> Skip to content
  • Published: 8 October 2024
  • ISBN: 9781718503267
  • Imprint: No Starch
  • Format: Paperback
  • Pages: 488
  • RRP: $130.00

Evasive Malware

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats




Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

Get up to speed on state-of-the-art malware with this first-ever guide to analyzing malicious Windows software designed to actively avoid detection and forensic tools.

We’re all aware of Stuxnet, ShadowHammer, Sunburst, and similar attacks that use evasion to remain hidden while defending themselves from detection and analysis. Because advanced threats like these can adapt and, in some cases, self-destruct to evade detection, even the most seasoned investigators can use a little help with analysis now and then. Evasive Malware will introduce you to the evasion techniques used by today’s malicious software and show you how to defeat them.

Following a crash course on using static and dynamic code analysis to uncover malware’s true intentions, you’ll learn how malware weaponizes context awareness to detect and skirt virtual machines and sandboxes, plus the various tricks it uses to thwart analysis tools. You’ll explore the world of anti-reversing, from anti-disassembly methods and debugging interference to covert code execution and misdirection tactics. You’ll also delve into defense evasion, from process injection and rootkits to fileless malware. Finally, you’ll dissect encoding, encryption, and the complexities of malware obfuscators and packers to uncover the evil within.

You’ll learn how malware:

  • Abuses legitimate components of Windows, like the Windows API and LOLBins, to run undetected  
  • Uses environmental quirks and context awareness, like CPU timing and hypervisor enumeration, to detect attempts at analysis
  • Bypasses network and endpoint defenses using passive circumvention techniques, like obfuscation and mutation, and active techniques, like unhooking and tampering
  • Detects debuggers and circumvents dynamic and static code analysis

You’ll also find tips for building a malware analysis lab and tuning it to better counter anti-analysis techniques in malware. Whether you’re a frontline defender, a forensic analyst, a detection engineer, or a researcher, Evasive Malware will arm you with the knowledge and skills you need to outmaneuver the stealthiest of today’s cyber adversaries.
  • Published: 8 October 2024
  • ISBN: 9781718503267
  • Imprint: No Starch
  • Format: Paperback
  • Pages: 488
  • RRP: $130.00

Praise for Evasive Malware

"A friendly and up-to-date compendium of common techniques that malware can use to evade detection and make the analysis harder. Reading this book can help everyone who starts their adventure with malware analysis avoid a lot of confusion and quickly recognize the common evasion patterns they are dealing with."

—Aleksandra “Hasherezade” Doniec, malware analyst and open source developer; author of PE-sieve memory scanner

Evasive Malware delivers an in-depth exploration of malware evasion tactics. Beyond catering to seasoned analysts, the author extends a helping hand to beginners, briefly covering fundamental skills to ensure the material is accessible and relevant to all. With included file hashes for hands-on learning, it's a must-have for anyone who needs to identify, investigate, and analyze modern malware.”

—Anuj Soni, Malware Reverse Engineer; SANS Certified Instructor, author of SANS FOR710

"A complete compendium of countermeasures used by malware to avoid detection, useful to anyone implementing defensive technologies." 

—Ivan Kwiatkowski, Lead Threat Researcher at Harfang Lab

“Malware analysts looking to expand their reverse engineering skills will learn many practical techniques from this book, [along with] insightful explanations of common ways in which malware evades detection and confuses analysts. . . If you're looking to continue your journey through the world of malware analysis, you'll find many learning opportunities in this delightful and technical read!”

—Lenny Zeltser, Faculty Fellow, SANS Institute

penguin pop image
penguin pop image