Learning Linux Binary Analysis

Learning Linux Binary Analysis

Authors: Ryan “elfmaster” O’NeillISBN-10: 1782167102ISBN-13: 9781782167105Released: 2016-02-29Pages: 282 4.99

Book Description

Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format,and the methods used by hackers and security analysts for virus analysis,binary patching,software protection and more.
This book will start by taking you through UNIX/Linux object utilities,and will move on to teaching you all about the ELF specimen. You will learn about process tracing,and will explore the different types of Linux and UNIX viruses,and how you can make use of ELF Virus Technology to deal with them.
The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking,code patching,and debugging. You will discover how to detect and disinfect kernel-mode rootkits,and move on to analyze static code. Finally,you will be walked through complex userspace memory infection analysis.
This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker.
Contents
1: THE LINUX ENVIRONMENT AND ITS TOOLS
2: THE ELF BINARY FORMAT
3: LINUX PROCESS TRACING
4: ELF VIRUS TECHNOLOGY – LINUX/UNIX VIRUSES
5: LINUX BINARY PROTECTION
6: ELF BINARY FORENSICS IN LINUX
7: PROCESS MEMORY FORENSICS
8: ECFS – EXTENDED CORE FILE SNAPSHOT TECHNOLOGY
9: LINUX /PROC/KCORE ANALYSIS
What You Will Learn
Explore the internal workings of the ELF binary format
Discover techniques for UNIX Virus infection and analysis
Work with binary hardening and software anti-tamper methods
Patch executables and process memory
Bypass anti-debugging measures used in malware
Perform advanced forensic analysis of binaries
Design ELF-related tools in the C language
Learn to operate on memory with ptrace
Authors
Ryan “elfmaster” O’Neill
Ryan “elfmaster” O’Neill is a computer security researcher and software engineer with a background in reverse engineering,software exploitation,security defense,and forensics technologies. He grew up in the computer hacker subculture,the world of EFnet,BBS systems,and remote buffer overflows on systems with an executable stack. He was introduced to system security,exploitation,and virus writing at a young age. His great passion for computer hacking has evolved into a love for software development and professional security research. Ryan has spoken at various computer security conferences,including DEFCON and RuxCon,and also conducts a 2-day ELF binary hacking workshop.
He has an extremely fulfilling career and has worked at great companies such as Pikewerks,Leviathan Security Group,and more recently Backtrace as a software engineer.
Ryan has not published any other books,but he is well known for some of his papers published in online journals such as Phrack and VXHeaven. Many of his other publications can be found on his website at http://www.bitlackeys.org.