What do you think?
Rate this book
Cuckoo Malware Analysis
-Learn how to analyze malware in a straightforward way with minimum technical skills
-Understand the risk of the rise of document-based malware
-Enhance your malware analysis concepts through illustrations, tips and tricks, step-by-step instructions, and practical real-world scenarios
-Understand the risk of the rise of document-based malware
-Enhance your malware analysis concepts through illustrations, tips and tricks, step-by-step instructions, and practical real-world scenarios
136 pages, Paperback
First published January 1, 2013
2 people are currently reading
21 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
February 7, 2014
Malware analysis is a new thing for me. And this book has helped me a lot to study the basic. This book consists of 5 chapters, starts from basic of malware analysis and sandboxing to advanced features of Cuckoo. At first, it told about what malware analysis is, how we conduct the analysis without affecting our production network, usage of sandbox, introduction to Cuckoo Sandbox, and how to install Cuckoo in our computer.
The first chapter was the most interesting part for me. Because main thing to be understood is right there. I knew what sandboxing is, what the connection between Cuckoo and sandboxing. After you read the first chapter, you'll understand what to do next. Before reading this book, I thought that Cuckoo is some kind of honeypot. But after I had read briefly explanation about Cuckoo, I knew that Cuckoo is a sandboxing tool. A tool that allows you run malwares inside virtual machine (VirtualBox/VMWare) and then analyze malware's behaviour. You can see what malwares do, every files that were dropped on your machine, which part of registry that was changed, and another information. Another point that made me like reading this book is it explained whatever we have to do in order to protect our computer from being affected by the malwares ran by Cuckoo.
This book is a technical book. So you will find many information which are very technical. I suggest that you have mastered/experienced with Linux, since most command in this book are Linux command. If you are familiar with Linux, you won't get any problem reading this book. Though there are some typography mistakes in the first and second chapter.
Second chapter of this book will tell you about how to submit malware samples to your VM using Cuckoo. Not only executable malware files, but you can submit malicious doc files or malicious URL as well. You'll know how to understand Cuckoo's report after that. And in the last subchapter, it'll tell you about memory forensics feature in Cuckoo, which is not enabled by default due to harddisk space requirement. As this book said, memory forensics is a feature in Cuckoo that enables you to analyze content of the main memory during malware execution.
The last three chapter of this book mostly talk about advance features of Cuckoo, such as analyzing APT (Advanced Persistent Threat), modifying the report, hardening the sandbox, and automatically checking your email attachment. From all of the advanced features, for me, the most important is hardening the sandbox. This book talked about how to prevent our virtual machines from being detected by malwares. Since some malwares won't be running if they know that they run inside a virtual machines.
As I said earlier too, this book is a technical book. The last three chapter of this book are getting more technical than the others. You'll see many linux command and source code inside. For theoritical person, I think this book isn't for you. Because this book didn't cover much about whatever Cuckoo does behind the scene. But if you are a technical person that need a quick start guide to malware analysis, this book is very recommended
The first chapter was the most interesting part for me. Because main thing to be understood is right there. I knew what sandboxing is, what the connection between Cuckoo and sandboxing. After you read the first chapter, you'll understand what to do next. Before reading this book, I thought that Cuckoo is some kind of honeypot. But after I had read briefly explanation about Cuckoo, I knew that Cuckoo is a sandboxing tool. A tool that allows you run malwares inside virtual machine (VirtualBox/VMWare) and then analyze malware's behaviour. You can see what malwares do, every files that were dropped on your machine, which part of registry that was changed, and another information. Another point that made me like reading this book is it explained whatever we have to do in order to protect our computer from being affected by the malwares ran by Cuckoo.
This book is a technical book. So you will find many information which are very technical. I suggest that you have mastered/experienced with Linux, since most command in this book are Linux command. If you are familiar with Linux, you won't get any problem reading this book. Though there are some typography mistakes in the first and second chapter.
Second chapter of this book will tell you about how to submit malware samples to your VM using Cuckoo. Not only executable malware files, but you can submit malicious doc files or malicious URL as well. You'll know how to understand Cuckoo's report after that. And in the last subchapter, it'll tell you about memory forensics feature in Cuckoo, which is not enabled by default due to harddisk space requirement. As this book said, memory forensics is a feature in Cuckoo that enables you to analyze content of the main memory during malware execution.
The last three chapter of this book mostly talk about advance features of Cuckoo, such as analyzing APT (Advanced Persistent Threat), modifying the report, hardening the sandbox, and automatically checking your email attachment. From all of the advanced features, for me, the most important is hardening the sandbox. This book talked about how to prevent our virtual machines from being detected by malwares. Since some malwares won't be running if they know that they run inside a virtual machines.
As I said earlier too, this book is a technical book. The last three chapter of this book are getting more technical than the others. You'll see many linux command and source code inside. For theoritical person, I think this book isn't for you. Because this book didn't cover much about whatever Cuckoo does behind the scene. But if you are a technical person that need a quick start guide to malware analysis, this book is very recommended
February 20, 2014
Malware is modern nightmare for any government, enterprises and even private users. No wonder a lot of resources are drained to fight it. Luckily, for budget minded there are Open Source offerings. One of the standing out of the crowd is Cuckoo, written by a Google intern in Python, it constitutes a complete platform for an efficient fight against malware and has an array of enhanced features to offer as impact analysis, reporting to monitoring authorities and issue remediation.
This Packtbook is probably the only offering currently on the market that covers all the intricacies from installing and configuring Cuckoo to extending its capabilities and improving its efficiency further.
The book does not require any programming knowledge nor any special or advanced IT skills, however the author uses an Ubuntu Linux and Oracle VirtualBox (both are extremely popular lately). The book remarkably dedicates a lot of time though setting the whole system up, and this is for a reason - malware analysis requires a special approach, persistence and dedication.
The book covers analysis of various malware types and how to attest each, plus involves secondary open source tools, so be prepared to have plenty of hard drive space and enough CPU power.
Despite I did not follow all of the examples it seems that a person on a project would be more than capable to aquatint results with the product in a few days, so if your organization is starting to embrace on a major malware analysis project than look no further than getting this book.I need to state some images appear too small to be read (as most of the report pages) even on a large screen monitor in a PDF.
Some day I am sure will revisit this excellent book and dedicate more time to experimenting with this remarkable, unique software, I was full of excitement and had lots of fun reading this book, hope you will, too.
I am giving this book a 5 out of 5 rating, but I must admit the book is targeting newcomers to the malware fight front using Cuckoo.
This Packtbook is probably the only offering currently on the market that covers all the intricacies from installing and configuring Cuckoo to extending its capabilities and improving its efficiency further.
The book does not require any programming knowledge nor any special or advanced IT skills, however the author uses an Ubuntu Linux and Oracle VirtualBox (both are extremely popular lately). The book remarkably dedicates a lot of time though setting the whole system up, and this is for a reason - malware analysis requires a special approach, persistence and dedication.
The book covers analysis of various malware types and how to attest each, plus involves secondary open source tools, so be prepared to have plenty of hard drive space and enough CPU power.
Despite I did not follow all of the examples it seems that a person on a project would be more than capable to aquatint results with the product in a few days, so if your organization is starting to embrace on a major malware analysis project than look no further than getting this book.I need to state some images appear too small to be read (as most of the report pages) even on a large screen monitor in a PDF.
Some day I am sure will revisit this excellent book and dedicate more time to experimenting with this remarkable, unique software, I was full of excitement and had lots of fun reading this book, hope you will, too.
I am giving this book a 5 out of 5 rating, but I must admit the book is targeting newcomers to the malware fight front using Cuckoo.
Displaying 1 - 2 of 2 reviews