Posted by baskoro
It’s been a long time since my last post in this blog. Now I’m here to write new post about a book titled Cuckoo Malware Analysis – Analyze Malware using Cuckoo Sandbox. This book is written by Digit Oktavianto and Iqbal Muhardianto which are computer security expert, especially in malware analysis area. Fortunately, I need some information about how to do malware analysis.
Malware analysis is a new thing for me. And this book has helped me a lot to study the basic. This book consists of 5 chapters, starts from basic of malware analysis and sandboxing to advanced features of Cuckoo. At first, it told about what malware analysis is, how we conduct the analysis without affecting our production network, usage of sandbox, introduction to Cuckoo Sandbox, and how to install Cuckoo in our computer.
The first chapter was the most interesting part for me. Because main thing to be understood is right there. I knew what sandboxing is, what the connection between Cuckoo and sandboxing. After you read the first chapter, you’ll understand what to do next. Before reading this book, I thought that Cuckoo is some kind of honeypot. But after I had read briefly explanation about Cuckoo, I knew that Cuckoo is a sandboxing tool. A tool that allows you run malwares inside virtual machine (VirtualBox/VMWare) and then analyze malware’s behaviour. You can see what malwares do, every files that were dropped on your machine, which part of registry that was changed, and another information. Another point that made me like reading this book is it explained whatever we have to do in order to protect our computer from being affected by the malwares ran by Cuckoo.
This book is a technical book. So you will find many information which are very technical. I suggest that you have mastered/experienced with Linux, since most command in this book are Linux command. If you are familiar with Linux, you won’t get any problem reading this book. Though there are some typography mistakes in the first and second chapter.
Second chapter of this book will tell you about how to submit malware samples to your VM using Cuckoo. Not only executable malware files, but you can submit malicious doc files or malicious URL as well. You’ll know how to understand Cuckoo’s report after that. And in the last subchapter, it’ll tell you about memory forensics feature in Cuckoo, which is not enabled by default due to harddisk space requirement. As this book said, memory forensics is a feature in Cuckoo that enables you to analyze content of the main memory during malware execution.
The last three chapter of this book mostly talk about advance features of Cuckoo, such as analyzing APT (Advanced Persistent Threat), modifying the report, hardening the sandbox, and automatically checking your email attachment. From all of the advanced features, for me, the most important is hardening the sandbox. This book talked about how to prevent our virtual machines from being detected by malwares. Since some malwares won’t be running if they know that they run inside a virtual machines.
As I said earlier too, this book is a technical book. The last three chapter of this book are getting more technical than the others. You’ll see many linux command and source code inside. For theoritical person, I think this book isn’t for you. Because this book didn’t cover much about whatever Cuckoo does behind the scene. But if you are a technical person that need a quick start guide to malware analysis, this book is very recommended.
That’s all the review of this book, feel free to leave any comments if you have anything to be discussed. And if you’re interested, you can buy the ebook at Packt Publishing (http://goo.gl/ifjCky)
Maybe you like this post too :