Table of Contents

Introduction

Part I: The Fundamentals
Chapter 1: Windows Foundational Concepts
Chapter 2: A Crash Course in Malware Triage and Behavioral Analysis
Chapter 3: A Crash Course in Static and Dynamic Code Analysis

Part II: Context Awareness and Sandbox Evasion
Chapter 4: Enumerating Operating System Artifacts
Chapter 5: User Environment and Interaction Detection
Chapter 6: Enumerating Hardware and Network Configurations
Chapter 7: Runtime Environment and Virtual Processor Anomalies
Chapter 8: Evading Sandboxes and Disrupting Analysis

Part III: Anti-reversing
Chapter 9: Anti-disassembly
Chapter 10: Anti-debugging
Chapter 11: Covert Code Execution and Misdirection

Part IV: Defense Evasion
Chapter 12: Process Injection, Manipulation, and Hooking
Chapter 13: Evading Network and Endpoint Defenses
Chapter 14: An Introduction to Rootkits
Chapter 15: Fileless Malware and Anti-forensics

Part V: Other Topics
Chapter 16: Encoding and Encryption
Chapter 17: Packers and Unpacking Malware
Chapter 18: Tips for Building an Anti-evasion Analysis Lab

Appendix A: Evasion-Related Windows API Functions
Appendix B: Windows LOLbins and Example Usage
Appendix C: Further Reading

About the Author

Kyle Cucci has been hooked on computers since building a PC and buying a C++ book as a teenager. He has over 17 years of diverse experience in cyber- security and IT, and he is currently part of Proofpoint's Threat Research team, with a day-to-day focus on hunting and reverse-engineering malware. Previously, Kyle led the malware research and forensic investigations team at a large global financial institution. Throughout his career, Kyle's threat intelligence contributions and research have been featured in government intelligence reports and security tools and products. Kyle regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling and blogging, spending quiet time with his family, and brewing acceptably drinkable beer.