Reddit Reddit reviews The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

We found 11 Reddit comments about The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
Computer Network Security
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Wiley
Check price on Amazon

11 Reddit comments about The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory:

u/icytrues · 19 pointsr/AskNetsec
  • The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)

    This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.

  • Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)

    While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.

    I'd also recommend having a look at the following books:

  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)

  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)

  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)


    Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.
u/Crash_Coredump · 6 pointsr/Malware

Some thoughts:

I've had people recommend the following books:

u/brokercx · 5 pointsr/hacking

Books:
1.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X
2.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098
3.nostarch.com/rootkits
Blogs/Forums:
1.0x00sec.org/
2./r/rootkit
3.rootkitanalytics.com/
4.turbochaos.blogspot.co.uk/?m=1
5./r/malware
6./r/reverseengineering
7.r00tkit.me/

u/LaMaPuppy · 4 pointsr/computerforensics

Aside from SANS FOR508 (the course on which the cert is based) the following helped me:

Windows Registry Forensics

Windows Forensic Analysis Toolkit 2nd ed

Windows Forensic Analysis Toolkit 4th ed

The 2nd edition covers XP, the 4th covers 7/8

Digital Forensics with Open Source Tools

File System Forensic Analysis

This is a new book, but I imagine it'll help as well:

The Art of Memory Forensics

I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.

There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.

u/ppartyka1 · 3 pointsr/hacking

Everyone seems to be pretty on point with their responses so I'll just throw some ideas out there that you can look into to maybe find a more exciting vector:

  • Track down a botnet command and control infrastructure
  • Reverse engineer programs with known 0 days to see if you can find said zero day
  • Look into memory forensics (http://www.amazon.com/The-Art-Memory-Forensics-Detecting/dp/1118825098)
  • Look into Red Teaming: There are positions out there that not only require you to "hack" an organization, but you have to be able to break into it physically as well
  • Write some malware that gets past VirusTotal (https://www.virustotal.com/)
  • If you are into puzzles check out the Defcon badge challenge

    Good luck!
u/eagle2120 · 2 pointsr/ITCareerQuestions

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


IR:

u/LinuxStreetFighter · 2 pointsr/netsecstudents

>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.

Why on earth would you pursue Sec+ and CISSP if you have experience in those things?

Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.

If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.

Practical Malware Analysis

The Art of Memory Forensics

Hacking

Shellcoder's Handbook


Malware Analyst's Cookbook

u/setMindBlown · 2 pointsr/sysadmin

If you're looking for practice you can use sysinternals notmyfault but you have to first configure the system to produce a complete memory dump. Another option is memoryze from Fireye (previously Mandiant) though it looks like it hasn't been updated in awhile. I also recommend picking up a copy of The Art of Memory Forensics. That should be enough to get your feet wet.

edit; I forgot to mention Lenny Zeltzer's cheat sheet's as well. While not specifically related to memory forensics there is a sheet covering just about every aspect of infosec from incident response, volatility, reverse engineering, assembly language, analysis report writing, and much much more.

u/blizz017 · 1 pointr/netsecstudents

You're going to have a real rough go at it;

That said; 508 is largely derived from the following two sources:

Brian Carrier's File System Forensics (This book is actually given out in the course)

&

The Art of Memory Forensics by MHL, Andrew Case, Jamie Levy, and AAron Walters

That'll get you ~75% the way there. But it's a lot of material to cover and retain without a reference source. I don't know if SANS has an official policy on what specifically you can take in with you during the test outside of your personal notes and their material.

Outside of those two books; get very familiar with The Sleuth Kit and timelining.

Honestly; this would be advice for someone taking the course just as much as it would be for someone not taking the course.