Dive into the fascinating and terrifying world of evasive malware - malicious software designed to avoid detection. The first of its kind, this thorough introduction is full of practical information, real-world examples, and cutting-edge techniques for discovering, reverse-engineering, and analysing state-of-the-art malware. Beginning with foundational knowledge about malware analysis in the context of the Windows OS, you'll learn about the evasive manoeuvres that malware programs use to determine whether they're being analysed and the tricks they employ to avoid detection. You'll explore the ways malware circumvents security controls, such as network or endpoint defence bypasses, anti-forensics techniques, and malware that deploys data and code obfuscation. At the end of the book, you'll build your very own anti-evasion analysis lab. You'll learn: Modern evasive malware threats, anti-analysis techniques used in malware, how malware bypasses and circumvents security controls, how malware uses victim targeting and profiling techniques, how malware uses anti-forensics and file-less techniques, how to perform malware analysis and reverse engineering on evasive programs.

"A complete compendium of countermeasures used by malware to avoid detection, useful to anyone implementing defensive technologies."
—Ivan Kwiatkowski, Lead Threat Researcher at Harfang Lab

“Evasive Malware delivers an in-depth exploration of malware evasion tactics. Beyond catering to seasoned analysts, the author extends a helping hand to beginners, briefly covering fundamental skills to ensure the material is accessible and relevant to all. With included file hashes for hands-on learning, it's a must-have for anyone who needs to identify, investigate, and analyze modern malware.”
—Anuj Soni, Malware Reverse Engineer; SANS Certified Instructor, author of SANS FOR710

"A friendly and up-to-date compendium of common techniques that malware can use to evade detection and make the analysis harder. Reading this book can help everyone who starts their adventure with malware analysis avoid a lot of confusion, and quickly recognize the common evasion patterns they are dealing with."
—Aleksandra “Hasherezade” Doniec, malware analyst and open source developer; author of PE-sieve memory scanner

“Malware analysts looking to expand their reverse engineering skills will learn many practical techniques from this book, [along with] insightful explanations of common ways in which malware evades detection and confuses analysts. . . If you're looking to continue your journey through the world of malware analysis, you'll find many learning opportunities in this delightful and technical read!”
—Lenny Zeltser, Faculty Fellow, SANS Institute

Kyle Cucci has over 17 years in cybersecurity and IT, including roles as a malware analyst and detection engineer with Proofpoint’s Threat Research team and leader of the forensic investigations and malware research teams at Deutsche Bank. Cucci regularly speaks at security conferences and has led international trainings and workshops on topics such as malware analysis and security engineering. In his free time, Cucci enjoys contributing to the community via open source tooling, research, and blogging.