Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Binary Analysis Cookbook
  • Toc
  • feedback
Binary Analysis Cookbook

Binary Analysis Cookbook

By : Born
5 (1)
close
Binary Analysis Cookbook

Binary Analysis Cookbook

5 (1)
By: Born

Overview of this book

Binary analysis is the process of examining a binary program to determine information security actions. It is a complex, constantly evolving, and challenging topic that crosses over into several domains of information technology and security. This binary analysis book is designed to help you get started with the basics, before gradually advancing to challenging topics. Using a recipe-based approach, this book guides you through building a lab of virtual machines and installing tools to analyze binaries effectively. You'll begin by learning about the IA32 and ELF32 as well as IA64 and ELF64 specifications. The book will then guide you in developing a methodology and exploring a variety of tools for Linux binary analysis. As you advance, you'll learn how to analyze malicious 32-bit and 64-bit binaries and identify vulnerabilities. You'll even examine obfuscation and anti-analysis techniques, analyze polymorphed malicious binaries, and get a high-level overview of dynamic taint analysis and binary instrumentation concepts. By the end of the book, you'll have gained comprehensive insights into binary analysis concepts and have developed the foundational skills to confidently delve into the realm of binary analysis.
Table of Contents (12 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
Setting Up the Lab
Setting Up the Lab
Installing VirtualBox on Windows
Installing VirtualBox on Mac
Installing VirtualBox on Ubuntu
Installing a 32-bit Ubuntu 16.04 LTS Desktop virtual machine
Installing a 64-bit Ubuntu 16.04 LTS Desktop virtual machine
Installing the dependencies and the tools
Installing the code examples
Installing the EDB Debugger
Taking a snapshot of the virtual machines
2
32-bit Assembly on Linux and the ELF Specification
32-bit Assembly on Linux and the ELF Specification
Technical requirements
Differences between Intel and AT&T syntax
Introduction to the IA-32 registers
Introducing common IA-32 instructions
Making IA-32 system calls on Linux
Introducing the ELF 32-bit specification
3
64-bit Assembly on Linux and the ELF Specification
64-bit Assembly on Linux and the ELF Specification
Technical requirements
Introducing the IA64 registers
Introducing common IA64 instructions
Making IA64 system calls on Linux
Introducing the ELF 64-bit specification
4
Creating a Binary Analysis Methodology
Creating a Binary Analysis Methodology
Technical requirements
Performing binary discovery
Information gathering
Static analysis
Dynamic analysis
Iterating each step
Automating methodology tasks
Adapting the methodology steps
5
Linux Tools for Binary Analysis
Linux Tools for Binary Analysis
Technical requirements
Using file
Using strings
Using readelf
Using nm
Using objcopy
Using objdump
Using ltrace and strace
Using data duplicator (dd)
Using the GNU Debugger (GDB)
Using Evan's Debugger (EDB)
6
Analyzing a Simple Bind Shell
Analyzing a Simple Bind Shell
Technical requirements
Performing discovery
Gathering information
Performing static analysis
Using ltrace and strace
Using GDB for dynamic analysis
Finishing dynamic analysis
7
Analyzing a Simple Reverse Shell
Analyzing a Simple Reverse Shell
Technical requirements
Automating the initial phases
Static analysis with objdump
Editing the binary
Using GDB TUI mode
Continuing with dynamic analysis
Analyzing the execve system call
8
Identifying Vulnerabilities
Identifying Vulnerabilities
Technical requirements
Automating the initial phases
Extended static analysis
Identifying hard coded credentials with ltrace
Identifying hard coded credentials with a debugger
Validating a stack-based buffer overflow
9
Understanding Anti-Analysis Techniques
Understanding Anti-Analysis Techniques
Technical requirements
Understanding signature detection
Changing a binary's signature
Confusing static analysis tools
Encoding and decoding
10
A Simple Reverse Shell With Polymorphism
chevron up
A Simple Reverse Shell With Polymorphism
Technical requirements
Automating the initial phases
Performing static analysis
Using EDB for dynamic analysis
Analyzing deobfuscation loops
Wrapping up dynamic analysis
11
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Automating the initial phases

As we dive into this recipe, we'll rely on our automation script to provide a quick way to run the tools we need and to organize each tool's output for analysis. We may not notice a lot of difference when analyzing this polymorphed version of the reverse shell binary from previous recipes, but as we work our way into static analysis and dynamic analysis, the differences will become clear. We'll also examine some of the challenges malware authors or exploit authors face when employing polymorphism in their scripts.

For this recipe, we'll modify our automation Bash script again and then we will run it against our polymorphed reverse shell binary. We will review the output associated with the information gathering phase of our methodology, comparing it to the non-polymorphed version to see whether we notice any differences.

...
End of Section 3
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete