Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Binary Analysis Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Binary Analysis Cookbook

Binary Analysis Cookbook

By : Born
5 (1)
Buy this Book
close
close
Binary Analysis Cookbook

Binary Analysis Cookbook

5 (1)
By: Born
Buy this Book

Overview of this book

Binary analysis is the process of examining a binary program to determine information security actions. It is a complex, constantly evolving, and challenging topic that crosses over into several domains of information technology and security. This binary analysis book is designed to help you get started with the basics, before gradually advancing to challenging topics. Using a recipe-based approach, this book guides you through building a lab of virtual machines and installing tools to analyze binaries effectively. You'll begin by learning about the IA32 and ELF32 as well as IA64 and ELF64 specifications. The book will then guide you in developing a methodology and exploring a variety of tools for Linux binary analysis. As you advance, you'll learn how to analyze malicious 32-bit and 64-bit binaries and identify vulnerabilities. You'll even examine obfuscation and anti-analysis techniques, analyze polymorphed malicious binaries, and get a high-level overview of dynamic taint analysis and binary instrumentation concepts. By the end of the book, you'll have gained comprehensive insights into binary analysis concepts and have developed the foundational skills to confidently delve into the realm of binary analysis.
Table of Contents (12 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
Setting Up the Lab
Setting Up the Lab
Installing VirtualBox on Windows
Installing VirtualBox on Mac
Installing VirtualBox on Ubuntu
Installing a 32-bit Ubuntu 16.04 LTS Desktop virtual machine
Installing a 64-bit Ubuntu 16.04 LTS Desktop virtual machine
Installing the dependencies and the tools
Installing the code examples
Installing the EDB Debugger
Taking a snapshot of the virtual machines
2
32-bit Assembly on Linux and the ELF Specification
32-bit Assembly on Linux and the ELF Specification
Technical requirements
Differences between Intel and AT&T syntax
Introduction to the IA-32 registers
Introducing common IA-32 instructions
Making IA-32 system calls on Linux
Introducing the ELF 32-bit specification
3
64-bit Assembly on Linux and the ELF Specification
64-bit Assembly on Linux and the ELF Specification
Technical requirements
Introducing the IA64 registers
Introducing common IA64 instructions
Making IA64 system calls on Linux
Introducing the ELF 64-bit specification
4
Creating a Binary Analysis Methodology
Creating a Binary Analysis Methodology
Technical requirements
Performing binary discovery
Information gathering
Static analysis
Dynamic analysis
Iterating each step
Automating methodology tasks
Adapting the methodology steps
5
Linux Tools for Binary Analysis
Linux Tools for Binary Analysis
Technical requirements
Using file
Using strings
Using readelf
Using nm
Using objcopy
Using objdump
Using ltrace and strace
Using data duplicator (dd)
Using the GNU Debugger (GDB)
Using Evan's Debugger (EDB)
6
Analyzing a Simple Bind Shell
Analyzing a Simple Bind Shell
Technical requirements
Performing discovery
Gathering information
Performing static analysis
Using ltrace and strace
Using GDB for dynamic analysis
Finishing dynamic analysis
7
Analyzing a Simple Reverse Shell
Analyzing a Simple Reverse Shell
Technical requirements
Automating the initial phases
Static analysis with objdump
Editing the binary
Using GDB TUI mode
Continuing with dynamic analysis
Analyzing the execve system call
8
Identifying Vulnerabilities
chevron up
Identifying Vulnerabilities
Technical requirements
Automating the initial phases
Extended static analysis
Identifying hard coded credentials with ltrace
Identifying hard coded credentials with a debugger
Validating a stack-based buffer overflow
9
Understanding Anti-Analysis Techniques
Understanding Anti-Analysis Techniques
Technical requirements
Understanding signature detection
Changing a binary's signature
Confusing static analysis tools
Encoding and decoding
10
A Simple Reverse Shell With Polymorphism
A Simple Reverse Shell With Polymorphism
Technical requirements
Automating the initial phases
Performing static analysis
Using EDB for dynamic analysis
Analyzing deobfuscation loops
Wrapping up dynamic analysis
11
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Automating the initial phases

When we discussed the binary analysis methodology back in Chapter 4, Creating a Binary Analysis Methodology, I mentioned there are situations where it is acceptable to alter the methodology as needed. This is one such case. We can completely avoid the discovery phase since we are analyzing this binary for vulnerabilities as opposed to identifying malicious functionality, and most of the time, your organization's developers will communicate where to find the compiled binary for analysis. We're also going to need to alter our Bash script slightly to accommodate a binary written in C, specifically for the beginning of the static analysis phase.

Since we can automate the use of some of the tools and their arguments, let's do so in an effort to save ourselves a bit of time. We'll still have to manually review the output, but that&apos...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 3
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY