I had the opportunity to review and conduct some interesting hands-on examples from Packt Publishing’s “Cuckoo Malware Analysis” by Digit Oktavianto and Iqbal Muhardianto. This book was divided into five intuitive chapters consisting of:
- Chapter 1: Getting Started with Automated Malware Analysis
using Cuckoo Sandbox
- Chapter 2: Using Cuckoo Sandbox to Analyze a Sample Malware
- Chapter 3: Analyzing the Output of Cuckoo Sandbox
- Chapter 4: Reporting with Cuckoo Sandbox
- Chapter 5: Tips and Tricks for Cuckoo Sandbox
In chapter one, titled “Getting Started with Automated Malware Analysis
using Cuckoo Sandbox” provided information pertaining to malware analysis methodologies, basic theory in Sandboxing and detailed information on installing the Cuckoo Sandbox framework. The process was not easy, but if directions are followed precisely, then outcome should be favorable. In chapter two “Using Cuckoo Sandbox to Analyze a Sample Malware”, the authors discussed the process of starting Cuckoo as well as submitting various malware samples such as MS Word, MS Excel and PDF documents. In addition, examples to submitting malicious URL, binary files and conducting memory forensics were also demonstrated.
Chapter three “Analyzing the Output of Cuckoo Sandbox” and Chapter four “Reporting with Cuckoo Sandbox”, covered using the processing module and analyzing an APT attack. In addition, the process to creating a built-in reports and exporting data report analysis from Cuckoo to another format were covered.
The last chapter, “Tips and Tricks for Cuckoo Sandbox” pertained informative information about hardening Cuckoo Sandbox against VM detection and other interesting tips I was not to concerned about as a novice in the craft of malware analysis.
Overall, I thought the book was well written as a hybrid tool to learning the process of conducting malware analysis. Chapter one, provided the necessary foundation about malware analysis, while the remaining chapter provided detailed instructions to installing, conducting and reporting malware analysis.
I found this text to be very useful and beneficial for anyone task in conducting the process of malware analysis. In addition, I this text would also provide valuable value in academia as a supplemental text or lab manual.
You can get additional information as well as purchase the book at Packt Publishing website here.