Follow by Email

Search This Blog

Malware Analysis Books

some specific recommendations books on Malware Analysis
Share it:
Malware Analysis Books
Malware Analysis Books

There are a bunch of books on Malware Analysis and over the last couple of years, the number of available options has increased a lot. A quick search on Amazon might show some of the available options that you can start with, and you ‘ll have also a lot of options for learning Assembly, Network Detection and many other tools used for this.
If you’re looking for some specific recommendations check this list:

Practical Malware Analysis:
Practical Malware Analysis
 It’s a step by step guide with a hands-on approach to learning about the most common techniques applied by an analyst to dissect malware, with plenty of exercises and light reading that will lead you to a lot of content.
 It will cover mostly Windows malware, it’s a really good place to start if you have no experience or want to refresh some of the knowledge.
You'll learn how to:
  • Set up a safe virtual environment to analyze malware
  • Quickly extract network signatures and host-based indicators
  • Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
  • Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
  • Use your newfound knowledge of Windows internals for malware analysis
  • Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
  • Analyze special cases of malware with shellcode, C++, and 64-bit code

Malware Analyst’s Cookbook:
Malware Analyst’s Cookbook
 The book teaches a lot of stuff, from finding botnet fast-flux networks, analysing malicious javascript, shellcode and PDFs, setting up your own automated lab to provide details reports on your samples, setting up honeypots to capture the malware as well as analysing files, memory and other things to analyse an infection. This book will get you ready to deal with real-world threats for years to come.

Windows Malware Analysis Essentials:
This Book starts out with well written introductory chapters to catch people back upon the knowledge they need in order to properly grasp later concepts, Concepts such as a basic understanding of bits and x86 assembly that are not otherwise easily grasped. This book also contains a plethora of information on malware structure, basic tooling used to understand malware, and is often written in a playful and enjoyable manner that assists in making the content a pleasure to read. I know it says "Windows" in the title, but many of the topics covered and tooling carries over to other platforms as well.
What You Will Learn
  • Use the positional number system for a clear conception of Boolean algebra, that applies to malware research purposes
  • Get introduced to static and dynamic analysis methodologies and build your own malware lab
  • Analyse destructive malware samples from the real world (ITW) from fingerprinting and static/dynamic analysis to the final debrief
  • Understand different modes of linking and how to compile your own libraries from assembly code and integrate the codein your final program
  • Get to know about the various emulators, debuggers and their features, and sandboxes and set them up effectively depending on the required scenario
  • Deal with other malware vectors such as pdf and MS-Office based malware as well as scripts and shellcode
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Practical Reverse Engineering
This book does a good job of teaching. It's not just another reference book. A lot of technical books just blast facts at you, and sure you might learn a lot but you don't know how the author learned those things himself. This book takes more of a teaching approach: You learn how the authors learned things.

This book is fairly small for a technical book at only 340 pages, but it is very dense. Every sentence is important.
This will teach you assembly, then teach you how it relates to C, how to go back and forth between the two, and how it all works with the Windows kernel.

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 
The Art of Memory Forensics

AMF is a volume of stuff you just have to know, or at least you have to know where to find it. The book is an essential reference, reasonably complete and well written.
Discover memory forensics techniques:
  • How volatile memory analysis improves digital investigations
  • Proper investigative steps for detecting stealth malware and advanced threats
  • How to use free, open source tools for conducting thorough memory forensics
  • Ways to acquire memory from suspect systems in a forensically sound manner

Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides
Malware Forensics Field Guide for Windows Systems

This is a must have forensics guide. It contains a lot of useful tips and checklists. But it is not only a big checklist, it will guide you and states clearly what steps you need to follow and it is understandable why you need to do it. Also contains a lot of examples of how you can use a whole list of programs (free or commercial).

This field guide is intended for computer forensic investigators, analysts, and specialists.
  • A condensed hand-held guide complete with on-the-job tasks and checklists
  • Specific for Windows-based systems, the largest running OS in the world
  • Authors are world-renowned leaders in investigating and analyzing malicious code
Share it:
This is the most recent post.
Older Post


Post A Comment: