space      How Can You Deactivate a Filter Driver Virus?      Dealing with Read-Only Kernel Memory      Kernel-Mode Memory Scanning on 64-Bit Platforms    Possible Attacks Against Memory Scanning    Conclusion and Future Work    References13. Worm-Blocking Techniques and Host-Based Intrusion Prevention.    Introduction      Script Blocking and SMTP Worm Blocking      New Attacks to Block: CodeRed, Slammer    Techniques to Block Buffer Overflow Attacks      Code Reviews      Compiler-Level Solutions      Operating System-Level Solutions and Run-Time Extensions      Subsystem Extensions-Libsafe      Kernel Mode Extensions      Program Shepherding    Worm-Blocking Techniques      Injected Code Detection      Send Blocking: An Example of Blocking Self-Sending Code      Exception Handler Validation      Other Return-to-LIBC Attack Mitigation Techniques      \"GOT\" and \"IAT\" Page Attributes      High Number of Connections and Connection Errors    Possible Future Worm Attacks      A Possible Increase of Retroworms      \"Slow\" Worms Below the Radar      Polymorphic and Metamorphic Worms      Largescale Damage      Automated Exploit Discovery-Learning from the Environment    Conclusion    References14. Network-Level Defense Strategies.    Introduction    Using Router Access Lists    Firewall Protection    Network-Intrusion Detection Systems    Honeypot Systems    Counterattacks    Early Warning Systems    Worm Behavior Patterns on the Network      Capturing the Blaster Worm      Capturing the Linux/Slapper Worm      Capturing the W32/Sasser.D Worm      Capturing the Ping Requests of the W32/Welchia Worm      Detecting W32/Slammer and Related Exploits    Conclusion    References15. Malicious Code Analysis Techniques.    Your Personal Virus Analysis Laboratory      How to Get the Software?    Information, Information, Information      Architecture Guides      Knowledge Base    Dedicated Virus Analysis on VMWARE    The Process of Computer Virus Analysis      Preparation      Unpacking      Disassembling and Decryption      Dynamic Analysis Techniques    Maintaining a Malicious Code Collection    Automated Analysis: The Digital Immune System    References16. Conclusion.    Further Reading      Information on Security and Early Warnings      Security Updates      Computer Worm Outbreak Statistics      Computer Virus Research Papers      Contact Information for Antivirus Vendors      Antivirus Testers and Related SitesIndex.




نظرات کاربران