Sunbelt Software posted a blog today about books related to malware analysis, which reminded me that I also wanted to do something similar. Unfortunately, due to competition issues, some publishers don’t allow authors to cite other publishers’ books. Thus, although I really wanted to cite some of my favorite books in Malware Analyst’s Cookbook, we weren’t permitted to do so. Instead, I’ll list them here. The following is a list of resources that I find to be either required or extremely useful for malware analysis.
- Assembly Language for Intel-Based Computers by Kip R. Irvine. A good reference book for learning about the CPU, registers, and assembly language.
- The IDA Pro Book by Chris Eagle. A guide to using IDA Pro and learning how to perform static analysis.
- Gray Hat Python by Justin Seitz. Learn how to use Python for various debugging, hooking, and fuzzing tasks.
- Secrets of Reverse Engineering by Eldad Eilam. A nice summary of many reversing techniques and tools.
- Malware: Fighting Malicious Code by Ed Skoudis and Lenny Zeltser. Learn what malware is, where it comes from, what it does, and how to get rid of it (includes Windows and Unix).
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Bill Blunden. Contains in-depth descriptions of user- and kernel-mode rootkits, including a ton of code examples in C (the book is nearly 900 pages).
- Rootkits: Subverting the Windows Kernel by Greg Hoglund and Jamie Butler. A book that focuses on Windows rootkits – essential reading for both sides of the fence (offensive and defensive).
- Windows Forensic Analysis DVD Toolkit 2nd Edition by Harlan Carvey. Generous amounts of practical forensics knowledge, custom tools written by Harlan, and lots of hands-on examples – required for anyone who needs to protect or investigate computer intrusions.
- Advanced Windows Debugging by Mario Hewardt and Daniel Pravat. Learn to use the Microsoft debuggers to hunt down the sources of resource leaks, memory corruption, and security issues (not about malware, but obviously you can use the knowledge to debug malware).
- Practical Crypography by Niels Ferguson and Bruce Schneier. A good summary of encryption algorithms that anyone in the security field should check out.
- Forensic Discovery by Dan Farmer and Wietse Venema. This is one of the first forensic books I ever read. Its a bit old now, but some of the concepts will never be outdated. I’d still recommend it in the year 2030.
- Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin, Eoghan Casey, and James M. Aquilina. A tool-centric, very enjoyable read for anyone interested in malware.
- The Shellcoder’s Handbook by Jack Koziol et. al and The Shellcoder’s Handbook 2nd Edition by Chris Anley et. al. Great books for learning to read and write shell code, analyze vulnerabilities exploited by malware, or just gain an overall better understanding of assembly language to use with static analysis.
- File System Forensic Analysis by Brian Carrier. An invaluable book for learning how to investigate file systems with The Sleuth Kit and Autopsy. I personally used it to learn how to hunt malware based on MFT data, NTFS streams, and things of that nature, but it includes info on many other file systems.
- The Art of Computer Virus Research and Defense by Peter Szor. A great mix of technical and non-technical knowledge about malware works and how you can detect it.
- Windows NT/2000 Native API Reference by Gary Nebbett. This book is like MSDN for the API functions that Microsoft didn’t document. It comes in handy when programming tools that need to use the Native API or when reversing malware that uses the Native API.
- Windows Internals: Including Windows Server 2003 and Windows Vista, 5th Edition by Mark Russinovich, David A. Solomon, and Alex Ionescu. Lots of technical knowledge and is required for understanding how Windows works.
- Real Digital Forensics: Computer Security and Incident Response by Keith J. Jones, Richard Bejtlich, and Curtis W. Rose. Learn how to investigate intrusions on Unix and Windows based machines through practical examples (the DVD contains evidence files).
- Windows via C/C++ by Jeffrey M. Richter and Christophe Nasarre. I would compare this book to Windows Internals, but instead of just explaining how things work, it shows how to program using the Windows API. Of course, its not a replacement for Windows Internals, but you’ll come out ahead by reading them both.
Hi
Im currently studying the malware cookbook after workhours so this is my post just to say thank you for everything. As versioning of software changes over time so does books. Would be great if you had a dynamic book version also. Thank you.
–
Paul
Hello,
I think is important to have dynamic or electronic copy of this book.
Reasons:
1. I can always use SysInternal ZoomIt to zoom in which give a
better vision to read the contents of the book.
2. E-book can be part of marketing strategy, and I often purchase
physical book via reading ebook at first to gain confidence.
3. I don’t think pirated ebook can corrupts sales, if I were to continue
good informations from the author, I will support by purchasing the
original book.
Hopes, this help.