Malware Analysis
Before starting with malware analysis, it is necessary to have a solid grasp of Assembly and C/C++. I provided some recommendations in my coding resources page on how to learn them.
After mastering them, one can start analyzing malware with the following:
Books
- Practical Malware Analysis: While slightly dated, it is one of the best introductions to the topic. The hardest part is finding Windows XP licenses and older program versions for the virtual machine. To help get started with the search: older system utilities such as
stringscan be found here and OllyDbg can be found here. If you’re having trouble finding a Windows XP license or an older program version, reach out to me and I’ll do my best to help.
- Malware Analyst’s Cookbook, First Edition
- Practical Binary Analysis
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, First Edition
For the more experienced:
- The Art of Memory Forensics
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition
Those regarding reversing tools:
- The Ghidra Book: A Definitive Guide
- The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World’s Most Popular Disassembler, Second Edition
Websites
Tutorials and training:
- Free Ghidra Courses: They cover all skill levels, from beginners to the more advanced
- MalwareUnicorn’s Reversing Tutorials
- Android App Reverse Engineering Tutorial
- Open Security Training: They have free courses on various security topics, including reversing
- Dr. Fu’s Malware Analysis Tutorials
- Intro to Firmware Analysis
Analysis blogs and walkthroughs:
Advice on getting started:
- Hasherezade - How to start RE/malware analysis?: a detailed overview for beginners
- How I Passed the GIAC GREM Exam Without Taking the Course
- The Road To Reverse Engineering Malware
Tools
- Ghidra Bridge: Facilicates Ghidra plugin development in Python
Comments