Network Virtualisation: Virtualising Network Traffic in Windows XP for Dynamic Malware Analysis - Tapa blanda

Petritsch, Helmut

 
9783836469197: Network Virtualisation: Virtualising Network Traffic in Windows XP for Dynamic Malware Analysis
Tapa blanda
ISBN 10: 3836469197 ISBN 13: 9783836469197
Editorial: VDM Verlag Dr. Müller, 2008

Sinopsis

Could dynamic Malware analysis be more dynamic by assigning network calls an injected result, defined by the analysis process? Yes, but only if the network access was completely virtualised. This book explains how this virtualisation could be achieved. It starts with an instruction of dynamic Malware analysis and the usage of sockets in the Windows operating system. By using Qemu and TTAnalyze (a tool for dynamic Malware analysis), it describes how network access could be virtualised, so that system calls relating to sockets (and therefore accessing the network) are intercepted at the system call gate, then manipulated and imitated for a dynamic analysis. The book also defines the most important synchronisation techniques of multi-threaded applications for their (network) activities. The reader will gain a thorough understanding, of how high level functions of the Winsock library are executed with the aim of system calls.

"Sinopsis" puede pertenecer a otra edición de este libro.

Reseña del editor

Could dynamic Malware analysis be more dynamic by assigning net­work calls an injected result, defined by the analysis process? Yes, but only if the network access was completely virtualised. This book explains how this virtualisation could be achieved. It starts with an instruction of dynamic Malware analysis and the usage of sockets in the Windows operating system. By using Qemu and TTAnalyze (a tool for dynamic Malware analysis), it describes how network access could be virtualised, so that system calls relating to sockets (and therefore accessing the network) are intercepted at the system call gate, then manipulated and imitated for a dynamic analysis. The book also defines the most important synchronisation techniques of multi-threaded applications for their (network) acti­vities. The reader will gain a thorough understanding, of how high level functions of the Winsock library are executed with the aim of system calls.

Biografía del autor

was born in 1981 in Vienna. After being educated as interior Designer he studied information economics at the Vienna University of Technology. During this period, he grew significantly more interested in more technical aspects of informatics, especially security. He completed his studies with the work covered in this book.

"Sobre este título" puede pertenecer a otra edición de este libro.

Editorial
VDM Verlag Dr. Müller
Año de publicación
2008
Idioma
Inglés
ISBN 10 
3836469197
ISBN 13 
9783836469197
Encuadernación
Tapa blanda
Número de páginas
92
Contacto del fabricante
no disponible
Persona responsable
Buchpark GmbH
gpsr@buchpark.de

Krügerweg 1
Trebbin
Brandenburg
14959
Alemania