The Art of Mac Malware, Volume 2: Detecting Malicious SoftwareКНИГИ » ПРОГРАММИНГ
Название: The Art of Mac Malware, Volume 2: Detecting Malicious Software Автор: Patrick Wardle Издательство: No Starch Press Год: 2025 Страниц: 376 Язык: английский Формат: pdf, epub Размер: 11.4 MB
As renowned Mac security expert Patrick Wardle notes in The Art of Mac Malware, Volume 2, the substantial and growing number of Mac users, both personal and enterprise, has created a compelling incentive for malware authors to ever more frequently target macOS systems. The only effective way to counter these constantly evolving and increasingly sophisticated threats is through learning and applying robust heuristic-based detection techniques.
To that end, Wardle draws upon decades of experience to guide you through the programmatic implementation of such detection techniques. By exploring how to leverage macOS’s security-centric frameworks (both public and private), diving into key elements of behavioral-based detection, and highlighting relevant examples of real-life malware, Wardle teaches and underscores the efficacy of these powerful approaches.
This book focuses on heuristic-based approaches, which are the only way to combat the sophisticated and never-before-seen threats that are targeting macOS with increasing frequency. We’ll write code capable of detecting anomalies and then pinpoint software that has maliciously infiltrated a system. In the process, we’ll dive into the macOS operating system, touching on topics such as private frameworks, reverse engineering proprietary system components, and much more.
Of course, the heuristic-based detection approach has some downsides. While it should be able to pinpoint any malicious item on a system, it likely won’t be able to identify the specific malware strain. For example, it should notice an unauthorized program surreptitiously accessing the mic or webcam, but it won’t know whether the responsible process is the malware FruitFly. Is this a significant downside? I don’t believe so, as the malware responsible for the infection may be unknown anyway, and you can always deploy a signature-based detection engine to cover the known basics.
Another challenge is that heuristic-based detections can suffer from false positives. For example, malware authors often leverage executable packers to obfuscate their malicious creations, but so could legitimate software developers. Thus, no heuristic-based detection approach should focus on a single heuristic when attempting to classify an item as malicious. Instead, the detection should always look for multiple anomalous behaviors and leverage approaches that reduce false positives, such as code signing information, before flagging something as suspicious or likely malicious. If you have the luxury to do so, you could enlist a human to validate any flagged items.
At its core, this book describes how to write code to detect macOS malware. It’s broken into three parts.
Just as a doctor performs tests and collects data to make a diagnosis, so too must malware detectors. In Part I: Data Collection, we discuss programmatic methods of collecting the data snapshots essential for detecting symptoms of infections.
While Part I covers methods of obtaining snapshots of data, Part II: System Monitoring covers continuous approaches to monitoring a system for symptoms of an infection. For example, we’ll discuss frameworks and application programming interfaces (APIs) that allow us to monitor the system logs and create powerful file, process, and network monitors.
Part III: Tool Development delves into several of Objective-See’s most popular tools. Capable of generically detecting a wide range of macOS malware, these tools leverage many of the approaches covered in Parts I and II. Once you understand their design and internals, you’ll be well on the way to building your own malware detection tools.
Across 14 in-depth chapters, you’ll learn how to:
Capture critical snapshots of system state to reveal the subtle signs of infection Enumerate and analyze running processes to uncover evidence of malware Parse the macOS’s distribution and binary file formats to detect malicious anomalies Utilize code signing as an effective tool to identify malware and reduce false positives Write efficient code that harnesses the full potential of Apple’s public and private APIs Leverage Apple’s Endpoint Security and Network Extension frameworks to build real-time monitoring tools This comprehensive guide provides you with the knowledge to develop tools and techniques, and to neutralize threats before it’s too late.
Скачать The Art of Mac Malware, Volume 2: Detecting Malicious Software
Навигация
Вход на сайт
Реклама
The Art of Mac Malware, Volume 2: Detecting Malicious Software 
